Advertisement

Designing Secure Indexes for Encrypted Databases

  • Erez Shmueli
  • Ronen Waisenberg
  • Yuval Elovici
  • Ehud Gudes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3654)

Abstract

The conventional way to speedup queries execution is by using indexes. Designing secure indexes for an encrypted database environment raises the question of how to construct the index so that no information about the database content is exposed. In this paper, the challenges raised when designing a secure index for an encrypted database are outlined; the attacker model is described; possible attacks against secure indexes are discussed; the difficulty posed by multiple users sharing the same index are presented; and the design considerations regarding keys storage and encryption granularity are illustrated. Finally, a secure database-indexing scheme is suggested. In this scheme, protection against information leakage and unauthorized modifications is provided by using encryption, dummy values and pooling. Furthermore, the new scheme supports discretionary access control in a multi-user environment.

References

  1. 1.
    Damiani, E.: De Capitani diVimercati, S., Jajodia, S., Paraboschi, S. and Samarati, P.: Balancing Confidentiality and Efficiency in Untrusted Relational DBMSs.In: CCS?’ 2003, Washington, 27-31 (2003)Google Scholar
  2. 2.
    Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A Framework for Efficient Storage Security in RDBMS. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 147–164. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Davida, G.I., Wells, D.L., Kam, J.B.: A Database Encryption System with subkeys. ACM Trans. Database Syst. 6, 312–328 (1981)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Elovici, Y., Waisenberg, R., Shmueli, E., Gudes, E.: A Structure Preserving Database Encryption Scheme. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 28–40. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Ramakrishnan, R., Gehrke, J.: Database Management Systems. McGraw-Hill, New York (2000)zbMATHGoogle Scholar
  6. 6.
    Spring, T.: Google Desktop Search: Security Threat? (October 2004), http://blogs.pcworld.com/staffblog/archives/000264.html
  7. 7.
    Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the ACM SIGMOD 2002, Madison, USA (2002)Google Scholar
  8. 8.
    Bayer, R., Metzger, J.K.: On the Encipherment of Search Trees and Random Access Files. ACM Trans Database Systems 1, 37–52 (1976)CrossRefGoogle Scholar
  9. 9.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order Preserving Encryption for Numeric Data. In: Proc. of the ACM SIGMOD 2004, Paris, France (2004)Google Scholar
  10. 10.
    Bouganim, L., Pucheral, P.: Chip-secured data access: confidential data on untrusted servers. In: Proc. of the 28th Int. Conference on Very Large Data Bases, Hong Kong, China, pp. 131–142 (2002)Google Scholar
  11. 11.
    Vingralek, R.: Gnatdb: A small-footprint, secure database system. In: Proc. of the 28th Int’l. Conference on Very Large Databases, Hong Kong, China (August 2002), pp. 884–893 (2002)Google Scholar
  12. 12.
    Hore, B., Mehrotra, S., Tsudik, G.: A Privacy Preserving Index for Range Queries. In: Proc. of the 30th International Conference on Very Large Data Bases, Toronto, Canada, pp. 720–731 (2004)Google Scholar
  13. 13.
    Song, D.X., Wagner, D., Perrig, A.: Practical Techniques for Searches on Encrypted Data. In: Proc. of the 2000 IEEE Security and Privacy Symposium, May 2000 (2000)Google Scholar
  14. 14.
    Jermine, C., Datta, A., Omiecinski, E.: A Novel Index Supporting High Volume Data Warehouse Insertions. In: Proc. of the 25th Int. Conference on Very Large Data Bases, Edinburgh, Scotland, pp. 235–245 (1999)Google Scholar
  15. 15.
    Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security 5(3), 290–331 (2002)CrossRefGoogle Scholar
  16. 16.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  17. 17.
    Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  18. 18.
    National Bureau of Standards. Data Encryption Standard. FIPS, NBS (1977)Google Scholar
  19. 19.
    Database Encryption in Oracle9iTM. An Oracle Technical White Paper (2001)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Erez Shmueli
    • 1
  • Ronen Waisenberg
    • 1
  • Yuval Elovici
    • 1
  • Ehud Gudes
    • 2
  1. 1.Department of Information Systems EngineeringBen-Gurion University of the Negev, Faculty of EngineeringBeer-ShevaIsrael
  2. 2.Department of Computer ScienceBen-Gurion University of the NegevBeer-ShevaIsrael

Personalised recommendations