Abstract
Ideal homomorphic encryption is theoretically achievable but impractical in reality due to tremendous computing overhead. Homomorphically encrypted databases, such as CryptDB, leverage replication with partially homomorphic encryption schemes to support different SQL queries over encrypted data directly. These databases reach a balance between security and efficiency, but incur considerable storage overhead, especially when making backups. Unfortunately, general data compression techniques relying on data similarity exhibit inefficiency on encrypted data. We present CryptZip, a backup and recovery system that could highly reduce the backup storage cost of encrypted databases. The key idea is to leverage the metadata information of encryption schemes and selectively backup one or several columns among semantically redundant columns. The experimental results show that CryptZip could reduce up to 90.5% backup storage cost on TPC-C benchmark.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Popa R A, Redfield C, Zeldovich N, Balakrishnan H. Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles. 2011, 85–100
Ferretti L, Colajanni M, Marchetti M. Supporting security and consistency for cloud database. In: Proceedings of the 4th International Conference on Cyberspace Safety and Security. 2012, 179–193
Ferretti L, Colajanni M, Marchetti M. Distributed, concurrent, and independent access to encrypted cloud databases. IEEE Transactions on Parallel and Distributed Systems. 2014, 25(2): 437–446
Kerschbaum K, Härterich M, Grofig P, Kohler M, Schaad A, Schröpfer A, Tighzert W. Optimal re-encryption strategy for joins in encrypted databases. In: Proceedings of IFIP Annual Conference on Data and Applications Security and Privacy. 2013, 195–210
Tu S, Kaashoek M F, Madden S, Zeldovich N. Processing analytical queries over encrypted data. Proceedings of the VLDB Endowment, 2013, 6(5): 289–300
Kerschbaum F, Grofig P, Hang I, Härterich M, Kohler M, Schaad A, Schröpfer A, Tighzert W. Adjustably encrypted in-memory columnstore. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. 2013, 1325–1328
Kerschbaum F, Härterich M, Kohler M, Hang I, Schaad A, Schröpfer A, Tighzert W. An encrypted in-memory column-store: the onion selection problem. In: Proceedings of the International Conference on Information Systems Security. 2013, 14–26
Papadimitriou A, Bhagwan R, Chandran N, Ramjee R, Haeberlen A, Singh H, Modi A, Badrinarayanan S. Big data analytics over encrypted datasets with seabed. In: Proceedings of USENIX Symposium on Operating Systems Design and Implementation. 2016, 587–602
Rivest R, Adleman L, Dertouzos M. On data banks and privacy homomorphisms. Foundations of Secure Computation, 1978, 4(11): 169–177
Gentry C. Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing. 2009, 169–178
Popa R A. Building practical systems that compute on encrypted data. PhD Thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2014.
Rivest R L, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21(2): 120–126
ElGamal T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 1985, 31(4): 469–472
Paillier P. Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques. 1999, 223–238
Boldyreva A, Chenette N, Lee Y, O’neill A. Order-preserving symmetric encryption. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2009, 224–241
Agrawal R, Kiernan J, Srikant R, Xu Y. Order preserving encryption for numeric data. In: Proceedings of the 2004ACM SIGMOD International Conference on Management of Data. 2004, 563–574
Boldyreva A, Chenette N, O’Neill A. Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Proceedings of Annual Cryptology Conference. 2011, 578–595
Song D X, Wagner D, Perrig A. Practical techniques for searches on encrypted data. In: Proceedings of IEEE Symposium on Security and Privacy. 2000, 44–55
Curtmola R, Garay J, Kamara S, Ostrovsky R. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 2011, 19(5): 895–934
Kamara S, Papamanthou C, Roeder T. Dynamic searchable symmetric encryption. In: Proceedings of the 2012ACM Conference on Computer and Communications Security. 2012, 965–976
Rijmen V, Daemen J. Advanced encryption standard. In: Proceedings of Federal Information Processing Standards Publications, National Institute of Standards and Technology. 2001, 19–22
Kaplan D, Powell J, Woller T. Amd memory encryption. White Paper, 2016
Johnson S, Scarlata V, Rozas C, Brickell E, Mckeen F. IntelR software guard extensions: epid provisioning and attestation services. White Paper, 2016, 1–10
Xia W, Jiang H, Feng D, Douglis F, Shilane P, Hua Y, Fu M, Zhang Y, Zhou Y. A comprehensive study of the past, present, and future of data deduplication. Proceedings of the IEEE, 2016, 104(9): 1681–1710
Huffman D A. A method for the construction of minimum-redundancy codes. Proceedings of the IRE, 1952, 40(9): 1098–1101
