The main method used for ensuring data security in the cloud is by encryption. Encryption seems like the perfect solution for ensuring data security; however, it is not without its drawbacks. Encryption takes considerably more computational power, and this is multiplied by several factors in the case of databases. Cryptography greatly affects database performance because each time a query is run, a large amount of data must be decrypted; and since the main operation on a database is running queries, the amount of decryption operations quickly become excessive. There are several approaches developed to handle data encryption; each having its own compromises and downsides, some provide better security mechanisms, and some focus on facilitating more operations to the customers. Some of these methods are mentioned below:

Early Approaches

Early approaches have used extensions to the query language that simply applied encryption before writing to the database and apply decryption before reading from the database.

Querying Encrypted Data

There are several methods that were proposed to handle Querying of Encrypted Data, one such method was proposed by Purushothama B.R. and B.B. Amberker . In the proposed scheme, several cryptographic methods were used to encrypt the data in each cell of each table to be stored in the cloud. This requires professionals who have successfully completed cloud training. When a user needs to query this data, the query parameters are encrypted and checked against the stored data. No data decryption is done in the cloud, thus protecting the Authenticity and integrity of the information. When the results of the query is returned (in encrypted form) to the user, the user then decrypts the data and uses it. This scheme also has significant improvements for select queries over previous related schemes.

Key Management

Since encryption is the main method used to ensure data security, naturally we would be faced with the problem of key management. The encryption keys cannot be stored on the cloud, therefore the customer must manage and control a key management system for any cryptographic method used . For simple encryption schemas such as the “Early Approaches” described above, there might not be a problem since a single encryption and decryption key can be used for the entire system.

However, almost any real database requires a more complex system . This simple system to manage keys might even have to take the form of a small database which would have to be a secure local database; which again, may defeat the purpose of moving the original database to the cloud. Clearly Key Management is a real problem for cloud systems using encryption, and recent research has been done on using two-level encryption which allows the Key Management system to be stored in the cloud. This scheme is efficient, and may be the solution to the Key Management problems cloud systems faces; however, it hasn’t yet been applied specifically to database encryption.

Data Splitting

Some methods have been developed that serve as alternatives to encryption. These methods are generally faster than encryption but have their own drawbacks. Data Splitting was initially developed by Divyakant Agrawal and his colleagues.  The idea is to split the data over multiple hosts that cannot communicate with each other; only the owner who can access both hosts can collect and combine the separate datasets to recreate the original. This method is extremely fast compared to encryption but it requires at least two separate, but homogeneous service providers.