Abstract
Several studies have recommended encryption of data for securing Data Warehouse (DW) stored in hostile cloud networks. Most of the published work on encrypted DWs encrypts the DW data while DW Schema, i.e., Fact and Dimension table’s name and their attributes, remain unprotected. Unencrypted DW schema attributes may reveal critical information about the data contents to the cloud administrators or attackers. In this paper, we propose a novel mechanism for encrypting column names of DW’s fact and dimension tables, which in turn protect the revelation of details of interesting columns to the cloud network. For this, we have proposed a customized method for encryption of column names of facts and dimension tables and implemented it in MySQL’s column name restrictions to test its validity. This paper also introduces an Enhanced Encryption Model for Data Warehouse, which provides a complete solution for securing data warehouse. Here, the column name gets encrypted with the help of keys from a secure host without the revelation of security details to the cloud network. It reduces the attacker’s ability to target strategically important columns such as sales figures, cost, etc. As a result, it increases attacker effort by (n – k − W)/(n − k) in case of a weighted column scenario. Here, ‘n’ is the total number of columns, ‘k’, and ‘W’ is the number of unencrypted and encrypted columns, respectively. We have also conducted a performance analysis of the proposed mechanism on the standard TPC-H database for both encryption and decryption cycles.
Similar content being viewed by others
References
Inmon WH (1991) Building the data warehouse. Wiley, New York
Sakr S, Liu A, Batista D, Mohammad A (2011) A survey of large scale data management approaches in cloud environments. IEEE CommunSurv Tutor 13:311–336
Caserta J, Kimball R (1998) The data warehouse ETL toolkit practical techniques for extracting, cleaning, conforming, and delivering data. Wiley, New York
Gosain A, Arora A (2015) Security issues in data warehouse: a systematic review. ProcedComputSci. https://doi.org/10.1016/j.procs.2015.04.164
Oracle (2012) Oracle advanced security transparent data encryption best practices. https://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf. Accessed 09 Oct 2018
Santos RJ, Bernardino J, Vieira M (2012) Evaluating the feasibility issues of data confidentiality solutions from a data warehousing perspective. Lect Notes ComputSci. https://doi.org/10.1007/978-3-642-32584-7_33
Santos RJ, Rasteiro D, Bernardino J, Vieira M (2013) A specific encryption solution for data warehouses. Lect Notes ComputSci. https://doi.org/10.1007/978-3-642-37450-0_6
Lopes CC, Cesário-Times MS et al (2018) An encryption methodology for enabling the use of data warehouses on the cloud. Int J Data Wareh Min 14:38–66
Attasena V, Harbi N, Darmont J (2015) A novel multi-secret sharing approach for secure data warehousing and on-line analysis processing in the cloud. Int J Data Wareh Min 11:22–43
FIPS (2011) Advanced encryption standard (AES), Federal information processing standards 197. https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf. Accessed 09 Oct 2018
Josefsson (2006) RFC4648—The Base16, Base32, and Base64 data encodings. https://www.ietf.org/rfc/rfc4648.txt. Accessed 25 Apr 2018
DuBois P (2008) MySQL. Pearson education, UK
Vieira R (2010) Professional Microsoft SQL server 2008 programming. Wiley, New York
Sandhu R (1995) Issues in RBAC. RBAC’95. https://doi.org/10.1145/270152270157
Thuraisingham B, Iyer S (2007) Extended RBAC—based design and implementation for a secure data warehouse. Int J Bus Intell Data Min. https://doi.org/10.1504/IJBIDM.2007.016379
Emre U, Vijayalakshmi A, Jaideep V et al (2014) Security analysis for temporal role based access control. J ComputSecur 22:961–996
Claffy K, Kenneally E (2010) Dialing privacy and utility: a proposed data-sharing framework to advance internet research. IEEE SecurPriv 8:31–39
Cormode G, Srvastava D (2009) Anonymized data: generation, models, usage. SIGMOD’09. https://doi.org/10.1145/15598451559968
Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 10:557–570
Bhargava B (2000) Security in data warehousing. Lect Notes ComputSci. https://doi.org/10.1007/3-540-44466-1_28
Brightwell M, Smith HE (1997) Using data type-preserving encryption to enhance data warehouse security. In: 20th national information systems security (NISSC): 141–149
Murat K, Clifton C (2004) Privacy-preserving distributed mining of association rules on horizontally partitioned data. IEEE Trans Knowl Data Eng 16:1026–1037
Popa RA, Redfield CMS, Zeldovich N, Balakrishnan H (2011) CryptDB: protecting confidentiality with encrypted query processing. SOSP’11. https://doi.org/10.1145/2043556.2043566
Kadhem H, Amagasa T, Kitagawa H (2009) A novel framework for database security based on mixed cryptography. 2009 Fourth international conference on internet and web applications and services. Doi: 10.1109/ICIW.2009.31
Liu D (2014) Securing outsourced databases in the cloud. SecurPriv Trust Cloud Syst. https://doi.org/10.1007/978-3-642-38586-5_9
Agrawal R, Kiernan J, Srikant R, Xu Y (2004) Order preserving encryption for numeric data. SIGMOD’04. https://doi.org/10.1145/1007568.1007632
Kimball R, Ross M (2002) The data warehouse toolkit: the complete guide to dimensional modelling, 2nd edn. Wiley, New York
Oracle (2018) MYSQL 5.6 Reference manual. https://dev.mysql.com/doc/refman/5.6/en/. Accessed 25 Apr 2018
Oracle (2018) MYSQL 5.7 Reference manual—UTF-8 for metadata. https://dev.mysql.com/doc/refman/5.7/en/charset-metadata.html. Accessed 25 Apr 2018
Oracle (2018) MySQL 5.7 Reference manual—schema object names. In: MySQL 57 Ref. Man. https://dev.mysql.com/doc/refman/5.7/en/identifiers.html. Accessed 25 Apr 2018
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Arora, A., Gosain, A. Mechanism for securing cloud based data warehouse schema. Int. j. inf. tecnol. 13, 171–184 (2021). https://doi.org/10.1007/s41870-020-00546-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-020-00546-1