Abstract
Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.
Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.
This work was supported by the National Science Foundation under Grant No. CCR-0331584.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Oracle Corporation. Database Encryption in Oracle9i (2001)
IBM Data Encryption for IMS and DB2 Databases, Version 1.1 (2003)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB (2002)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: SIGMOD (2004)
Blake, C., Merz, C.: UCI repository (1998)
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)
Bouganim, L., Pucheral, P.: Chip-secured data access: Confidential data on untrusted servers. In: VLDB (2002)
Cachin, C., Micali, S., Stadler, M.A.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 402. Springer, Heidelberg (1999)
Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. Cryptology ePrint Archive: 2004/051 (2004), available at: http://eprint.iacr.org/2004/051.pdf
Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: FOCS (1995)
Damiani, E., De Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational dbmss. In: CCS (2003)
Dash, E.: Lost credit data improperly kept, company admits. New York Times (June 20, 2005)
Davida, G.I., Wells, D.L., Kam, J.B.: A database encryption system with subkeys. ACM TODS 6(2), 312–328 (1981)
Feigenbaum, J., Liberman, M.Y., Wright, R.N.: Cryptographic protection of databases and software. In: DIMACS Workshop on Distributed Computing and Cryptography (1990)
Goh, E.: Secure indexes. Cryptology ePrint Archive, Report, 2003/216, http://eprint.iacr.org/2003/216/
Goldreich, O.: Foundations of Cryptography, vol. 1. Cambridge University Press, Cambridge (2001)
Goldreich, O.: Foundations of Cryptography, vol. 2. Cambridge University Press, Cambridge (2004)
Goldwasser, S., Bellare, M.: Lecture notes on cryptography. Summer Course Lecture Notes at MIT (1999)
Hacigumus, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD (2002)
Hacigumus, H., Iyer, B.R., Mehrotra, S.: Providing database as a service. In: ICDE (2002)
Hacıgümüş, H., Iyer, B.R., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004)
He, J., Wang, J.: Cryptography and relational database management systems. In: Int. Database Engineering and Application Symposium (2001)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: VLDB (2004)
Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A framework for efficient storage security in RDBMS. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 147–164. Springer, Heidelberg (2004)
Karlsson, J.: Using encryption for secure data storage in mobile database systems. Friedrich-Schiller-Universitat Jena (2002)
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database computationally-private information retrieval. In: FOCS (1997)
Ozsoyoglu, G., Singer, D., Chung, S.: Anti-tamper databases: Querying encrypted databases. In: Proc. of the 17th Annual IFIP WG 11.3 Working Conference on Database and Applications Security (2003)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy (2000)
Stout, D.: Veterans chief voices anger on data theft. New York Times (May 25, 2006)
Vingralek, R.: A small-footprint, secure database system. In: VLDB (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, Z., Zhong, S., Wright, R.N. (2006). Privacy-Preserving Queries on Encrypted Data. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds) Computer Security – ESORICS 2006. ESORICS 2006. Lecture Notes in Computer Science, vol 4189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11863908_29
Download citation
DOI: https://doi.org/10.1007/11863908_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44601-9
Online ISBN: 978-3-540-44605-7
eBook Packages: Computer ScienceComputer Science (R0)