Abstract
Encrypting data at rest has been one of the most common ways to protect the database data against honest but curious adversaries. In the literature there are more than a dozen mechanisms proposed on how to encrypt data to achieve different levels of confidentiality. However, a database system is more than just data. An inseparable aspect of a database system is its interaction with the users through queries. Yet, a query-enhanced adversary model that captures the security of user interactions with the encrypted database is missing. In this paper, we will first revisit a few well-known adversary models on the data encryption schemes. Also, to model the query-enhanced adversaries we additionally need new tools, which will be formally defined. Eventually, this paper introduces query-enhanced adversary models which additionally have access to the query logs or interact with the database in different ways. We will prove by reduction that breaking a cryptosystem by a query-enhanced adversary is at least as difficult as breaking the cryptosystem by a common adversary.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
An Experiment is also called a Game in some security literatures.
- 2.
An Adversary is also called a Winner in some security literatures.
- 3.
Polynomial-time in the size of the input.
- 4.
Safe means indistinguishable in this experiment.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: SIGMOD, pp. 563–574 (2004)
Arasu, A., Blanas, S.: Orthogonal security with cipherbase. In: CIDR (2013)
Bajaj, S., Sion, R.: TrustedDB: a trusted hardware based database with privacy and data confidentiality. In: SIGMOD, pp. 205–216 (2011)
Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009)
Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011)
Damiani, E., De Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS, pp. 93–102 (2003)
Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD, pp. 216–227 (2002)
Hildenbrand, S., Kossmann, D., Sanamrad, T., Binnig, C., Faerber, F., Woehler, J.: Query processing on encrypted data in the cloud. Technical report 735, Department of Computer Science, Swiss Federal Institute of Technology Zurich (2011)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography. CRC Press, Boca Raton (2008)
Popa, R., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: SOSP, pp. 85–100 (2011)
Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: DeMillo, R.A., et al. (eds.) Foundations of Secure Computation, pp. 169–178. Academic Press, New York (1978)
Sanamrad, T., Braun, L., Kossmann, D., Ramarathnam, V.: POP: a new encryption scheme for dynamic databases. Technical report 782, Department of Computer Science, Swiss Federal Institute of Technology Zurich (2013)
Sion, R.: Secure data outsourcing. In: VLDB, pp. 1431–1432 (2007)
Tu, S., Kaashoek, M., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. In: VLDB, pp. 289–300 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Sanamrad, T., Kossmann, D. (2014). Query Log Attack on Encrypted Databases. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2013. Lecture Notes in Computer Science(), vol 8425. Springer, Cham. https://doi.org/10.1007/978-3-319-06811-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-06811-4_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06810-7
Online ISBN: 978-3-319-06811-4
eBook Packages: Computer ScienceComputer Science (R0)