A Solution for Privacy-Preserving and Security in Cloud for Document Oriented Data (By Using NoSQL Database)

Cloud computing delivers massively scalable computing resources as a service with Internet based technologies those can share resources within the cloud users. The cloud offers various types of services that majorly include infrastructure as services, platform as a service, and software as a service and security as a services and deployment model as well. The foremost issues in cloud data security include data security and user privacy, data protection, data availability, data location, and secure transmission. In now day, preserving-privacy of data and user, and manipulating query from big-data is the most challenging problem in the cloud. So many researches were conducted on privacy preserving techniques for sharing data and access control; secure searching on encrypted data and verification of data integrity. This work included preserving-privacy of document oriented data security, user privacy in the three phases those are data security at rest, at process and at transit by using Full Homomorphic encryption and decryption scheme to achieve afore most mentioned goal. This work implemented on document oriented data only by using NoSQL database and the encryption/decryption algorithm such as RSA and Paillier’s cryptosystem in Java package with MongoDB, Apache Tomcat Server 9.1, Python, Amazon Web Service mLab for MongoDB as remote server.

considered personal information under the Privacy Act 1993. Agencies must carefully review and consider the implications accepting a service provider's privacy [10,11].
Privacy-preserving concerns arise whenever sensitive data is outsourced to the cloud where the data is processed and stored. By using encryption, the cloud server (i.e. its administrator) is prevented from learning content in the outsourced databases. But how can we also prevent a local administrator from learning the database content. To prevent data content from local and remote users, the system has to restrict user roles at application level as well as server level by providing user authorization and authentication techniques. The fact that users no longer have physical possession of the outsourced data makes it a formidable task to achieve the data confidentiality and integrity. As the data, in most cases encrypted, have to be not only stored, but also processed in clouds, the cryptography-based data confidentiality and integrity protection approaches are not adequate to satisfy the security requirements. Privacy preserving in cloud environments includes two aspects: data processing security and data storage security. Data processing security covers the issues of how to protect user privacy at runtime in a virtualized cloud platform. Data storage security covers the issues of guaranteeing user data privacy when the data is stored in data center.

Data Security
The meaning of security is plentiful. Security is the combination of confidentiality, the prevention of the unauthorized disclosure of information, integrity, the prevention of the unauthorized amendment or deletion of information, and availability, the prevention of unauthorized withholding of information [12]. Security plays a critical role in the current era of long dreamed vision of computing as a utility. It can be divided into four sub categories: safety mechanisms, cloud server monitoring or tracing, data confidentiality, and avoiding malicious insiders' illegal operations and service hijacking. In short, the foremost issues in cloud data security include data privacy, data protection, data availability, data location, and secure transmission. The security challenges in the cloud include threats, data loss, service disruption, outside malicious attacks, and multitenancy issues [13]. To prevent the tenants' privacy data leakage in the cloud data security has the following techniques;  Data Encryption, it can effectively prevent the leakage of data and user privacy in cloud but the efficiency of the cipher-text processing is low.  Anonymity, it protects the privacy of user and data through generalization. Generalization has acceptable efficiency, but it may result data loss.  Data fragmentation, it separates attributes which would leak tenants' privacy together into distinct table and hides the relationships between tables. It does not loss data and its executing efficiency is better than data encryption, but it is not applicable for the structure of document.

Data Integrity
Data integrity is one of the most critical elements in any information system. Generally, data integrity means protecting data from unauthorized deletion, modification, or fabrication. Managing entity's admittance and rights to specific enterprise resources ensures that valuable data and services are not abused, misappropriated, or stolen. Data integrity in the cloud system means preserving information integrity. The data should not be lost or modified by unauthorized users. Data integrity is the basis to provide cloud computing service such as SaaS, PaaS, and IaaS [12].

