Building secure multidimensional data management system

Available online at www.sciencedirect.com Available online at www.sciencedirect.com

ScienceDirect ScienceDirect Procediaonline Computer 00 (2019) 000–000 Available at Science www.sciencedirect.com Procedia Computer Science 00 (2019) 000–000

ScienceDirect

www.elsevier.com/locate/procedia www.elsevier.com/locate/procedia

Procedia Computer Science 145 (2018) 232–237

Postproceedings of the 9th Annual International Conference on Biologically Inspired Cognitive Postproceedings of the 9thBICA Annual International Conference Inspired Cognitive Architectures, 2018 (Ninth Annual MeetingonofBiologically the BICA Society) Architectures, BICA 2018 (Ninth Annual Meeting of the BICA Society)

Building secure multidimensional data management system Building secure multidimensional data management system Andrey Gorlatykh, Sergey Zapechikov* Andrey Gorlatykh, Sergey Zapechikov*

National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Moscow, Russia National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), Moscow, Russia

Abstract Abstract Recently, there had been a significant increase in multidimensional data processing technologies popularity. Different areas use such technologies data aggregation, management and analysis. data At the same time there is significant in areas valueuse of Recently, there hadfor been a significant increase in multidimensional processing technologies popularity.increase Different confidential data. This leadsaggregation, to a contradiction betweenand everanalysis. growingAt value such technologies for data management the and sameimportance time thereofisconfidential significant information increase in and valuelack of of proper data management able to ensure required to ensure privacy of multidimensional confidential data. This leads systems to a contradiction between ever security growing level. value Inability and importance of confidential information and data lack with modern systemssystems prevents usage and secure processing oflevel. such data in large analytical queries. To overcome that,data we of proper datasecurity management able to ensure required security Inability to ensure privacy of multidimensional propose architecture multidimensional dataand management system of fully able toinperform secure processing ofovercome multidimensional with modern securityof systems prevents usage secure processing such data large analytical queries. To that, we data. System consistsofofmultidimensional four main components such as Attribute Service, Access Control and Data propose architecture data management system fully able Proxy-Service, to perform secure processing of Service multidimensional Warehouse. between thosecomponents componentssuch is described with set of security protocols proposed by authors. Moreover, we data. SystemInteraction consists of four main as Attribute Service, Proxy-Service, Access Control Service and Data propose attribute schemebetween for multidimensional dataisindescribed order to ensure from non-authorized to private data. Our Warehouse. Interaction those components with setprotection of security protocols proposedaccess by authors. Moreover, we system allowscheme usage offorcomplex queries over private multidimensional data and thus extends scopeaccess of multidimensional proposewill attribute multidimensional data in order to ensure protection from non-authorized to private data. data Our management systems. system will allow usage of complex queries over private multidimensional data and thus extends scope of multidimensional data management systems. © 2019 The Authors. Published by Elsevier B.V. © 2018 The Authors. by Elsevier B.V. This is an open accessPublished article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/) © 2019 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the the CC scientific committee of the 9th Annual International Conference on Biologically Inspired This is an open access article under BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the scientific committee of the 9th Annual International Conference on Biologically Inspired Cognitive Architectures. Peer-review under responsibility of the scientific committee of the 9th Annual International Conference on Biologically Inspired Cognitive Architectures. Cognitive Architectures. Keywords: Cryptography; Information Security; Multidimensional Data; Data Warehouses; Attribute-Based Encryption Keywords: Cryptography; Information Security; Multidimensional Data; Data Warehouses; Attribute-Based Encryption

* Corresponding author. E-mail address:author. [email protected] * Corresponding E-mail address: [email protected] 1877-0509 © 2019 The Authors. Published by Elsevier B.V. This is an open access under the CC by BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/) 1877-0509 © 2019 The article Authors. Published Elsevier B.V. Peer-review under responsibility of the committee of the(https://creativecommons.org/licenses/by-nc-nd/4.0/) 9th Annual International Conference on Biologically Inspired Cognitive This is an open access article under thescientific CC BY-NC-ND license Architectures. Peer-review under responsibility of the scientific committee of the 9th Annual International Conference on Biologically Inspired Cognitive Architectures. 1877-0509 © 2018 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0/) Peer-review under responsibility of the scientific committee of the 9th Annual International Conference on Biologically Inspired Cognitive Architectures. 10.1016/j.procs.2018.11.044

