Abstract
Security and privacy concerns, as well as legal considerations, force many companies to encrypt the sensitive data in their databases. However, storing the data in encrypted format entails significant performance penalties during query processing. In this paper, we address several design issues related to querying encrypted relational databases. The experiments we conducted on benchmark datasets show that excessive decryption costs during query processing result in CPU bottleneck. As a solution we propose a new method based on schema decomposition that partitions sensitive and non-sensitive attributes of a relation into two separate relations. Our method improves the system performance dramatically by parallelizing disk IO latency with CPU-intensive operations (i.e., encryption/decryption).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jr, T.Z.: An ominous milestone: 100 million data leaks, New York Times (December 18, 2006)
World, C.: Stolen computers contain data on 185,000 patients (April 2005), http://www.computerworld.com/databasetopics/data/story/0,10801,100961,00.html
Trinanes, J.A.: Database security in high risk environments. Technical report, governmentsecurity.org (2005), http://www.governmentsecurity.org/articles/DatabaseSecurityinHighRiskEnvironments.php
HIPAA: Standard for privacy of individually identifiable health information. Federal Register 67(157), 53181–53273 (2002)
Peace, S.: California database security breach notification act (September 2002), http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
Microsoft: Security features in microsoft sql server 2005. Technical report, Microsoft Corporation (2005), http://www.microsoft.com/sql/2005/productinfo/
IBM: Ibm data encryption for ims and db2 databases. Technical report, IBM Corporation (2006), http://www-306.ibm.com/software/data/db2imstools/db2tools/ibmencrypt.html
Seagate: Drivetrust technology: A technical overview (October 2006), http://www.seagate.com/docs/pdf/whitepaper/TP564_DriveTrust_Oct06.pdf
Damiani, E., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Key management for multi-user encrypted databases. In: StorageSS 2005: Proceedings of the 2005 ACM workshop on Storage security and survivability, pp. 74–83. ACM, New York (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France (June 13-18, 2004)
NIST: Advanced encryption standard (aes). Technical Report NIST Special Publication FIPS-197, National Institute of Standards and Technology (2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Adam, N.R., Worthmann, J.C.: Security-control methods for statistical databases: a comparative study. ACM Comput. Surv. 21(4), 515–556 (1989)
Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A framework for efficient storage security in rdbms. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 147–164. Springer, Heidelberg (2004)
Ailamaki, A., DeWitt, D.J., Hill, M.D., Skounakis, M.: Weaving relations for cache performance. In: Proceedings of the 27th International Conference on Very Large Data Bases, pp. 169–180. Morgan Kaufmann Publishers Inc., San Francisco (2001)
Hacigumus, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, June 4-6, pp. 216–227 (2002), http://doi.acm.org/10.1145/564691.564717
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of the 30th International Conference on Very Large Data Bases. Morgan Kaufmann Publishers Inc., San Francisco (2004)
Damiani, E., Vimercati, S.D.C., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational dbmss. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 93–102. ACM Press, New York (2003), http://doi.acm.org/10.1145/948109.948124
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: CIDR, pp. 186–199 (2005)
Elovici, Y., Shmueli, E., Waisenberg, R., Gudes, E.: A structure preserving database encryption scheme. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 28–40. Springer, Heidelberg (2004), http://www.extra.research.philips.com/sdm-workshop/RonenSDM.pdf
Cornell, D.W., Yu, P.S.: An effective approach to vertical partitioning for physical design of relational databases. IEEE Trans. Softw. Eng. 16(2), 248–258 (1990)
Agrawal, S., Narasayya, V., Yang, B.: Integrating vertical and horizontal partitioning into automated physical database design. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 359–370. ACM, New York (2004)
Navathe, S., Ceri, S., Wiederhold, G., Dou, J.: Vertical partitioning algorithms for database design. ACM Trans. Database Syst. 9(4), 680–710 (1984)
Innobase: InnoDB, Transactional Storage Engine, http://www.innodb.com/
TPC: TPC-H, Decision Support Benchmark, http://www.tpc.org/tpch/
Cox, M., Engelschall, R., Henson, S., Laurie, B.: The OpenSSL Project, http://www.openssl.org/
Canim, M., Kantarcioglu, M.: Design and analysis of querying encrypted data in relational databases. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 177–194. Springer, Heidelberg (2007)
Garey, M.R., Johnson, D.S.: Computers and Intractability; A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canim, M., Kantarcioglu, M., Inan, A. (2009). Query Optimization in Encrypted Relational Databases by Vertical Schema Partitioning. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2009. Lecture Notes in Computer Science, vol 5776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04219-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-04219-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04218-8
Online ISBN: 978-3-642-04219-5
eBook Packages: Computer ScienceComputer Science (R0)