Data Confidentiality
Data confidentiality is important for users to store their private or confidential data in the cloud. Authentication and access control strategies are used to ensure data confidentiality. The data confidentiality, authentication, and access control issues in cloud computing could be addressed by increasing the cloud reliability and trustworthiness [12]. Data Protection to Minimize Data Security Risks In cloud computing technology, data should be protected from different users, service providers and from so many different types of illegal data accessing actions to preserve privacy and security of data in the cloud by taking the following methods [14].
 Maintaining data integrity, it ensures that data at the rest are not subject to unauthorized accessing. Multitenancy is the core technological approach for creating efficiencies in the cloud, but the technology, if implemented or maintained improperly, can put a cloud users' data at risk of hijacking, corruption, and unauthorized access. A cloud user should expect contractual provisions obligating a cloud provider to protect its data and the user ultimately may be entitled to some sort of contract remedy if data integrity is not maintained.  Accessibility and availability of data, cloud providers long-term viability will be connected to its ability to provide its customers with almost continual access to their services, data, and resources.  Disaster recovery, cloud providers should control and manages the user's data stored in cloud server and be able to recover lost data from backup.  Viability of the cloud providers, it includes several aspects of the cloud, such as technical capacity of providers, economical capacity, data recovery skills, awareness of their virtual machines, data locations, data segregation, privileging user access, limiting themselves from taking any types of data manipulations, protecting their system from different types of malicious attacks and so on.  Outsourcing encrypted data to cloud providers to preserve privacy of outgoing data on the way to service provider server  Searching query in secure manner, user also has to search their queries in a secure manner and according to the privilege given from cloud providers.

Document Oriented Database
A document-oriented database or document store is designed for storing, retrieving and managing documentoriented information, also known as semi-structured data. Document-oriented databases are one of the main categories of NoSQL databases [15]. It is more and more difficult to deal with big data and high concurrency data for traditional RDBMS in the cloud storage. NoSQL database has been popular in cloud storage, and a documented oriented database also has attracted much attention as a kind of NoSQL database. In today world, more organizations and enterprises deploy their data in a document oriented database. Now a day, the rapid development of data science beside to IT technology, it classifies data into three main classes such as structured data, semi-structured data, and unstructured data those are more complicated and impracticable in relational database environments. Conventional relational database system use two-dimensional table for data creation with properties like transactions, complex SQL queries, and multi-table related query. However, multi-table queries are not effective for huge data queries. Scalability in relational databases requires powerful servers that are both expensive and difficult to handle. NoSQL provides the flexibility to store entire data in terms of documents Instead of the conventional method of a table row-column. NoSQL is extensively useful when we need to access and analyze huge amounts of unstructured data or data that's stored remotely on multiple virtual servers [16]. There are four different NoSQL databases: 1. Key-value stores: key-value store is a system that stores values indexed for retrieval by keys. These systems can hold structured or unstructured data and can easily be distributed to a cluster or a collection of nodes as in Amazon's DynamoDB and Project Voldemort. 2. Column-oriented databases: Column-oriented database is a system that stores data in the whole column instead of a row, which minimizes disk access compared to a heavily structured table of columns and rows with uniform sized fields for each record as in HBase and Cassandra. 3. Document-based stores: These databases store data and organize them as document collections, instead of structured tables with uniform sized fields for each record. With this database, users can add any number of fields of any length to a document as implemented in Couch DB, Mongo DB. 4. Graph databases: These databases use nodes, edges, and properties to represent and store data in the form of graphs. It is possible to represent data as a graph-like structure, which can be easily traversed as in Allegro Graph and Neo4j. NoSQL databases offer several benefits over relational databases, including:  Reduced complexity. The rich feature set and strict ACID properties of relational databases may not be necessary for some data sets.  Higher throughput. Cassandra writes 2,500 times faster into a 50GB database than MySQL [17]. BigTable can process 20 petabytes per day [39].  High degree of scalability on commodity hardware. NoSQL databases do not rely on highly available hardware and are designed to handle failure efficiently. Data can be partitioned across hardware more efficiently than relational database sharding. Hardware nodes can be added and removed relatively easily.  More flexible data model. NoSQL databases are not restricted to the relational data model which can be inefficient for unstructured data sets. While NoSQL databases address some problems with the relational model, they also present their own set of problems. Most notable is the weaker guarantees offered by NoSQL must balance consistency, availability, and partition tolerance and that strong forms of all three properties cannot be achieved simultaneously [18,19]. NoSQL databases generally sacrifice consistency for increased availability and partition tolerance. In contrast to ACID properties provided by relational databases, many NoSQL systems claim to provide BASE properties basically available, soft state, eventually consistent. Another weakness of NoSQL databases is the lack of a common interface like Structured Query Language (SQL). SQL simplifies and standardizes database manipulation in relational databases. NoSQL databases each have a unique programming interface that uses a high-level procedural language (e.g., Java) and requires more complex programming than SQL to perform the same task.

