Article

Order preserving encryption for numeric data

Authors:
Rakesh Agrawal

IBM Almaden Research Center, San Jose, CA

IBM Almaden Research Center, San Jose, CA
View Profile

,
Jerry Kiernan

IBM Almaden Research Center, San Jose, CA

IBM Almaden Research Center, San Jose, CA
View Profile

,
Ramakrishnan Srikant

IBM Almaden Research Center, San Jose, CA

IBM Almaden Research Center, San Jose, CA
View Profile

,
Yirong Xu

IBM Almaden Research Center, San Jose, CA

IBM Almaden Research Center, San Jose, CA
View Profile

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of dataJune 2004Pages 563–574https://doi.org/10.1145/1007568.1007632

Published:13 June 2004Publication History

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data

Pages 563–574

ABSTRACT

Encryption is a well established technology for protecting sensitive data. However, once encrypted, data can no longer be easily queried aside from exact matches. We present an order-preserving encryption scheme for numeric data that allows any comparison operation to be directly applied on encrypted data. Query results produced are sound (no false hits) and complete (no false drops). Our scheme handles updates gracefully and new values can be added without requiring changes in the encryption of other values. It allows standard databse indexes to be built over encrypted tables and can easily be integrated with existing database systems. The proposed scheme has been designed to be deployed in application environments in which the intruder can get access to the encrypted database, but does not have prior domain information such as the distribution of values and annot encrypt or decrypt arbitrary values of his choice. The encryption is robust against estimation of the true value in such environments.

References

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databses. In Proc. of the 28th Int'l Conference on Very Large Databases, Hong Kong, China, August 2002. Google ScholarDigital Library
N. Ahituv, Y. Lapid, and S. Neumann. Processing encrypted data. Communications of the ACM, 30(9):777--780, 1987. Google ScholarDigital Library
G. Bebek. Anti-tamper database research: Inference control techniques. Technical Report EECS 433 Final Report, Case Western Reserve University, November 2002.Google Scholar
L. Bouganim and P. Pucheral. Chip-secured data access: Confidential data on untrusted servers. In 28th Int'l Conference on Very Large Databses, pages 131--142, Hong Kong, China, August 2002. Google ScholarDigital Library
Z. J. Czech, G. Havas, and B. S. Majewski. An optimal algorithm for generating minimal perfect has functions. Information Processing Letters, 43(5):257--264, 1992. Google ScholarDigital Library
E. Damiani, S. D. C. di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational dbmss. In Proc. of the 10th ACM Conf. on Comupter and Communications Security (CCS), October 2003. Google ScholarDigital Library
D. Denning. Cryptography and Data Security. Addison-Wesley, 1982. Google ScholarDigital Library
J. Domingo-Ferrer and J. Herrera-Joancomarti. A privacy homomorphism allowing field operations on encrypted data. I Jornades de Matematica Discreta i Algorismica, Universitat Politecnica de Catalunya, March 1998.Google Scholar
J. Domingo i Ferror. A new privacy homomorphism and applications. Information Processing Letters, 60(5):277--282, 996. Google ScholarDigital Library
J. Feigenbaum, M. Y. Liberman, and R. N. Wright. Cryptographic protection of databases and software. In Proc. of the DIMACS Workshop on Distributed Computing and Cryptography, 1990.Google Scholar
E. A. Fox, Q. F. Chen, A. M. Daoud, and L. S. Heath. Order-preserving minimal perfect hash functions and information retrieval. ACM Transactions on Information Systems (TOIS), 9:281--308, 1991. Google ScholarDigital Library
S. C. Gultekin Ozsoyoglu, David Singer. Anti-tamper databases: Querying encrypted databases. In Proc. of the 17th Annual IFIP WG 11.3 Working Conference on Database and Applications Security, Estes Park, Colorado, August 2003.Google Scholar
H. Hacigümüç, B. R. Iyer, C. Li, and S. Mehrotra. Executing SQL over encrypted data in the database-service-provider model. In Proc. of the ACM SIGMOD Conf. on Management of Data, Madison, Wisconsin, June 2002. Google ScholarDigital Library
T. Hamilton. Error sends bank files to eBay. The Toronto Star, September 15, 2003.Google Scholar
Y. E. Ioannidis. The history of histograms (abridged). In Proc. of 29th Int'l Conf. on Very Large Data Bases (VLDB), Berlin, Germany, September 2003. Google ScholarDigital Library
A. Konig and G. Weikum. Combining histograms and parametric curve fitting for feedback-driven query result-size estimation. In Proc. of the 25th Int'l Conference on Very Large Databases, Edinburgh, Scotland, 1999. Google ScholarDigital Library
M. Mehta, R. Agrawal, and J. Rissanen. SLIQ: A fast scalable classifier for data mining. In Proc. of the Fifth Int'l Conference on Extending Database Technology (EDBT), Avignon, France, March 1996. Google ScholarDigital Library
Oracle Corporation. Database Encryption in Oracle 8i, August 2000.Google Scholar
W. H. Press, S. A. Teukolsky, W. T. Vetterling, and B. P. Flannery. Numerical Recipes in C: The Art of Scientific Computing. Cambridge University Press, second edition, 1992. Google ScholarDigital Library
J. Rissanen. Stochastic Complexity in Statistical Inquiry. World Scientific Publ. Co., 1989. Google ScholarDigital Library
R. L. Rivest, L. Adelman, and M. L. Dertouzos. On data banks and privacy homomorphisms. In Foundations of Secure Computation, pages 169--178, 1978.Google Scholar
B. Schneier. Applied Cryptography. John Wiley, second edition, 1996.Google Scholar
D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In IEEE Symp. on Security and Privacy, Oakland, California, 2000. Google ScholarDigital Library
D. R. Stinson. Cryptography: Theory and Practice. CRC Press, 2nd edition, 2002. Google ScholarDigital Library
R. Vingralek, Gnatdb: A small-footprint, secure database system. In 28th Int'l Conference on Very Large Databases, pages 884--893, Hong Kong, China, August 2002. Google ScholarDigital Library

