Claims:The scope of the invention is defined by the following claims:

Claim:
1. A system/method for securing Big Data applications in a distributed environment using cryptographic technique, said system/method comprising the steps of:
a) The Key Generator (1), generates a master secret key for the environment setup.
b) The Data Owner (2) encrypts the user data using FEE and master secret key. Then the encoded data is uploaded into the Jelastic Cloud (4), is used as an IaaS layer.
c) At the receiver side, the encrypted query (5) is given to the cloud, based on the query the cloud will response as an encoded data (6).
d) The secret key is get from key generator to decrypt (7) the encoded data.
2. As mentioned in claim 1, the key generator generates a master secret key to encode and decode the data.
3. As per claim 1, the data owner can encode their data before uploading into the cloud by FEE and HE. The encoded data is uploaded into the Jelastic cloud.
4. According to the claim 1, the end user can send the keyword search query and gets the matched data in encoded form. Finally, the end user needs a secret key to decode the data from the key generator. , Description:Field of Invention
In the contemporary era, big data has become an indispensable technological necessity due to emergence of cloud and distributed programming environments. In the process, there are different tools and techniques from various vendors being used to realize such environments. It has led to security vulnerabilities.
Background of the Invention
The (Aljawarneh et al. [2017], Multimedia Tools and Applications, 76, pp- 22703–22724) defined a method for multimedia content associated with big data. It is an AES based method called as Feistel Encryption Scheme. They intended to run it in IoT applications in future. The (Liang et al. [2016], ISAMSR, pp- 1-7) proposed a security scheme by combing AES and RSA (Chinnasamy et al [2018], Advances in Intelligent Systems and Computing, 145, pp-341-350). The author (Tang et al. [2017], pp-1-6), proposed a security scheme known as Privacy-preserving Fog-assisted Information Sharing (PFIS) scheme which is used safeguard data in healthcare industry. They intended to improve it in future to reduce decryption cost.
Methods are provided for enabling secure big data analytics in the cloud. A method includes reading a secure file, by a Secure Distributed File System in a public cloud service provider. The reading step further includes extracting a security key and encrypted data file names from the metadata using the sharing policy identifier, requesting one or more encrypted data files that form the secure file from a node of the public cloud service provider, and at least one of decrypting and reconstructing plaintext data for the secure file from the one or more encrypted data files (US2017/0076105A1). A method and system for access-controlled decryption in big data stores is provided. In an implementation, a system provides a method for encryption that stores meta-information about sensitive data elements being encrypted in a big data store, such as a Hadoop system, in which the bulk of the data may remain unencrypted (US2015/0026462A1).
The invention discloses a data secure access method used for cloud storage. When storing data, a user terminal divides an original file as a big data block and a small data block, and stores the small data block and file division information at local, the big data block is encrypted and transmitted to a cloud storage system, and encrypted information is stored at local. When retrieving the data, the cloud storage system transmits the encrypted big data block to the user terminal according to a user terminal request, and the user terminal carries out decryption by utilizing the encrypted information stored at local and splices the small data block and the decrypted big data block into the original file according to the file division information (CN2012/102664928A). Systems and methods of securely storing and retrieving data are disclosed. A database may include a table of data with rows and columns and encrypted at rest. The data may be desired to be accessed by users. However, each user may have different access permissions and each row or column may have different characteristics, such as encryption, data type, and/or the like. As such, access to the data may be controlled in according to the characteristics of the data, the access permissions of the user, and/or the encryption of the data. (US2017/0104746A1). Systems and methods for maintaining data security across multiple active domains are presented. Each domain includes a token generator that can generate tokens associated with sensitive data such as credit card numbers. The possibility of token collision is eliminated by a token generation algorithm that embeds a domain designator corresponding to the active domain where the token was created. When multiple tokens represent the same sensitive data, the token manager returns a set of all such tokens found in the data vaults (US2014/8806204B2).
The aim of the invention is to design and implement an integrated security framework that leverages state of the art in protecting big data with its security and privacy mechanisms when the data is at rest, in transit and when data is being analyzed. Here is the objective of the invention. To design and implement an algorithm that uses Homomorphic Encryption based approach to facilitate more flexible encryption that supports efficient search operations and data dynamics on outsourced data.
Summary of the Invention
A flexible encryption scheme based on HE is defined. It is known as Flexible and Efficient Encryption (FEE). This encryption scheme is designed to promote search and data dynamics on encrypted outsourced data without the need for decrypting it explicitly. In other words, the predicate evaluation mechanisms of the FEE support direct modifications on the encrypted data. This feature is invaluable to data owners in cloud computing environments as they can have manipulated encrypted outsourced data and perform efficient search operations. The scheme is evaluated using MySQL and MongoDB residing in Jelastic cloud. The experimental results showed that FEE is better than baseline approach.
Brief description of Drawing
In the figure which are illustrate exemplary embodiments of the invention.
Figure 1, Architecture of the proposed system for big data security in distributed environment
Detailed Description of the Invention
Big data is available in heterogeneous forms like unstructured data, semi-structured data and structured data. The first two forms exist in the form of files while the structured data is essentially in tabular format as such data is stored in relational databases. Relational database is subjected to modifications from time to time as it holds business data of data to day transactions. Data owner or data provider not only needs to store it encrypted format but also needs to perform data dynamics such as search on encrypted data and direct changes made to cipher text. It needs different kind of encryption known as Homomorphic Encryption (HE). A security scheme named Flexible and Efficient Encryption (FEE) is defined and presented in this chapter to enhance flexible data dynamics and leverage state of the art while the preceding chapter focused on protecting unstructured data.
The precise problem definition is “provided structured data, develop an encryption algorithm that enhances flexibility in data dynamics and search over encrypted data”. The problem with conventional cryptographic primitives is that they do not think about the flexibility in data dynamics. In other words, they are just meant for encryption and decryption leading to issues to data owners while making changes to cipher text and searching for data directly on encrypted data. This drawback is overcome with the proposed framework besides leveraging flexible predicate operations for data dynamics. Thus, the framework supports encrypted storage, search on encrypted data and modifications on cipher text. Thus, it is capable of improving data management besides providing secure end to end communications. These advantages motivate towards the holistic approach to big data security.
The framework described here is based on the Fig: 3.1 of the preceding chapter where a need was found to have an end to end secure communications besides the need for a holistic approach towards big data security. The framework is essentially based on FHE that has improved capabilities over HE. The framework is designed to support flexible encryption, decryption, and dynamic and direct search and data modifications made directly on the outsourced data. CSP holds the data in the form of different databases. In this case, enterprise MY SQL that is part of Jelastic cloud is used for storage, search and data dynamics. This will enable data owners to have seamless operations on cipher text sans decryption and making search and data modifications. Referring back to Fig: 3.1, different parties are involved in distributed environments such as data owner, data user and CSP.
An algorithm is designed to support intended operations. Before sending data to cloud, with respect to structured data, data owner encrypts data and saves the same to cloud infrastructure. Then data owner may want arbitrary changes to encrypted data or perform search queries so as to obtain desired data. Data owner in some cases may allow other users known as data users to access the outsourced data. In such cases, it is essential to share keys securely. When data is obtained from cloud server, the results come in the form of encrypted data and that needs to be decrypted by the client program. A client program is made using Java language with graphical interface which is intuitive in nature. The prototype supports all intended operations without having users to have expertise in either cryptography or Java. In the proposed framework, CSP is an entity that is crucial for the whole environment and computing resources. Jelastic IaaS is used for cloud storage and data management. As the system is depending on FHE, an algorithm is designed to support the intended functions of the prototype.
4 Claims & 1 Figure