OUTLINED SOLUTION FOR PROPOSED SYSTEM
For data privacy and user privacy, a solution of data storage, virtualization, and security of virtual machine, data 11 manipulation and query are presented in this project. In this project the main database file is stored in MongoDB with a key/value pair which is a typical NoSQL database structure and is encrypted with built-in AES encryption algorithm. The plain Text is encrypted by using Paillier's encryption scheme which is additive homomorphic cryptosystem. For the purpose of security and privacy of data as well as user during data transmission, the TLS/SSL which is Transport Layer Secure or Secure Socket Layer standard security protocol is used to keep internet connection secure and safeguard for any sensitive that is being sent between two parties by making most trusted end-to-end communication, encrypting data and authenticating data in transmission channels. Here to prepare certificate RSA encryption scheme is used and configured with Tomcat web server and windows server 2012 to make HTTP protocol secure which is HTTPS.

Security Components of Cloud System and Its Risks
The components of cloud security are cloud service provider, cloud broker, data owner and cloud data consumers.
A. Security Risks of Cloud Computing There are several security risks presented by cloud computing. The following risks are identified by the Cloud Security Alliance (CSA), which is a nonprofit organization established to define parameters for security guidance in cloud computing [20].
 Data breaches: Attackers may take advantage of a customer's poorly designed database and might get to every client's data.  Data loss: Several issues may cause data loss such as attackers, careless service providers, or disasters.  Account or service traffic hijacking: Many malicious actions by attackers can be achieved in this area; some examples are as follows such as gain access to customers' credentials, manipulate data, redirect clients to illegitimate sites and make the customer's accounts a new base for launching other subsequent attacks.  Insecure interfaces and APIs: IT administrators depend on interfaces for cloud management and monitoring. APIs are integral to security and availability of general cloud services. Therefore, third parties and organizations on many occasions are known to build on these interfaces and inject advertising services or other software.  Denial of service (DoS) attacks: DoS attacks can cause availability issues to one or more services. DoS attacks can cost service providers customers and can cost customers significant losses.  Malicious insiders: This can be employees with the cloud service providers or contractors with malicious purposes who may cause damage to both the customers and the cloud service provider.  Cloud abuse: There are many examples of cloud abuse: A customer using the cloud service to break an encryption key too difficult to crack on a standard computer and a customer planning to launch a (DoS) attack, spread malware or any illegal activity.  Organizations adopting cloud technologies without understanding the associated risks: Before the adoption of cloud services, organizations must understand and identify the cloud computing security risks, and make a rational decision on whether the organization should take advantage of cloud computing technologies or not. This should include how optimal benefits can be obtained by cloud computing, and what security precautions must be taken. B. Shared technology vulnerabilities This threat exists at every type of the delivery model for a cloud service provider where a compromised component such as software, a platform, or infrastructure which can affect the whole environment. Cloud computing involves even more security risks and the security risks mentioned above are just the most common. Other types of security risks related to ownership of data, shared access, isolation failure, and virtual exploits also exist [21].

