Skip to main content
SpringerLink
Log in

Query Optimization in Encrypted Relational Databases by Vertical Schema Partitioning

  • Conference paper
Secure Data Management (SDM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5776))

Included in the following conference series:

Abstract

Security and privacy concerns, as well as legal considerations, force many companies to encrypt the sensitive data in their databases. However, storing the data in encrypted format entails significant performance penalties during query processing. In this paper, we address several design issues related to querying encrypted relational databases. The experiments we conducted on benchmark datasets show that excessive decryption costs during query processing result in CPU bottleneck. As a solution we propose a new method based on schema decomposition that partitions sensitive and non-sensitive attributes of a relation into two separate relations. Our method improves the system performance dramatically by parallelizing disk IO latency with CPU-intensive operations (i.e., encryption/decryption).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jr, T.Z.: An ominous milestone: 100 million data leaks, New York Times (December 18, 2006)

    Google Scholar 

  2. World, C.: Stolen computers contain data on 185,000 patients (April 2005), http://www.computerworld.com/databasetopics/data/story/0,10801,100961,00.html

  3. Trinanes, J.A.: Database security in high risk environments. Technical report, governmentsecurity.org (2005), http://www.governmentsecurity.org/articles/DatabaseSecurityinHighRiskEnvironments.php

  4. HIPAA: Standard for privacy of individually identifiable health information. Federal Register 67(157), 53181–53273 (2002)

    Google Scholar 

  5. Peace, S.: California database security breach notification act (September 2002), http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html

  6. Microsoft: Security features in microsoft sql server 2005. Technical report, Microsoft Corporation (2005), http://www.microsoft.com/sql/2005/productinfo/

  7. IBM: Ibm data encryption for ims and db2 databases. Technical report, IBM Corporation (2006), http://www-306.ibm.com/software/data/db2imstools/db2tools/ibmencrypt.html

  8. Seagate: Drivetrust technology: A technical overview (October 2006), http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf

  9. Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: StorageSS 2005: Proceedings of the 2005 ACM workshop on Storage security and survivability, pp. 74–83. ACM, New York (2005)

    Chapter  Google Scholar 

  10. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France (June 13-18, 2004)

    Google Scholar 

  11. NIST: Advanced encryption standard (aes). Technical Report NIST Special Publication FIPS-197, National Institute of Standards and Technology (2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  12. Adam, N.R., Worthmann, J.C.: Security-control methods for statistical databases: a comparative study. ACM Comput. Surv. 21(4), 515–556 (1989)

    Article  Google Scholar 

  13. Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A framework for efficient storage security in rdbms. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 147–164. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Ailamaki, A., DeWitt, D.J., Hill, M.D., Skounakis, M.: Weaving relations for cache performance. In: Proceedings of the 27th International Conference on Very Large Data Bases, pp. 169–180. Morgan Kaufmann Publishers Inc., San Francisco (2001)

    Google Scholar 

  15. Hacigumus, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, June 4-6, pp. 216–227 (2002), http://doi.acm.org/10.1145/564691.564717

  16. Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of the 30th International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc., San Francisco (2004)

    Google Scholar 

  17. Damiani, E., Vimercati, S.D.C., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational dbmss. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 93–102. ACM Press, New York (2003), http://doi.acm.org/10.1145/948109.948124

    Chapter  Google Scholar 

  18. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: CIDR, pp. 186–199 (2005)

    Google Scholar 

  19. Elovici, Y., Shmueli, E., Waisenberg, R., Gudes, E.: A structure preserving database encryption scheme. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 28–40. Springer, Heidelberg (2004), http://www.extra.research.philips.com/sdm-workshop/RonenSDM.pdf

    Chapter  Google Scholar 

  20. Cornell, D.W., Yu, P.S.: An effective approach to vertical partitioning for physical design of relational databases. IEEE Trans. Softw. Eng. 16(2), 248–258 (1990)

    Article  Google Scholar 

  21. Agrawal, S., Narasayya, V., Yang, B.: Integrating vertical and horizontal partitioning into automated physical database design. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 359–370. ACM, New York (2004)

    Google Scholar 

  22. Navathe, S., Ceri, S., Wiederhold, G., Dou, J.: Vertical partitioning algorithms for database design. ACM Trans. Database Syst. 9(4), 680–710 (1984)

    Article  Google Scholar 

  23. Innobase: InnoDB, Transactional Storage Engine, http://www.innodb.com/

  24. TPC: TPC-H, Decision Support Benchmark, http://www.tpc.org/tpch/

  25. Cox, M., Engelschall, R., Henson, S., Laurie, B.: The OpenSSL Project, http://www.openssl.org/

  26. Canim, M., Kantarcioglu, M.: Design and analysis of querying encrypted data in relational databases. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 177–194. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Garey, M.R., Johnson, D.S.: Computers and Intractability; A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York (1990)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Texas at Dallas, Richardson, TX, 75083, USA

    Mustafa Canim, Murat Kantarcioglu & Ali Inan

Authors
  1. Mustafa Canim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Murat Kantarcioglu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Inan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Willem Jonker

  2. Philips Research Laboratories, Koninklijke Philips Electronics N.V., High Tech Ampus 34, 5656 AE, Eindhoven, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Canim, M., Kantarcioglu, M., Inan, A. (2009). Query Optimization in Encrypted Relational Databases by Vertical Schema Partitioning. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2009. Lecture Notes in Computer Science, vol 5776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04219-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04219-5_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04218-8

  • Online ISBN: 978-3-642-04219-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation