ABSTRACT
Encryption is a well established technology for protecting sensitive data. However, once encrypted, data can no longer be easily queried aside from exact matches. We present an order-preserving encryption scheme for numeric data that allows any comparison operation to be directly applied on encrypted data. Query results produced are sound (no false hits) and complete (no false drops). Our scheme handles updates gracefully and new values can be added without requiring changes in the encryption of other values. It allows standard databse indexes to be built over encrypted tables and can easily be integrated with existing database systems. The proposed scheme has been designed to be deployed in application environments in which the intruder can get access to the encrypted database, but does not have prior domain information such as the distribution of values and annot encrypt or decrypt arbitrary values of his choice. The encryption is robust against estimation of the true value in such environments.
- R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databses. In Proc. of the 28th Int'l Conference on Very Large Databases, Hong Kong, China, August 2002. Google ScholarDigital Library
- N. Ahituv, Y. Lapid, and S. Neumann. Processing encrypted data. Communications of the ACM, 30(9):777--780, 1987. Google ScholarDigital Library
- G. Bebek. Anti-tamper database research: Inference control techniques. Technical Report EECS 433 Final Report, Case Western Reserve University, November 2002.Google Scholar
- L. Bouganim and P. Pucheral. Chip-secured data access: Confidential data on untrusted servers. In 28th Int'l Conference on Very Large Databses, pages 131--142, Hong Kong, China, August 2002. Google ScholarDigital Library
- Z. J. Czech, G. Havas, and B. S. Majewski. An optimal algorithm for generating minimal perfect has functions. Information Processing Letters, 43(5):257--264, 1992. Google ScholarDigital Library
- E. Damiani, S. D. C. di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational dbmss. In Proc. of the 10th ACM Conf. on Comupter and Communications Security (CCS), October 2003. Google ScholarDigital Library
- D. Denning. Cryptography and Data Security. Addison-Wesley, 1982. Google ScholarDigital Library
- J. Domingo-Ferrer and J. Herrera-Joancomarti. A privacy homomorphism allowing field operations on encrypted data. I Jornades de Matematica Discreta i Algorismica, Universitat Politecnica de Catalunya, March 1998.Google Scholar
- J. Domingo i Ferror. A new privacy homomorphism and applications. Information Processing Letters, 60(5):277--282, 996. Google ScholarDigital Library
- J. Feigenbaum, M. Y. Liberman, and R. N. Wright. Cryptographic protection of databases and software. In Proc. of the DIMACS Workshop on Distributed Computing and Cryptography, 1990.Google Scholar
- E. A. Fox, Q. F. Chen, A. M. Daoud, and L. S. Heath. Order-preserving minimal perfect hash functions and information retrieval. ACM Transactions on Information Systems (TOIS), 9:281--308, 1991. Google ScholarDigital Library
- S. C. Gultekin Ozsoyoglu, David Singer. Anti-tamper databases: Querying encrypted databases. In Proc. of the 17th Annual IFIP WG 11.3 Working Conference on Database and Applications Security, Estes Park, Colorado, August 2003.Google Scholar
- H. Hacigümüç, B. R. Iyer, C. Li, and S. Mehrotra. Executing SQL over encrypted data in the database-service-provider model. In Proc. of the ACM SIGMOD Conf. on Management of Data, Madison, Wisconsin, June 2002. Google ScholarDigital Library
- T. Hamilton. Error sends bank files to eBay. The Toronto Star, September 15, 2003.Google Scholar
- Y. E. Ioannidis. The history of histograms (abridged). In Proc. of 29th Int'l Conf. on Very Large Data Bases (VLDB), Berlin, Germany, September 2003. Google ScholarDigital Library
- A. Konig and G. Weikum. Combining histograms and parametric curve fitting for feedback-driven query result-size estimation. In Proc. of the 25th Int'l Conference on Very Large Databases, Edinburgh, Scotland, 1999. Google ScholarDigital Library
- M. Mehta, R. Agrawal, and J. Rissanen. SLIQ: A fast scalable classifier for data mining. In Proc. of the Fifth Int'l Conference on Extending Database Technology (EDBT), Avignon, France, March 1996. Google ScholarDigital Library
- Oracle Corporation. Database Encryption in Oracle 8i, August 2000.Google Scholar
- W. H. Press, S. A. Teukolsky, W. T. Vetterling, and B. P. Flannery. Numerical Recipes in C: The Art of Scientific Computing. Cambridge University Press, second edition, 1992. Google ScholarDigital Library
- J. Rissanen. Stochastic Complexity in Statistical Inquiry. World Scientific Publ. Co., 1989. Google ScholarDigital Library
- R. L. Rivest, L. Adelman, and M. L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, pages 169--178, 1978.Google Scholar
- B. Schneier. Applied Cryptography. John Wiley, second edition, 1996.Google Scholar
- D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In IEEE Symp. on Security and Privacy, Oakland, California, 2000. Google ScholarDigital Library
- D. R. Stinson. Cryptography: Theory and Practice. CRC Press, 2nd edition, 2002. Google ScholarDigital Library
- R. Vingralek, Gnatdb: A small-footprint, secure database system. In 28th Int'l Conference on Very Large Databases, pages 884--893, Hong Kong, China, August 2002. Google ScholarDigital Library
Recommendations
Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityIn the last few years, there has been significant interest in developing methods to search over encrypted data. In the case of range queries, a simple solution is to encrypt the contents of the database using an order-preserving encryption (OPE) scheme (...
Order-preserving encryption revisited: improved security analysis and alternative solutions
CRYPTO'11: Proceedings of the 31st annual conference on Advances in cryptologyWe further the study of order-preserving symmetric encryption (OPE), a primitive for allowing efficient range queries on encrypted data, recently initiated (from a cryptographic perspective) by Boldyreva et al. (Eurocrypt'09). First, we address the open ...
Modular Order-Preserving Encryption, Revisited
SIGMOD '15: Proceedings of the 2015 ACM SIGMOD International Conference on Management of DataOrder-preserving encryption (OPE) schemes, whose ciphertexts preserve the natural ordering of the plaintexts, allow efficient range query processing over outsourced encrypted databases without giving the server access to the decryption key. Such schemes ...
Comments