Data Security
Security can be defined as state of freedom from a danger, risk or attack. Information security can be defined as the task of guarding information which is processed by a server, stored on a storage device, and transmitted over a network like Local Area Network or the public Internet. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction [4].  AAA stands for Authentication, Authorization and Accounting. It is a set of primary concepts that aid in understanding computer and network security as well as access control. These concepts are used daily to protect property, data, and systems from intentional or even unintentional damage. And secondly it is used to support the Confidentiality, Integrity, and Availability (CIA) security concept.  Confidentiality: The term confidentiality means that the data which is confidential should remain confidential.
In other words, confidentiality means secret should stay secret.  Integrity: The term integrity means that the data being worked with is the correct data, which is not tampered or altered.  Availability: The term availability means that the data user need should always be available to user.  Authentication provides a way of identifying a user, typically requiring a User-id or Password inputs before granting a session. Authentication process controls access by requiring valid user credentials.  Authorization is the process that determines whether the user has the authority to carry out a specific task.
Authorization controls access to the resources after the user has been authenticated.  Accounting keeps track of the activities the user has performed in the server.

Data Protection in the Cloud Environment 3.3.1 Data at Rest:
The data at rest refers data that has been saved to database in permanent storages. Generally, data at rest is encrypted by a symmetric key [22]. Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses applications such as disk encryption software or hardware tools to encrypt every bit of data that goes on a disk or disk volume. It is used to prevent unauthorized access to data storage. Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into cipher-text that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially malicious intentions. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as meaningless encrypted data is of little to no use for hackers.

Data in Process
In the case of data in use, data is more vulnerable to network based attaches and threats that can cause various types of problems and risks up on the system. Here to bring the security in the cloud environment, the data owner as well as cloud providers should control the access as tightly as possible and incorporate some types of authentication to ensure that all stakeholders are using, accessing and manipulating data in the proper manner. The major actions the user has to take is frequently tracking and reporting the relevant information in proactive manner to detect suspicious activity, diagnose the potential threats and disabled accounts and attacked data to improve the security of the system [8].

Data in Transit
The TCP/IP protocol suite does not have any in-built mechanism for the protection of moving data. Protection of Data, when moving in network is crucial in computer networking. IPSec Protocol Suite provides security to the network traffic by ensuring Data Confidentiality, Data Integrity, Sender and Recipient Authentication and Replay Protection [23]. Some network threats which are mitigated by using IPSec are data corruption in traffic, data theft in traffic, passwords and account theft and network based attacks. IPSec Protocol Suite is based on Internet Engineering Task Force (IETF) standards. Since IPSec is an IETF standard, we can have interoperability between different Firewall, Router and Operating System vendors. We can use IPSec to create VPN tunnels between devices made by different vendors like Cisco, Juniper, Microsoft, RedHat, Checkpoint, Palo Alto, ...etc. IPSec (Internet Protocol Security) provides protection to Network Data Traffic (Primary Goals of IPSec) in four different ways listed below. 1) Confidentiality: The Data in network traffic must be available only to the intended recipient. In other words, the Data in network traffic must not be available to anyone else other than the intended recipient. IPSec provides Data Confidentiality to Data by encrypting it during its journey. 2) Integrity: The Data in network traffic must not be altered while in network. In other words, the Data which is received by the recipient must be exactly same as the Data sent from the Sender. IPSec (Internet Protocol Security) provides Data Integrity by using Hashing Algorithms. 3) Authentication: Sender and the Recipient must prove their identity with each other. IPSec provides Authentication services by using Digital Certificates or Pre-Shared keys. 4) Protection against Re-play Attacks: Network Re-play attacks also called as man-in-the-middle attack which allows an attacker to spy the network traffic between a sending device and a receiving device. Later, the Re-play attacker uses the information he gained illegally for fake authentication, fake authorization or to duplicate a transaction. IPSec protects against Re-play attack by using sequence of numbers which are built into the IPSec packets. By using this sequence numbers, IPSec can identify the packets which it has already seen [9].

User Privacy Preserving and Data Security Approaches
There are two approaches those are used to keep security and preserve privacy of data and user of data within the cloud system.

