research-article

Secure query processing with data interoperability in a cloud database environment

Authors:
Wai Kit Wong

Hang Seng Management College, Hong Kong, Hong Kong

Hang Seng Management College, Hong Kong, Hong Kong
View Profile

,
Ben Kao

University of Hong Kong, Hong Kong, Hong Kong

University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
David Wai Lok Cheung

University of Hong Kong, Hong Kong, Hong Kong

University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
Rongbin Li

University of Hong Kong, Hong Kong, Hong Kong

University of Hong Kong, Hong Kong, Hong Kong
View Profile

,
Siu Ming Yiu

University of Hong Kong, Hong Kong, Hong Kong

University of Hong Kong, Hong Kong, Hong Kong
View Profile

SIGMOD '14: Proceedings of the 2014 ACM SIGMOD International Conference on Management of DataJune 2014Pages 1395–1406https://doi.org/10.1145/2588555.2588572

Published:18 June 2014Publication History

SIGMOD '14: Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data

Pages 1395–1406

ABSTRACT

We address security issues in a cloud database system which employs the DBaaS model. In such a model, a data owner (DO) exports its data to a cloud database service provider (SP). To provide data security, sensitive data is encrypted by the DO before it is uploaded to the SP. Existing encryption schemes, however, are only partially homomorphic in the sense that each of them was designed to allow one specific type of computation to be done on encrypted data. These existing schemes cannot be integrated to answer real practical queries that involve operations of different kinds. We propose and analyze a secure query processing system (SDB) on relational tables and a set of elementary operators on encrypted data that allow data interoperability, which allows a wide range of SQL queries to be processed by the SP on encrypted information. We prove that our encryption scheme is secure against two types of threats and that it is practically efficient.

References

R. Agrawal and J. Kiernan et al. Order-preserving encryption for numeric data. In SIGMOD, 2004. Google ScholarDigital Library
A. Arasu et al. Secure database-as-a-service with cipherbase. In SIGMOD, 2013. Google ScholarDigital Library
S. Bajaj et al. Trusteddb: a trusted hardware based database with privacy and data confidentiality. In SIGMOD, 2011. Google ScholarDigital Library
D. Bogdanov et al. A universal toolkit for cryptographically secure privacy-preserving data mining. In PAISI, 2012. Google ScholarDigital Library
A. Boldyreva et al. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, 2011. Google ScholarDigital Library
D. Boneh et al. Public key encryption with keyword search. In EUROCRYPT, 2004.Google ScholarCross Ref
E. Damiani et al. Balancing confidentiality and efficiency in untrusted relational dbmss. In CCS, 2003. Google ScholarDigital Library
S. Das and D. Agrawal et al. Elastras: An elastic transactional data store in the cloud. CoRR, 2010.Google Scholar
S. Das, V. Narasayya, and F. Li et al. CPU sharing techniques for performance isolation in multi-tenant relational database-as-a-service. PVLDB, 2014.Google Scholar
A. J. Elmore, S. Das, D. Agrawal, and A. El Abbadi. Zephyr: live migration in shared nothing databases for elastic cloud platforms. In SIGMOD, 2011. Google ScholarDigital Library
F. Emekçi, D. Agrawal, and A. El Abbadi. Privacy preserving query processing using third parties. In ICDE, 2006. Google ScholarDigital Library
C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, 2009. Google ScholarDigital Library
C. Gentry et al. Fully homomorphic encryption with polylog overhead. In EUROCRYPT, 2012. Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In STOC, 1987. Google ScholarDigital Library
H. Hacigümüs, S. Mehrotra, and B. R. Iyer. Providing database as a service. In ICDE, 2002.Google ScholarCross Ref
H. Hacigümüs et al.and B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, 2002. Google ScholarDigital Library
B. Hore, S. Mehrotra, and G. Tsudik. A privacy preserving index for range queries. In VLDB, 2004. Google ScholarDigital Library
M. Kantarcioglu and C. Chris. Privacy-preserving distributed mining of association rules on horizontally partitioned data. TKDE, 2004. Google ScholarDigital Library
A. J. Menezes, P. C. Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. Google ScholarDigital Library
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT, 1999. Google ScholarDigital Library
S. Papadopoulos et al. Secure and efficient in-network processing of exact sum queries. In ICDE, 2011. Google ScholarDigital Library
R. A. Popa et al. Cryptdb: processing queries on an encrypted database. CACM, 2012. Google ScholarDigital Library
R. L. Rivest et al.and A. Shamir and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. CACM, 1978. Google ScholarDigital Library
A. Soror et al. Automatic virtual machine configuration for database workloads. In SIGMOD, 2008. Google ScholarDigital Library
S. Tu and M. F. Kaashoek et al. Processing analytical queries over encrypted data. In PVLDB, 2013. Google ScholarDigital Library
J. Vaidya et al. Secure set intersection cardinality with application to association rule mining. JCS, 2005. Google ScholarDigital Library
S. Wang, D. Agrawal, and A. El Abbadi. A comprehensive framework for secure query processing on relational data in the cloud. In SDM, 2011. Google ScholarDigital Library
P. Wong, Z. He, and E. Lo. Parallel analytics as a service. In SIGMOD, 2013. Google ScholarDigital Library
W. K. Wong et al. Secure query processing with data interoperability in a cloud database environment. Technical Report TR-2014-03, Department of Computer Science, University of Hong Kong, 2014.Google ScholarDigital Library
A. C. Yao. Protocols for secure computations (extended abstract). In FOCS, 1982. Google ScholarDigital Library

Index Terms

Secure query processing with data interoperability in a cloud database environment
1. Security and privacy
  1. Database and storage security
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

A study of secure DBaaS with encrypted data transactions
ICCIP '16: Proceedings of the 2nd International Conference on Communication and Information Processing

The emergence of cloud computing allowed different IT services to be outsourced to cloud service providers (CSP). This includes the management and storage of user's structured data called Database as a Service (DBaaS). However, DBaaS requires users to ...
Read More
Symmetric searchable encryption with efficient range query using multi-layered linked chains

Searchable encryption is an encryption system which provides confidentiality of stored documents and usability of document search at the same time. Remote cloud storage is the most typical application for searchable encryption. By applying searchable ...
Read More
A Survey on Querying Encrypted Data for Database as a Service
CYBERC '13: Proceedings of the 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery

Using database encryption to protect data in some situations where access control is not solely enough is inevitable. Database encryption provides an additional layer of protection to conventional access control techniques. It prevents unauthorized ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGMOD '14: Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data
June 2014
1645 pages
ISBN:9781450323765
DOI:10.1145/2588555
General Chairs:
Curtis Dyreson
Utah State University, USA
,
Feifei Li
University of Utah, USA
,
Program Chair:
M. Tamer Özsu
University of Waterloo, Canada
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 June 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
query on encrypted data
secure database
Qualifiers
- research-article
Conference

Acceptance Rates
SIGMOD '14 Paper Acceptance Rate107of421submissions,25%Overall Acceptance Rate785of4,003submissions,20%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 53
  Total Citations
  View Citations
- 1,153
  Total Downloads
- Downloads (Last 12 months)44
- Downloads (Last 6 weeks)10
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Secure query processing with data interoperability in a cloud database environment

SIGMOD '14: Proceedings of the 2014 ACM SIGMOD International Conference on Management of Data

ABSTRACT

References

Cited By

Index Terms

Recommendations

A study of secure DBaaS with encrypted data transactions

Symmetric searchable encryption with efficient range query using multi-layered linked chains

A Survey on Querying Encrypted Data for Database as a Service