Abstract
Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k = 8.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proc. ACM SIGMOD, pp. 563–574 (2004)
Stefanov, E., Shi, E., Song, D.: Towards practical oblivious RAM. In: Proc. NDSS (2012)
Hadavi, M., Jalili, R.: Secure Data Outsourcing Based on Threshold Secret Sharing; Towards a More Practical Solution. In: Proc. VLDB PhD Workshop, pp. 54–59 (2010)
Agrawal, D., El Abbadi, A., Emekci, F., Metwally, A., Wang, S.: Secure Data Management Service on Cloud Computing Infrastructures. In: Agrawal, D., Candan, K.S., Li, W.-S. (eds.) Information and Software as Services. LNBIP, vol. 74, pp. 57–80. Springer, Heidelberg (2011)
Tian, X., Sha, C., Wang, X., Zhou, A.: Privacy Preserving Query Processing on Secret Share Based Data Storage. In: Yu, J.X., Kim, M.H., Unland, R. (eds.) DASFAA 2011, Part I. LNCS, vol. 6587, pp. 108–122. Springer, Heidelberg (2011)
Shamir, A.: How to share a secret. Communications of the ACM, 612–613 (1979)
Agrawal, D., El Abbadi, A., Emekci, F., Metwally, A.: Database Management as a Service: Challenges and Opportunities. In: Proc. ICDE Workshop on Information and Software as Services, pp. 1709–1716 (2009)
Kantarcıoǧlu, M., Clifton, C.: Security Issues in Querying Encrypted Data. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 325–337. Springer, Heidelberg (2005)
Buchberger, B., Winkler, F.: Gröbner bases and applications. Cambridge University Press (1998)
Fang, X., Havas, G.: On the worst-case complexity of integer gaussian elimination. In: Proceedings of the 1997 International Symposium on Symbolic and Algebraic Computation, pp. 28–31. ACM (1997)
Stein, J.: Computational problems associated with racah algebra. Journal of Computational Physics 1(3), 397–405 (1967)
Booth, K.S., Lueker, G.S.: Testing for the consecutive ones property, interval graphs, and graph planarity using PQ-tree algorithms. J. Comput. System Sci. 13(3), 335–379 (1976)
County of riverside class and salary listing (February 2012), http://www.rc-hr.com/HRDivisions/Classification/tabid/200/ItemId/2628/Default.aspx
Rabin, M.: Probabilistic algorithm for testing primality. Journal of Number Theory 12(1), 128–138 (1980)
Mykletun, E., Tsudik, G.: Aggregation Queries in the Database-As-a-Service Model. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 89–103. Springer, Heidelberg (2006)
Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. ACM SIGMOD, pp. 216–227 (2002)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a Few: Outsourcing Data While Maintaining Confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)
Nergiz, A.E., Clifton, C.: Query Processing in Private Data Outsourcing Using Anonymization. In: Li, Y. (ed.) DBSec 2011. LNCS, vol. 6818, pp. 138–153. Springer, Heidelberg (2011)
Emekci, F., Agrawal, D., Abbadi, A., Gulbeden, A.: Privacy preserving query processing using third parties. In: Proc. ICDE, p. 27. IEEE (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Dautrich, J.L., Ravishankar, C.V. (2012). Security Limitations of Using Secret Sharing for Data Outsourcing. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-31540-4_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31539-8
Online ISBN: 978-3-642-31540-4
eBook Packages: Computer ScienceComputer Science (R0)