A. End-to-End Encryption (Data-OwnerInternetCloud StorageData User)
This approach is most preferable and most secured way of cloud data communication and it preserves the privacy of data and user from source to destination of the data because the data is remain encrypted within Internet and cloud storage that prevents unauthorized access of data and even cloud vendors cannot access the data. Here, the data is decrypted only on the user side since the user owns the private key and can decrypt the data and can use data for his/her business purpose. So it is called end-to-end encryption of data as shown Figure 3.1 below.  This approach also used to encrypt data up to cloud system and decrypts data, then stores the decrypted data in the cloud storage so the cloud vendor and unauthorized user can access and manipulated the data easily because it is non-encrypted. Finally the end users access the decrypted, which is not secured by the cloud system as shown

Proposed System and Its Model
The Figure 3.3 shows the general architecture of the proposed work and its details is explained as follow:

Contributions of the proposed system and Components
The proposed system has four major components, these are listed as follows, such as data owner, cloud administration, data consumer or customer and cloud authorizer system. This system more deeply explains, investigates and implements the document oriented data in cloud by using MongoDB, security issues of data and user in cloud computing, preserves the privacy of user and data in cloud in the two techniques such Data privacy at storage and data privacy in process /transit, resolves the storage problems in cloud by applying virtualization techniques to create virtualized environment, data encryption and data decryption processes and lastly proffers secure data access techniques and procedures with testing tools.

Data Security and Homomorphic Cryptosystem 3.7.1 RSA Cryptosystem
This cryptosystem is one of the initial cryptosystem and it remains most employed cryptosystem even today. The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman of MIT in 1977, and hence, it is termed as RSA cryptosystem. We will see two aspects of the RSA cryptosystem, firstly generation of key pair and secondly encryption-decryption algorithms [24,25].

Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to generate a pair of keys, namely public key and private key. The process followed in the generation of keys is described below,  Generate the RSA modulus (n): Select two large primes, p and q. Computing their system modulus N=p*q. For strong unbreakable encryption, let N be a large number, typically a minimum of 512 bits. Note that, Ø (N) = (p-1)(q-1)  Find Derived Number (e): selecting at random the encryption key e where 1<e< Ø (N), gcd(e, Ø(N))=1.
Number e must be greater than 1 and less than (p − 1)(q − 1). There must be no common factor for e and (p − 1)(q − 1) except for 1.  In other words two numbers e and (p -1)(q -1) are co-prime.  Form the public key  The pair of numbers (N, e) forms the RSA public key and is made public. Interestingly, though n is part of the public key, difficulty in factorizing a large prime number ensures that attacker cannot find in finite time the two primes (p & q) used to obtain n. This is strength of RSA.  Generate the private key: solve following equation to find decryption key d e*d=1 mod Ø (N) and 0≤d≤N Private Key d is calculated from p, q, and e. For given N and e, there is unique number d. Number d is the inverse of e mod (p -1)(q -1). This means that d is the number less than (p -1)(q -1) such that when multiplied by e, it is equal to 1 modulo (p -1)(q -1). This relationship is written mathematically as follows, e*d = 1 mod (p − 1)(q − 1). The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output. And lastly publish their public encryption key: PUBK={e,N} and keep secret private decryption key: PRK= {d, p, q} Encryption Data: To encrypt a message M the sender, and it obtains public key of recipient PUBK={e,N}, lastly, Computes: C=M e mod N, where 0≤M<N Decryption: To decrypt the ciphertext C the owner and it uses their private key KR={d, p, q} Computes: M=C d mod N, note that the message M must be smaller than the modulus N block if needed [26,27].

Paillier's Additive Homomorphic Cryptosystem and Self-Blinding Pascal Paillier's introduced his cryptosystem in 1999 published Public-Key Cryptosystem based on Composite Degree Residuosity Classes [28] [29].
a. Definition of Paillier's Cryptosystem It is one of asymmetric encryption and decryption algorithm which is an additive homomorphic scheme; this means that given only the public key and the encryption of M1 and M2, one can compute the encryption of M1 + M2. Like other the cryptosystem such as RSA and Elgamal, it also follows key generation procedures by taking two prime numbers p and q and chooses one random integer g, that g ε Z * n 2 ( i.e., g in invertible modulo n 2 ) such that n and L(g λ mod n 2 ). L: Z * n 2 Zn, u ↦ u-1) /n and λ denotes the Carmichael functions λ(p*q) = lcm(p-1,q-1). The public key is the tuple (n, g ) and the secret or private key are the two prime factors (p, q). So the more details of key generation and algorithms are explained as follows: b. Paillier's Algorithm and key derivation procedures To understand how Paillier's Cryptosystem, one should have knowledge on the following basic mathematical concepts and theorems. 1.
Greater common divisor (gcd) of two or more non-zero integers is the largest positive integer that divides the numbers without a remainder. The gcd of a and b is written as gcd (a, b) or sometimes simply as (a, b). Two numbers are called coprime or relatively prime if their gcd is equaled to 1.