2

Andrey Gorlatykh et al. / Procedia Computer Science 145 (2018) 232–237 Andrey Gorlatykh / Procedia Computer Science 00 (2019) 000–000

233

1. Introduction Over course of the last years information technologies have become crucial part of human life. Corporations, agricultural holdings and trading companies are widely use informational technologies such as database management services (DBMS) for business automation. Nowadays most common relational DBMS used for transaction accounting and online data collecting along with certain advantages have a number of disadvantages tied with Codd’s relational approach being too restricting. In comparison with multidimensional data structures, fast aggregation requirements are main computational problem of relational approach [1]. For aggregation process acceleration, one should store data in denormalized state, i.e. inefficiently with large data overhead. In order to achieve required performance level, relational data bases require specialized settings and unique ways to build indexes over stored data. SQL restrictions prevent efficient usage of aggregation functions which, in opposite, easily available in systems based on multidimensional data. However, simultaneously with technological advancements in the field of multidimensional data processing number of information threats has grown. As with every other informational technology area, problems of secure data processing quickly become crucial. Nowadays there a no multidimensional systems capable of ensuring high degree of stored data security. Often such systems are computationally inefficient or able to solve only a fraction of security problems [2]. Furthermore, lack of effective complex multidimensional data management solutions slows down proliferation of multidimensional data technologies over different areas of human life. This led to a conclusion about necessity of development of the multidimensional data management systems fully capable of secure data processing. Among all studies in area of secure data management authors highlight the following papers: • CryptDB [3,4]; • Arx [5]; • Oblivious Transfer with Access Control [6,7]. Common problem of the all solutions listed above lies in inability to properly apply them in the case of multidimensional data management. All proposed solutions don’t account features of the multidimensional data structures thus the are unable to provide proper level of security. In order to overcome this problem authors, propose their own solution which is capable to ensure privacy of the stored sensitive data during read/write operations with third party data warehouses. Solution provide reliable multidimensional data management with proper security level of data stored in the system. Proposed solution includes mechanisms of attribute-based access control implemented with usage of cryptographic schemes such as block ciphers and attribute-based encryption schemes [8 – 11]. This paper describes architecture of proposed system. Section 2 contains requirements which must be fulfilled during development in order to achieve reliable levels of security. Further, in section 3 we have general description of prosed system architecture. Sections 4, 5 and 6 contain more detailed info about system components such as Access Service, Proxy-Service and Access Control Service respectively. Conclusion contains main results of the study. 2. System Requirements During design of protected multidimensional data management system, it is necessary to describe requirements for systems of such class. Having such requirement list allows us during final stage to ensure that proposed system architecture fully fulfils listed requirements. In the course of work, we created two subsets of requirements: functional requirements and security requirements. Functional requirements describe set of functions which has to be implemented in system managing multidimensional data. They are listed below: • user accounts management tools: system must have capability of registration, storage and removal of user accounts;

234

Andrey Gorlatykh et al. / Procedia Computer Science 145 (2018) 232–237 Andrey Gorlatykh / Procedia Computer Science 00 (2019) 000–000

3

• query processing tools: system must implement functions which allow properly receive, analyze and process read/write queries from users; • service information storage tools: every component in system use service information in order to properly function during system lifetime. It is necessary for each component to have a way to store such information in designated databases; • data warehouse interaction tools: system must implement function which operate with third-party data warehouses by using its application programming interface (API). Here we describe multidimensional data management system security requirements needed to ensure proper security level of information, stored in system. We propose next security requirements: • user authentication tools: system must possess ways to authenticate user before query processing; • access right management tools: system must ensure protection from non-authorized access to sensitive data, stored in system, by using access control. System must possess some mechanism for restricting access to sensitive data based on user permissions. • secure channel subsystems: all data exchanges between system components must be incapsulated in secure channels. It can be achieved by using modern secure channel protocols such as TLS 2.0/SSL 3.0 etc. • information privacy ensuring: it is necessary to implement set of functions aimed at ensuring of privacy of information, stored in system by using cryptographic functions. • cryptographic functions support: developed system must have cryptographic subsystem whose functions are used during cryptographic transformations of data stored in system. 3. General Architecture According to requirements listed above, we must construct system that would allow secure management of multidimensional data stored in system. It is required to develop system which would allow us to ensure privacy of stored data (from un-authorized access in particular), at the same time considering specific of multidimensional data structures. First, we need to emphasize logical components of the system in order to cover basic functionality of the system. We describe the following logical components: Attribute Service, Proxy-Service, Access Control Service, Data Warehouse. Having such minimal set of components, interacting with each other through security protocols, allows to support required functions while ensuring appropriate security level. Proposed architecture is presented in Figure 1. 3.1. Attribute Service First, we describe Attribute Service. Main purpose of it is based on necessity of storing attribute sets corresponding to users of the system. Moreover, user account management and identification/authentication functions are assigned to this service too. According to proposed data control paradigm, every user has attribute set which allows user to gain access to particular data stored in system. With that it is necessary to link attribute set with corresponding user account data. Thus, as stated in its name, main purpose of attribute service is user attributes management. In addition, service is a source of information about user attribute sets for other components of the systems. Such behavior is required in order for other components to make decisions about allowing or deny access to sensitive data requested by user based on data received from attribute service. From all of the above, we can make conclusion about this service architecture. Component must consist of specialized software capable of attribute information management. In addition, it is necessary to include DBMS which will store information about user accounts and attribute sets. Database which stores information about users and their attributes should have following scheme. including next data tables: • User – table containing basic user account data, such as identificatory and authentication data; • Role – table containing descriptions of roles in the system;