Ziv J, Lempel A. A universal algorithm for sequential data compression. IEEE Transactions on Information Theory, 1977, 23(3): 337–343
Ziv J, Lempel A. Compression of individual sequences via variablerate coding. IEEE Transactions on Information Theory, 1978, 24(5): 530–536
Muthitacharoen A, Chen B, Mazières D. A low-bandwidth network file system. ACM SIGOPS Operating Systems Review, 2001, 35(5): 174–187
Quinlan S, Dorward S. Venti: a new approach to archival storage. In: Proceedings of USENIX Conference on File and Storage Technologies. 2002, 89–101
Wallace G, Douglis F, Qian H, Shilane P, Smaldone S, Chamness M, Hsu W. Characteristics of backup workloads in production systems. In: Proceedings of the 10th USENIX Conference on File and Storage Technologies. 2012, 4
Zhu B, Li K, Patterson R H. Avoiding the disk bottleneck in the data domain deduplication file system. In: Proceedings of the 6th USENIX Conference on File and Storage Technologies. 2008, 1–14
Lillibridge M, Eshghi K, Bhagwat D, Deolalikar V, Trezis G, Camble P. Sparse indexing: large scale, inline deduplication using sampling and locality. In: Proceedings of the 7th USENIX Conference on File and Storage Technologies. 2009, 111–123
Dubnicki C, Gryz L, Heldt L, Kaczmarczyk M, Kilian W, Strzelczak P, Szczepkowski J, Ungureanu C, Welnicki M. Hydrastor: a scalable secondary storage. In: Proceedings of the 7th USENIX Conference on File and Storage Technologies. 2009, 197–210
Guo F, Efstathopoulos P. Building a high-performance deduplication system. In: Proceedings of the 2011 USENIX Annual Technical Conference. 2011, 25–25.
Srinivasan K, Bisson T, Goodson G R, Voruganti K. iDedup: latencyaware, inline data deduplication for primary storage. In: Proceedings of the 10th USENIX Conference on File and Storage Technologies. 2012, 1–14
Whiting D L, Dilatush T. System for backing up files from disk volumes on multiple nodes of a computer network. 1998, US Patent 5,778,395
Bellare M, Keelveedhi S, Ristenpart T. Message-locked encryption and secure deduplication. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2013, 296–312
Keelveedhi S, Bellare M, Ristenpart T. Dupless: server-aided encryption for deduplicated storage. In: Proceedings of USENIX Security Symposium. 2013, 179–194
Li J, Chen X, Li M, Li J, Lee P P, Lou W. Secure deduplication with efficient and reliable convergent key management. IEEE Transactions on Parallel and Distributed Systems. 2014, 25(6): 1615–1625
Acknowledgements
First and foremost, we thank Professor Kai Li and Future Forum for inspiring us such a novel idea. We would also like to thank Qun Huang, Dan Ding, Cheng Yang, Hui Liu, Xusheng Zhan, Tianni Xu and the anonymous reviewers for their insightful suggestions. This work was supported in part by National Key R&D Program of China (2016YFB1000201), and the National Natural Science Foundation of China (Grant Nos. 61420106013 and 61702480) and Youth Innovation Promotion Association of Chinese Academy of Sciences.
Author information
Authors and Affiliations
Corresponding author
Additional information
Sa Wang received his BS degree in computer science and technology from University of Science and Technology of China, China in 2009, and PhD degree in computer science from University of Chinese Academy of Sciences, Institute of Software, Chinese Academy of Sciences (CAS), China in 2016. He is an assistant professor in Institute of Computing Technology, CAS, China. His current research interests include operating system, system performance evaluation and optimization, and distributed system. He is a member of CCF, ACM, and IEEE.
Yiwen Shao received his BS degree in telecommunication engineering from Xidian University, China in 2015, and MS degree in computer science from University of Chinese Academy of Sciences, Institute of Computing Technology, Chinese Academy of Sciences (CAS), China in 2018. His current research mainly concern homomorphic encryption and databases.
Yungang Bao received his BS degree in computer science and technology from Nanjing University, China in 2003 and PhD degree in computer science from Chinese Academy of Sciences (CAS), China in 2008. He is a professor in Institute of Computing Technology, CAS, China. From 2010 to 2012, he was a postdoctoral researcher in Department of Computer Science, Princeton University, USA. His current research interests include computer architecture, operating system, and system performance modeling and evaluation. He is a member of CCF, ACM, and IEEE.
Electronic supplementary material
Rights and permissions
About this article
Cite this article
Wang, S., Shao, Y. & Bao, Y. Practices of backuping homomorphically encrypted databases. Front. Comput. Sci. 13, 220–230 (2019). https://doi.org/10.1007/s11704-019-8394-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11704-019-8394-8