2.
Least common multiple (lcm) of two or more non-zero integers is the smallest integer that is divisible by every member of a set numbers without a remainder. It is a remarkable fact ab = lcm (a, b)*gcd (a, b), thus lcm  (a, b) = (a*b)/gcd(a, b), this fact is can easily be seen that gcd (a, b) is product of the common prime factors of a*b, and the remaining factors would results lcm(a, b). 3.
Euler's Totient function (Ø function). The Totient of a positive integer n is defined to be the number of positive integers less than or equal to n that are coprime to n. If n is factorized to distinct prime numbers p and q, then Ø (n) = (p-1)*(q-1).

5.
The modular multiplicative inverse of an integer α modulo m is an integer x such that α -1 = x mod m, this is equivalent with αx = 1 mod m. Notice: the multiplicative inverse of α modulo m exists if and only if α and m are coprime (gcd (α, m) =1).

Zn -set of integers Zn * -set of integers coprime to n, this set consists of Ø (n) numbers of integers Z * n 2 -set of integers coprime to n 2 , this set consists of nØ(n) number of integers.
Key generation Choose two large prime numbers p and q randomly and independently of each other such that gcd (p*q, (p-1)*(q-1)), this property is assured if both primes are of equal length. Compute n = p*q and λ = lcm(p-1)*(q-1) and Select random integer g where gε Z * n 2 Order of g is multiple of n in Z * n 2 , Z * n 2 is a unit or invertible elements of Z * n 2 Ensure n divides the order of g by checking the existence of the following modular multiplicative inverse: µ =(L(g λ mod n 2 )) -1 mod n, where function L is defined as L(x) = x-1 /n . Note that the notation a/b does not denote the modular multiplication of a multiple of the modular multiplicative inverse of b but rather the quotient of a divided by b, i.e., the largest integer value v>=0 to satisfy the relation a>=v*b. The public (encryption) key is (n, g) and the private (decryption) key is (λ, µ). If using p, q of equivalent length, a simpler variant of the above key generation steps would be to set g = n +1, and λ = Ø(n), µ = Ø(n) -1 mod n, where Ø(n) = (p-1)*(q-1). Encryption Let M be a message to be encrypted where M ε Zn and Select random r where r ε Z * n, Compute ciphertext as: C = g M *r n mod n 2 Decryption Let C be the ciphertext to decrypt, where Cε Z * n 2 and Compute the plaintext message as, M = L(C λ mod n 2 ) * µ mod n where as µ = ((p-1) * (q-1)) -1 mod n. c. Homomorphic addition of plaintexts A notable feature of the Paillier's cryptosystem is its homomorphic properties along with its non-deterministic encryption. As the encryption function is additively homomorphic, the following identities can be described:  Multiplying encrypted messages results in the addition of the original plain Texts mod n, that means the product of two ciphertexts will decrypt to the sum of their corresponding plaintexts,
d. Homomorphic multiplication of plaintexts An encrypted plaintext raised to the power of another plaintext will decrypt to the product of the two plaintexts, the Paillier's cryptosystem takes full advantages of Carmicheal's Theorem, as evident in the following properties. Note: D(u) means decryption u, E(u) means encryption u. D(E(M1, r1) M2 ) mod n 2 ) = M1*M2 mod n and D(E(M2, r2) M1 ) mod n 2 ) = M1*M2 mod n Property 1: Formally: D[E(M1) *(M2) mod n 2 ] = M1 + M2 mod n, Proof: let C1 = g M1 *r1 n mod n 2 , C2 = g M2 *r2 n mod n 2 , then C1* C2 = (g M1 *r1 n mod n 2 ) *(g M2 *r2 n mod n 2 ) = [g M1 * g M2 * r1 n * r2 n ] mod n 2 = [g M1 + M2 *( r1 * r2) n ] mod n 2 , here both r1,r2 ε Z * n and also r1*r2 εZ * n , so this the encryption of a new message, M1 + M2, the random elements