Recommendations

Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

In the last few years, there has been significant interest in developing methods to search over encrypted data. In the case of range queries, a simple solution is to encrypt the contents of the database using an order-preserving encryption (OPE) scheme (...
Read More
Order-preserving encryption revisited: improved security analysis and alternative solutions
CRYPTO'11: Proceedings of the 31st annual conference on Advances in cryptology

We further the study of order-preserving symmetric encryption (OPE), a primitive for allowing efficient range queries on encrypted data, recently initiated (from a cryptographic perspective) by Boldyreva et al. (Eurocrypt'09). First, we address the open ...
Read More
Modular Order-Preserving Encryption, Revisited
SIGMOD '15: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data

Order-preserving encryption (OPE) schemes, whose ciphertexts preserve the natural ordering of the plaintexts, allow efficient range query processing over outsourced encrypted databases without giving the server access to the decryption key. Such schemes ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data
June 2004
988 pages
ISBN:1581138598
DOI:10.1145/1007568
Conference Chairs:
Arnd Christian König
Microsoft Research
,
Stefan Dessloch
University of Kaiserslautern, Germany
,
General Chair:
Patrick Valduriez
INRIA, France
,
Program Chair:
Gerhard Weikum
University of the Saarland
Copyright © 2004 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 June 2004
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate785of4,003submissions,20%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 889
  Total Citations
  View Citations
- 4,319
  Total Downloads
- Downloads (Last 12 months)176
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Order preserving encryption for numeric data

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data

ABSTRACT

References

Cited By

Recommendations

Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds

Order-preserving encryption revisited: improved security analysis and alternative solutions

Modular Order-Preserving Encryption, Revisited