4

Andrey Gorlatykh et al. / Procedia Computer Science 145 (2018) 232–237 Andrey Gorlatykh / Procedia Computer Science 00 (2019) 000–000

235

• Attributes – each row of this table contains attribute set embodied with user; • User Role – table ensuring logical relation User-Role, that is, stores information about user roles, corresponding to particular user; • User attribute – table links user account and corresponding attribute set, stored in data table Attributes. • Software managing user account information must implement next minimal set of functions: • User Registration – software should have functions to create new user accounts; • User Removal – software should have functions to remove user account and all related to it information (such as role membership and attribute set); • Role management – software should have functions to create, store and remove different roles. Moreover, software must have ways to assign role for user account describing allowed user actions across system; • Authentication – software must include subsystems designated to authentication of user accounts, stored in system; • Attribute Assignment – software should have mechanism capable of user attribute assignment for user accounts, stored in system. • Attribute search – software should have functions able to look up information about attribute sets, linked with user account, and send this information to authorized third parties. • Cryptographic functions support – software should have implementation of modern cryptographic schemes used to protect information, stored in system.

Fig. 1. The proposed secure multidimensional data management system architecture

According to purpose of this service, it must be contained in trusted environment. This is due importance of stored information whose leakage can compromise system as a whole. Thus, only users, successfully passed authentication procedure and authorized to have access to the system must communicate with Attribute Service. 3.2. Proxy-Service This component serves as logical core of the system. Main functions of this component are query processing and management of other components. During query processing this service uses cryptographic transformations in order

236

Andrey Gorlatykh et al. / Procedia Computer Science 145 (2018) 232–237 Andrey Gorlatykh / Procedia Computer Science 00 (2019) 000–000

5

to ensure privacy of data, contained in queries. Proxy-service should enable transparent access for user to information stored in data warehouses. After receiving query from the user service perform syntax analysis of it. As a result, service retrieve information about cells user tries to access. This information used by Proxy to make decision about granting access right to user based on user attribute set. In order to achieve this Proxy requests information about user attribute set from Attribute Service and information about cells attribute sets from Access Control Service. Based on this information ProxyService make decision: allow further processing of user query or not. In case of positive outcome, Proxy-Service performs cryptographic transformations over sensitive data stored in user request according to the scheme of the multidimensional hypercube which stores requested information. These transformations ensure privacy of the request and prevent attacker from receiving crucial information about hypercube scheme. In addition, in the case of receiving response from service provider containing encrypted data, proxy-service collects all cryptographic keys necessary to decrypt data and sends them to the user performed request. Thus, Proxy-Service is an aggregation of query processing software and database management software. Database management server stores information about hypercube scheme (containing information about dimensions, measures and hierarchies). In addition, Proxy-Service must store cryptographic keys used during dimensions and measures encryption. This information is used by Proxy Service during process of user query modification in order to hide sensitive information stored in query from the attackers. Software used at this component should have next set of functions: • User request modification: software should include functions which allow system to analyze, modify and process user queries, received by service; • User attribute retrieval: software should have ways to perform requests to Attribute Service in order to retrieve information about user attribute set. • Cell attribute retrieval: software should have ways to perform requests to Access Control Service in order to retrieve information about attribute sets corresponding to cells contained in request; • Access control: software should implement mechanisms of user access control. In order to achieve this Proxy Service should be able make decisions whether user possess set of attributes necessary to get access to data retrievable during query processing. Decision is made based on information from Attribute Service and Access Control Service. • Datawarehouse read/write operations: software should include functions to read/write information, stored in third party data warehouses by using corresponding application programming interface (API). • Key information preparation: function set implemented by Proxy Service software should include ways to obtain key information related to data requested by user and further and send such information to authorized users performing query. • Cryptographic functions support: software should have modern basic cryptographic primitive implemented. This is required for service to ensure privacy of information stored in request by modifying parts of request with cryptographic transformations. Proxy-Service storing leak-sensitive information such as encryption keys used during hypercube scheme preparation must be placed in trusted environment as well. 3.3. Access Control Service Protection from un-authorized access to data stored in system is provided by using attribute-based access control. In order to effectively manage data access, it is necessary to store both information about user attributes (this is stored in Attribute Service) and information about attribute sets for each cell, so called access policies. Exactly for this we propose usage of Access Control Service. Range of tasks for Service includes recording, storage and management of access policies for every hypercube cell. In addition, Service carries out encryption access keys storage and management. During read request processing Access Control Service provides Proxy Service with information required to make decision whether user should be allowed to access requested data. In case