r1*r2. Decrypting the product of C1 and C2 begins by raising (C1* C2) to the λ(n) which is more explained as follows, (C1* C2) λ(n) = g λ(n)(M1 + M2) *(( r1 * r2) n* λ(n) ) = g λ(n)(M1 + M2) mod n 2 by Carmicheal's Theorem. It is still true that (1 + n) }, so completing decryption process by multiplying by µ yields M1 + M2 mod n. Property 2: A full encryption of the second message is, in truth, un-needed in the above property and the r n calculation in the second encryption can be left out while attaining the same results. Formally: D(E(M1)* g M2 mod n 2 ) = M1 + M2 mod n or it will give the next formula after applying random number r, D(E(M1, r1) * g M2 mod n 2 ) = M1 + M2 mod n Proof: let C1 = g M1 *r1 n mod n 2 , here take into account g M2 , Their product is, C1* g M2 = (g M1 *r1 n ) * g M2 mod n 2 = g M1 + M2 * r1 n mod n 2 Notice: The right-hand side is, as far as decryption is concerned, exactly the same as the above right-hand side. There is g raised to the (M1 + M2) power, and an element of Zn * raised to n, if this element contains r1, r2, r1*r2, or some other ri, it does not matter, because in the first step of decryption, this element is raised to the λ(n)*n power, and yields one by Carmicheal's Theorem: (C1* g M2 ) λ(n) = g λ(n)(M1 + M2) * r1 n λ(n) = g λ(n)*(M1 + M2) mod n 2 At this point, it should be clear that the right-hand side is exactly identical to the right-hand side of raising (C1* C2) to the λ(n) in the above property, and so the rest of the decryption process is identical and so it is omitted. The result of continuing decryption from this point will give the same result as above and the result will be (M1 + M2) mod n, thus making the decryption of the product of an encrypted message with a message essentially encrypted with r = 1 and still it is, M1 + M2. Corollary to property 2: Self-blinding process In this technique, one can change the ciphertext without affecting the original value of the plain text and it is used to identify error in between original ciphertext C and self-blinded ciphertext C', so after decryption process both C and C' should result in the same plain text unless there will probably error within C and C' [30].

Formally: D[E(M)*g n*x mod n 2 ] = n*x + M = M mod n
Proof: This is direct proof from property 2 by letting M1 = M, and M2 = n*x. Notice: The final calculation in decrypting the message in Paillier's Cryptosystem is done mod n, and the messages must be broken into blocks such that each blocks, M ε Zn. Here one does not take care of the final reduction of n*x, and no need of decrypting M2 because it is work for n*x not an element of Zn. The original ciphertext, C, becomes completely different ciphertext, C' = C* g n*x mod n 2 , but because of n*x = 0 mod n, the original message, M, is still as it is after the decryption of ciphertext C'. Eventually, if C and C' are sent over a channel, where C' is a self-blinded copy of C, then the transmission error can be identified if C and C' do not decrypt to the same plain text message. Property 3: Raising a cipher text to constant power yields the constant multiple of the original plain text.
Step 3: Choose the semi-random variable 'g' Step 4: Calculate the encrypted values for each participant by using the given formula.

Implementation of Encryption Algorithms on Document Data 4.1 Security of Data at Rest
Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into cipher-text that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially malicious intentions. Here the document encryption is carried out by built-in AES algorithm. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as meaningless encrypted data is of little to no use for hackers [31].

