ABSTRACT
Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns. The intuitive expectation is that an adversary cannot "learn" anything about the encrypted columns, since she does not have access to the encryption key. However, query processing becomes a challenge since it needs to "look inside" the data. This tutorial explores the space of designs studied in prior work on processing queries over encrypted data. We cover approaches based on both classic client-server and involving the use of a trusted hardware module where data can be securely decrypted. We discuss the privacy challenges that arise in both approaches and how they may be addressed. Briefly, supporting the full complexity of a modern DBMS including complex queries, transactions and stored procedures leads to significant challenges that we survey and open problems which we highlight.
- Divyakant Agrawal, Amr El Abbadi, and Shiyuan Wang. Secure and privacy-preserving database services in the cloud. In ICDE, 2013. (To appear).Google ScholarDigital Library
- Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, and Yirong Xu. Order-preserving encryption for numeric data. In SIGMOD Conference, pages 563--574, 2004. Google ScholarDigital Library
- Amazon Corporation. Amazon Relational Database Service. http://aws.amazon.com/rds/.Google Scholar
- Arvind Arasu, Spyros Blanas, Ken Eguro, et al. Orthogonal security with cipherbase. In CIDR, 2013.Google Scholar
- Arvind Arasu, Ken Eguro, Raghav Kaushik, and Ravi Ramamurthy. Querying encrypted data. In ICDE, pages 1262--1263, 2013. Google ScholarDigital Library
- Sumeet Bajaj and Radu Sion. TrustedDB: a trusted hardware based database with privacy and data confidentiality. In SIGMOD Conference, pages 205--216, 2011. Google ScholarDigital Library
- Alexandra Boldyreva, Nathan Chenette, and Adam O'Neill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In CRYPTO, pages 578--595, 2011. Google ScholarDigital Library
- Carlo Curino, Evan P. C. Jones, Raluca A. Popa, Nirmesh Malviya, Eugene Wu, Samuel Madden, Hari Balakrishnan, and Nickolai Zeldovich. Relational cloud: a database service for the cloud. In CIDR, pages 235--240, 2011.Google Scholar
- K. Eguro and R. Venkatesan. FPGAs for trusted cloud computing. In FPL, 2012.Google ScholarCross Ref
- An sme perspective on cloud computing (survey). European Network and Information Security Agency, 2009.Google Scholar
- Oded Goldreich and Rafail Ostrovsky. Software protection and simulation on oblivious rams. J. ACM, 43(3):431--473, 1996. Google ScholarDigital Library
- Michael T. Goodrich. Data-oblivious external-memory algorithms for the compaction, selection, and sorting of outsourced data. In SPAA, pages 379--388, 2011. Google ScholarDigital Library
- Hakan Hacigümüs, Balakrishna R. Iyer, Chen Li, and Sharad Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD Conference, pages 216--227, 2002. Google ScholarDigital Library
- Bijit Hore, Sharad Mehrotra, and Hakan Hacigümüs. Managing and querying encrypted data. In Handbook of Database Security, pages 163--190. 2008.Google ScholarCross Ref
- IBM Corporation. IBM InfoSphere Guardium Data Encryption for DB2 and IMS Databases. http://www-01.ibm.com/software/data/db2imstools/db2tools/ibmencrypt/.Google Scholar
- Intel software guard extensions (intel SGX). http://software.intel.com/en-us/intel-isa-extensions#pid-19539--1495.Google Scholar
- Frank Mckeen, Ilya Alexandrovich, et al. Innovative instructions and software model for isolated execution. In Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013. Google ScholarDigital Library
- Microsoft Corporation. SQL Azure. http://www.windowsazure.com/en-us/home/features/sql-azure/.Google Scholar
- Microsoft Corporation. SQL Server Encryption. http://technet.microsoft.com/en-us/library/bb510663.aspx.Google Scholar
- R. Müller, J. Teubner, and G. Alonso. Data processing on fpgas. PVLDB, 2(1), 2009. Google ScholarDigital Library
- Global surveillance disclosure. http://en.wikipedia.org/wiki/Global_surveillance_disclosure.Google Scholar
- Oracle Corporation. Transparent Data Encryption. http://www.oracle.com/technetwork/database/options/advanced-security/index-099011.html.Google Scholar
- Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In EUROCRYPT, pages 223--238, 1999. Google ScholarDigital Library
- R. A. Popa, C. M. S. Redfield, N. Zeldovich, et al. Cryptdb: protecting confidentiality with encrypted query processing. In SOSP, pages 85--100, 2011. Google ScholarDigital Library
- Radu Sion. Secure data outsourcing. In VLDB, pages 1431--1432, 2007. Google ScholarDigital Library
- Peter Williams and Radu Sion. Usable pir. In NDSS, 2008.Google Scholar
Index Terms
- Querying encrypted data
Recommendations
Secure query processing against encrypted XML data using Query-Aware Decryption
Dissemination of XML data on the internet could breach the privacy of data providers unless access to the disseminated XML data is carefully controlled. Recently, the methods using encryption have been proposed for such access control. However, in these ...
Querying encrypted data
ICDE '13: Proceedings of the 2013 IEEE International Conference on Data Engineering (ICDE 2013)Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns. The ...
Network Information Security Data Protection Based on Data Encryption Technology
AbstractData encryption technology can protect data from illegal theft. This study analyzed the Rivest, Shamir, and Adleman (RSA) algorithm, the Advanced Encryption Standard (AES) algorithm, and their encryption and decryption processes, compared their ...
Comments