ABSTRACT
We address security issues in a cloud database system which employs the DBaaS model. In such a model, a data owner (DO) exports its data to a cloud database service provider (SP). To provide data security, sensitive data is encrypted by the DO before it is uploaded to the SP. Existing encryption schemes, however, are only partially homomorphic in the sense that each of them was designed to allow one specific type of computation to be done on encrypted data. These existing schemes cannot be integrated to answer real practical queries that involve operations of different kinds. We propose and analyze a secure query processing system (SDB) on relational tables and a set of elementary operators on encrypted data that allow data interoperability, which allows a wide range of SQL queries to be processed by the SP on encrypted information. We prove that our encryption scheme is secure against two types of threats and that it is practically efficient.
- R. Agrawal and J. Kiernan et al. Order-preserving encryption for numeric data. In SIGMOD, 2004. Google ScholarDigital Library
- A. Arasu et al. Secure database-as-a-service with cipherbase. In SIGMOD, 2013. Google ScholarDigital Library
- S. Bajaj et al. Trusteddb: a trusted hardware based database with privacy and data confidentiality. In SIGMOD, 2011. Google ScholarDigital Library
- D. Bogdanov et al. A universal toolkit for cryptographically secure privacy-preserving data mining. In PAISI, 2012. Google ScholarDigital Library
- A. Boldyreva et al. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, 2011. Google ScholarDigital Library
- D. Boneh et al. Public key encryption with keyword search. In EUROCRYPT, 2004.Google ScholarCross Ref
- E. Damiani et al. Balancing confidentiality and efficiency in untrusted relational dbmss. In CCS, 2003. Google ScholarDigital Library
- S. Das and D. Agrawal et al. Elastras: An elastic transactional data store in the cloud. CoRR, 2010.Google Scholar
- S. Das, V. Narasayya, and F. Li et al. CPU sharing techniques for performance isolation in multi-tenant relational database-as-a-service. PVLDB, 2014.Google Scholar
- A. J. Elmore, S. Das, D. Agrawal, and A. El Abbadi. Zephyr: live migration in shared nothing databases for elastic cloud platforms. In SIGMOD, 2011. Google ScholarDigital Library
- F. Emekçi, D. Agrawal, and A. El Abbadi. Privacy preserving query processing using third parties. In ICDE, 2006. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google ScholarDigital Library
- C. Gentry et al. Fully homomorphic encryption with polylog overhead. In EUROCRYPT, 2012. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In STOC, 1987. Google ScholarDigital Library
- H. Hacigümüs, S. Mehrotra, and B. R. Iyer. Providing database as a service. In ICDE, 2002.Google ScholarCross Ref
- H. Hacigümüs et al.and B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, 2002. Google ScholarDigital Library
- B. Hore, S. Mehrotra, and G. Tsudik. A privacy preserving index for range queries. In VLDB, 2004. Google ScholarDigital Library
- M. Kantarcioglu and C. Chris. Privacy-preserving distributed mining of association rules on horizontally partitioned data. TKDE, 2004. Google ScholarDigital Library
- A. J. Menezes, P. C. Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. Google ScholarDigital Library
- P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT, 1999. Google ScholarDigital Library
- S. Papadopoulos et al. Secure and efficient in-network processing of exact sum queries. In ICDE, 2011. Google ScholarDigital Library
- R. A. Popa et al. Cryptdb: processing queries on an encrypted database. CACM, 2012. Google ScholarDigital Library
- R. L. Rivest et al.and A. Shamir and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. CACM, 1978. Google ScholarDigital Library
- A. Soror et al. Automatic virtual machine configuration for database workloads. In SIGMOD, 2008. Google ScholarDigital Library
- S. Tu and M. F. Kaashoek et al. Processing analytical queries over encrypted data. In PVLDB, 2013. Google ScholarDigital Library
- J. Vaidya et al. Secure set intersection cardinality with application to association rule mining. JCS, 2005. Google ScholarDigital Library
- S. Wang, D. Agrawal, and A. El Abbadi. A comprehensive framework for secure query processing on relational data in the cloud. In SDM, 2011. Google ScholarDigital Library
- P. Wong, Z. He, and E. Lo. Parallel analytics as a service. In SIGMOD, 2013. Google ScholarDigital Library
- W. K. Wong et al. Secure query processing with data interoperability in a cloud database environment. Technical Report TR-2014-03, Department of Computer Science, University of Hong Kong, 2014.Google ScholarDigital Library
- A. C. Yao. Protocols for secure computations (extended abstract). In FOCS, 1982. Google ScholarDigital Library
Index Terms
- Secure query processing with data interoperability in a cloud database environment
Recommendations
A study of secure DBaaS with encrypted data transactions
ICCIP '16: Proceedings of the 2nd International Conference on Communication and Information ProcessingThe emergence of cloud computing allowed different IT services to be outsourced to cloud service providers (CSP). This includes the management and storage of user's structured data called Database as a Service (DBaaS). However, DBaaS requires users to ...
Symmetric searchable encryption with efficient range query using multi-layered linked chains
Searchable encryption is an encryption system which provides confidentiality of stored documents and usability of document search at the same time. Remote cloud storage is the most typical application for searchable encryption. By applying searchable ...
A Survey on Querying Encrypted Data for Database as a Service
CYBERC '13: Proceedings of the 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge DiscoveryUsing database encryption to protect data in some situations where access control is not solely enough is inevitable. Database encryption provides an additional layer of protection to conventional access control techniques. It prevents unauthorized ...
Comments