Cited By
View all- Bkakria ACuppens FCuppens-Boulahia NGross-Amblard D(2016)Security Mechanisms Planning to Enforce Security PoliciesFoundations and Practice of Security10.1007/978-3-319-30303-1_6(85-101)Online publication date: 25-Feb-2016
Optimized and controlled provisioning of encrypted outsourced data
Authors: 
Andreas Schaad, Anis Bkakria, Florian Keschbaum, Frederic Cuppens, Nora Cuppens-Boulahia, David Gross-AmblardAuthors Info & Claims
Andreas Schaad, Anis Bkakria, Florian Keschbaum, Frederic Cuppens, Nora Cuppens-Boulahia, David Gross-AmblardAuthors Info & ClaimsPages 141 - 152
Abstract
Recent advances in encrypted outsourced databases support the direct processing of queries on encrypted data. Depend- ing on functionality (i.e. operators) required in the queries the database has to use different encryption schemes with different security properties. Next to these functional re-quirements a security administrator may have to address security policies that may equally determine the used en-cryption schemes. We present an algorithm and tool set that determines an optimal balance between security and functionality as well as helps to identify and resolve possible conflicts. We test our solution on a database benchmark and business-driven security policies.
References
[1]
Transaction processing performance council. benchmark h. http://www.tpc.org/.
[2]
R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2004.
[3]
M. J. Atallah, M. Blanton, N. Fazio, and K. B. Frikken. Dynamic and efficient key management for access hierarchies. ACM Trans. Inf. Syst. Secur., 12(3), 2009.
[4]
M. Bellare, A. Boldyreva, and A. O'Neill. Deterministic and efficiently searchable encryption. In Advances in Cryptology, CRYPTO, 2007.
[5]
A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In Proceedings of the 28th International Conference on Advances in Cryptology, EUROCRYPT, 2009.
[6]
A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: improved security analysis and alternative solutions. In Proceedings of the 31st International Conference on Advances in Cryptology, CRYPTO, 2011.
[7]
R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 19(5), 2011.
[8]
E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Key management for multi-user encrypted databases. In Proceedings of the ACM Workshop on Storage Security and Survivability, StorageSS, 2005.
[9]
E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Selective data encryption in outsourced dynamic environments. In Proceedings of the Second International Workshop on Views on Designing Complex Architectures, VODCA, 2007.
[10]
E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational dbmss. In Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS, 2003.
[11]
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. A data outsourcing architecture combining cryptography and access control. In Proceedings of the ACM Workshop on Computer Security Architecture, CSAW, 2007.
[12]
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Over-encryption: Management of access control evolution on outsourced data. In Proceedings of the 33rd International Conference on Very Large Data Bases, VLDB, 2007.
[13]
M. R. Garey and D. S. Johnson. Computers and Intractability; A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., New York, NY, USA, 1990.
[14]
C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the Symposium on Theory of Computing, STOC, 2009.
[15]
P. Grofig, M. H\"arterich, I. Hang, F. Kerschbaum, M. Kohler, A. Schaad, A. Schröpfer, and W. Tighzert. Experiences and observations on the industrial implementation of a system to search over outsourced encrypted data. In Proceedings of the Conference of the GI Security Group, SICHERHEIT, 2014.
[16]
H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In Proceedings of the 2002 ACM International Conference on Management of Data, SIGMOD, 2002.
[17]
M. Ion, G. Russello, and B. Crispo. Enforcing multi-user access policies to encrypted cloud databases. In Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY, 2011.
[18]
M. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In Proceedings of the 19th Network and Distributed System Security Symposium, NDSS, 2012.
[19]
F. Kerschbaum, P. Grofig, I. Hang, M. H\"arterich, M. Kohler, A. Schaad, A. Schröpfer, and W. Tighzert. Adjustably encrypted in-memory column-store. In Proceedings of the 20th ACM Conference on Computer and Communications Security, CCS, 2013.
[20]
F. Kerschbaum, M. H\"arterich, P. Grofig, M. Kohler, A. Schaad, A. Schröpfer, and W. Tighzert. Optimal re-encryption strategy for joins in encrypted databases. In Proceedings of the IFIP Conference on Data and Applications Security and Privacy, DBSec, 2013.
[21]
F. Kerschbaum, M. H\"arterich, M. Kohler, I. Hang, A. Schaad, A. Schröpfer, and W. Tighzert. An encrypted in-memory column-store: The onion selection problem. In Proceedings of the 9th International Conference on Information Systems Security, ICISS, 2013.
[22]
P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 18th International Conference on Advances in Cryptology, EUROCRYPT, 1999.
[23]
R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In 34th IEEE Symposium on Security and Privacy, S&P, 2013.
[24]
R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP, 2011.
[25]
R. A. Popa, E. Stark, S. Valdez, J. Helfer, N. Zeldovich, M. F. Kaashoek, and H. Balakrishnan. Securing web applications by blindfolding the server. In Proceedings of the USENIX Symposium of Networked Systems Design and Implementation, NSDI, 2014.
[26]
P. Samarati and S. De Capitani di Vimercati. Data protection in outsourcing scenarios: issues and directions. In ASIACCS, pages 1--14, 2010.
[27]
E. Shi, J. Bethencourt, H. T.-H. Chan, D. X. Song, and A. Perrig. Multi-dimensional range query over encrypted data. In Proceedings of the 2007 Symposium on Security and Privacy, S&P, 2007.
[28]
D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Proceedings of the 21st IEEE Symposium on Security and Privacy, S&P, 2000.
[29]
L. Xiao, O. Bastani, and I.-L. Yen. Security analysis for order preserving encryption schemes. Technical Report UTDCS-01--12, Department of Computer Science, University of Texas Dallas, 2012.
Index Terms
- Optimized and controlled provisioning of encrypted outsourced data
Recommendations
Verifiable Computation on Outsourced Encrypted Data
Computer Security - ESORICS 2014AbstractOn one hand, homomorphic encryption allows a cloud server to perform computation on outsourced encrypted data but provides no verifiability that the computation is correct. On the other hand, homomorphic authenticator, such as homomorphic ...
Security analysis of secure kNN and ranked keyword search over encrypted data
AbstractWong et al. proposed a novel symmetric encryption scheme in which we can find the k-nearest neighbors from encrypted data and an encrypted query. Their scheme uses a pair of encryption functions that has an inner-product preserving property. ...
Data inference from encrypted databases: a multi-dimensional order-preserving matching approach
Mobihoc '20: Proceedings of the Twenty-First International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile ComputingDue to increasing concerns of data privacy, databases are being encrypted before they are stored on an untrusted server. To enable search operations on the encrypted data, searchable encryption techniques have been proposed. Representative schemes use ...
Comments
Information & Contributors
Information
Published In
June 2014
234 pages
ISBN:9781450329392
DOI:10.1145/2613087
- General Chair:
- Sylvia Osborn,
- Program Chairs:
- Mahesh V. Tripunitara,
- Ian M. Molloy
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 June 2014
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SACMAT '14
Sponsor:
SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies
June 25 - 27, 2014
Ontario, London, Canada
Acceptance Rates
SACMAT '14 Paper Acceptance Rate 17 of 58 submissions, 29%;
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 232Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
Cited By
View all- Bkakria ACuppens FCuppens-Boulahia NGross-Amblard D(2016)Security Mechanisms Planning to Enforce Security PoliciesFoundations and Practice of Security10.1007/978-3-319-30303-1_6(85-101)Online publication date: 25-Feb-2016
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in