Data security in process
In the case of data in use, data is more vulnerable to network based attaches and threats that can cause various types of problems and risks up on the system. Here to bring the security in the cloud environment, the data owner as well as cloud providers should control the access as tightly as possible and incorporate some types of authentication to ensure that all stakeholders are using, accessing and manipulating data in the proper manner. The major actions the user has to take is frequently tracking and reporting the relevant information in proactive manner to detect suspicious activity, diagnose the potential threats and disabled accounts and attacked data to improve the security of the system [31].

Configuring Security Constraint for Applications
 Authentication Configuration of security realm in tomcat-user.xml file Security Realm is context that maintains username, password which could be validated while performing authentication while the user is trying to access the web applications in Apache Tomcat web server.

 Authorization:
Authorization is used to check the access permissions of the user to access certain resources of the application by assigning access permission to user roles, especially in web applications to limit access to resources.

Experimental Design and Setup
These all experiments are conducted on document oriented data in NoSQL database system on Windows 10. The project work implemented on the Full Homomorphic (Pailliar's cryptosystem and RSA) encryption and decryption scheme to preserve privacy and security of the unstructured document data specially JSON data in the MongoDB 3.2.0 Server. All these experiments of solutions are carried out on Java programming language with JDK 1.8, Python 3.2.0 and the web server with Apache Tomcat 9.0. The prototype system ran on Laptop computer with Intel CORE i3 2.0 GHz processor, 1TB Hard Disk and 4GB Memory and lastly this project is implemented on Amazon Web Service mLab for MongoDB as cloud data storage.

Experiment Results and Performance of Algorithms
These experiments have been done to test the privacy preserving and security of input data in this project work solution. The experiment was done to verify the security level the encryption/decryption processes, public and private key generation process, time complexity and space complexity.

Security Performance of RSA Cryptosystem
This project work randomly Sampled data to Generate Public and Private Key in RSA: here the size of the data is randomly selected to generate both the public keys (e, N) and private (p, q, d) keys in RSA cryptosystem.

Performance of Data Encryption in RSA Algorithm
As shown on Figure 5.1, the values of N is rapidly increases with big integer values intervals while the values of e is increases steadily for a given small size plain text data and finally output which is cipher text also increases rapidly as the value of N increases. Generally, as analyzed in this paper work below the size of output increases, the data encryption time increases and more memory place to cipher text is required as the size of key increases.

Performance of Data Decryption in RSA Algorithm
As shown on Figure 5.2, decryption process in RSA is inverse of encryption process in RSA, here the decrypting data takes less time, and plain text takes less memory place even if the value of all private key increases or regardless of decryption key sizes.

Security Analysis of Paillier's Cryptosystem
Paillier's cryptosystem is a homomorphic cryptosystem in which this paper work performed arithmetic operations on the cipher text. In this case we can take two numbers (A and B) and use a public key to make them into ciphertext values. Again we can add the cipher values to get sum of ciphertexts and when we decrypt the sum of ciphertexts, it yield the sum of the two plaintexts value. This also works for multiplication. In real applications, the modulus N and decryption key d are both hundreds of digits long and the smaller the encryption or decryption keys, the less time to perform encryption and decryption operation.

Conclusion and Future Works
This paper work most deeply investigated the areas of cloud computing, its components, architectures, functions and security requirements as well its techniques how to implement and secure the cloud data, its delivery models, services and IT industries those are providing cloud services. Next to this, the concentration of this paper work is privacy preserving and security issue regarding user privacy, data privacy within cloud computing environments. Here to ensure the privacy and security of data as well user privacy, this paper work put into practice, the End -to-End data encryption approach by applying homomorphic encryption scheme for encryption and decryption process and RSA digital certificate to create the TLS/SSL certificate to make secure and encrypted communication between client machine and web server by providing user privacy via authentication and authorization of users to access resources within server in areas of public key infrastructure. Finally, this paper work implemented unstructured document data in the cloud by using MongoDB as local database server and Amazon Web Service mLab for MongoDB is Database as a Service in the cloud as a data storage. And these all experiments were conducted to proffer the security and privacy issues as proposed. To extend and improve this work further, some other security techniques and procedures such as obfuscation, self-blinding, signature blinding, randomization and anonymization will be implemented.