6

Andrey Gorlatykh et al. / Procedia Computer Science 145 (2018) 232–237 Andrey Gorlatykh / Procedia Computer Science 00 (2019) 000–000

237

of positive outcome Access Control Service provides decryption keys necessary to retrieve requested information by user. Thus, for every data cell Access Control Service store access policy presented as attribute set and symmetric encryption key for this cell encrypted using attribute-based encryption scheme. 4. Conclusion We propose solution for protected multidimensional confidential data processing. Solution presented as architecture of system which allows to ensure secure processing of read/write operation of confidential data stored as hypercubes in third party data warehouses. Paper includes descriptions of system components and requirements for each component which should be fulfilled in order to ensure required security level. Proposed solution extends area of usage for multidimensional data management systems and allows application of such systems to sensitive confidential data thus enabling complex analytic query processing over confidential multidimensional data.

Acknowledgements This work was supported by Competitiveness Growth Program of the Federal Autonomous Educational Institution of Higher Education National Research Nuclear University MEPhI (Moscow Engineering Physics Institute). References [1] Codd, E. Providing OLAP (On-line Analytical Processing) to User-Analysts: An IT Mandate / E. Codd, S. Codd, C. Salley // Codd & Date, Inc. 1993. [2] Gorlatykh, A. Challenges of Privacy-Preserving OLAP Techniques / A. Gorlatykh, S. Zapechnikov // Proceedings of the 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus). 2017. [3] Popa R. A. CryptDB: Protecting Confidentiality with Encrypted Query Processing // Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan / In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP). —2011. — Portugal. [4] Popa R. A. Cryptographic treatment of CryptDB's Adjustable Join / R. A. Popa N. Zeldovich // Technical Report MIT-CSAIL-TR-2012-006, Computer Science and Artificial Intelligence Laboratory. 2012. Cambridge. [5] Poddar R. Arx: A DBMS with Semantically Secure Encryption / R. Poddar, T. Boelter, R. A. Popa // In Technical Report No. UCB/EECS2017-111 of University of California, Berkeley. 2006. [6] Camenisch J., Dubovitskaya M., Neven G. Oblivious transfer with access control. Proc. of ACM CCS 09, Chicago, Illinois, USA, November 9-13, 2009. ACM Press. Pp. 131-140. [7] Camenisch J., Dubovitskaya M., Neven G. Unlinkable priced oblivious transfer with rechargeable wallets. Proc. of Financial Cryptography'10. pp. 66-81. [8] Sahai A., Waters B. Fuzzy identity-based encryption. 15 pp. URL: http://eprint.iacr.org/2004/086 [9] Goyal V., Pandey O., Sahai A., Waters B. Attribute-based encryption for fine-grained access control of encrypted data. 28 pp. URL: http://eprint.iacr.org/2006/309 [10] Bethencourt J., Sahai A., Waters B. Ciphertext-policy http://www.cs.utexas.edu/~bwaters/publications/papers/cp-abe.pdf

attribute-based

encryption.

15

pp.

URL:

[11] Lewko, A. Decentralizing Attribute-Based Encryption / A. Lewko, B. Waters // In: Paterson K.G. Advances in Cryptology (EUROCRYPT). Springer. 2011.