Privacy by Encrypted Databases

  • Patrick Grofig
  • Isabelle Hang
  • Martin Härterich
  • Florian Kerschbaum
  • Mathias Kohler
  • Andreas Schaad
  • Axel Schröpfer
  • Walter Tighzert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8450)


There are a few reliable privacy mechanisms for cloud applications. Data usually needs to be decrypted in order to be processed by the cloud service provider. In this paper we explore how an encrypted database can (technically) ensure privacy. We study the use case of a mobile personalized healthcare app. We show that an encrypted database can ensure data protection against a cloud service provider. Furthermore we show that if privacy is considered in application design, higher protection levels can be achieved, although encrypted database are a transparent privacy and security mechanism.


Cryptography Encrypted Databases Healthcare Privacy by Design 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, D., Abbadi, A.E., Emekçi, F., Metwally, A.: Database management as a service: challenges and opportunities. In: Proceedings of the 25th International Conference on Data Engineering, ICDE (2009)Google Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM International Conference on Management of Data, SIGMOD (2004)Google Scholar
  3. 3.
    Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Catrina, O., Kerschbaum, F.: Fostering the uptake of secure multiparty computation in e-commerce. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, ARES (2008)Google Scholar
  7. 7.
    Chaves, L.W.F., Kerschbaum, F.: Industrial privacy in rfid-based batch recalls. In: Proceedings of the International Workshop on Security and Privacy in Enterprise Computing, INSPEC (2008)Google Scholar
  8. 8.
    Curino, C., Jones, E.P.C., Popa, R.A., Malviya, N., Wu, E., Madden, S., Balakrishnan, H., Zeldovich, N.: Relational cloud: A database-as-a-service for the cloud. In: Proceedings of the 5th Conference on Innovative Data Systems Research, CIDR (2011)Google Scholar
  9. 9.
    Re. Curtmola, J., Garay, S., Kamara, R.: Ostrovsky.: Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security 19(5) (2011)Google Scholar
  10. 10.
    Dreier, J., Kerschbaum, F.: Practical privacy-preserving multiparty linear programming based on problem transformation. In: Proceedings of the 3rd IEEE International Conference on Privacy, Security, Risk and Trust, PASSA (2011)Google Scholar
  11. 11.
    Hacigümüs, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing sql over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM International Conference on Management of Data, SIGMOD (2002)Google Scholar
  13. 13.
    Hacigümüs, H., Mehrotra, S., Iyer, B.R.: Providing database as a service. In: Proceedings of the 18th International Conference on Data Engineering, ICDE (2002)Google Scholar
  14. 14.
    Islam, M., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: Proceedings of the 19th Network and Distributed System Security Symposium, NDSS (2012)Google Scholar
  15. 15.
    Kerschbaum, F.: Simple cross-site attack prevention. In: Proceedings of the 3rd International Conference on Security and Privacy in Communications Networks, SECURECOMM (2007)Google Scholar
  16. 16.
    Kerschbaum, F.: Building a privacy-preserving benchmarking enterprise system. Enterprise Information Systems 2(4) (2008)Google Scholar
  17. 17.
    Kerschbaum, F.: An access control model for mobile physical objects. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, SACMAT (2010)Google Scholar
  18. 18.
    Kerschbaum, F.: Automatically optimizing secure computation. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS (2011)Google Scholar
  19. 19.
    Kerschbaum, F., Biswas, D., de Hoogh, S.: Performance comparison of secure comparison protocols. In: Proceedings of the International Workshop on Business Processes Security, WSBPS (2009)Google Scholar
  20. 20.
    Kerschbaum, F., Härterich, M., Grofig, P., Kohler, M., Schaad, A., Schröpfer, A., Tighzert, W.: Optimal re-encryption strategy for joins in encrypted databases. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 195–210. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  21. 21.
    Kerschbaum, F., Härterich, M., Kohler, M., Hang, I., Schaad, A., Schröpfer, A., Tighzert, W.: An encrypted in-memory column-store: the onion selection problem. In: Bagchi, A., Ray, I. (eds.) ICISS 2013. LNCS, vol. 8303, pp. 14–26. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  22. 22.
    Kerschbaum, F., Oertel, N.: Privacy-preserving pattern matching for anomaly detection in rfid anti-counterfeiting. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 124–137. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Kerschbaum, F., Sorniotti, A.: Rfid-based supply chain partner authentication and key agreement. In: Proceedings of the 2nd ACM Conference on Wireless Network Security, WISEC (2009)Google Scholar
  24. 24.
    Kerschbaum, F., Terzidis, O.: Filtering for private collaborative benchmarking. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 409–422. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–228. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  26. 26.
    Pibernik, R., Zhang, Y., Kerschbaum, F., Schröpfer, A.: Secure collaborative supply chain planning and inverse optimization–the jels model. European Journal of Operational Research 208(1) (2011)Google Scholar
  27. 27.
    Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over gf(p) and its cryptographic significance. IEEE Transactions on Information Theory 24(1), 106–110 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  28. 28.
    Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: Proceedings of the 34th IEEE Symposium on Security and Privacy (2013)Google Scholar
  29. 29.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP (2011)Google Scholar
  30. 30.
    Schröpfer, A., Kerschbaum, F., Müller, G.: L1 – an intermediate language for mixed-protocol secure computation. In: Proceedings of the 35th IEEE Computer Software and Applications Conference, COMPSAC (2011)Google Scholar
  31. 31.
    Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. In: Proceedings of the 39th International Conference on Very Large Data Bases, PVLDB (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Patrick Grofig
    • 1
  • Isabelle Hang
    • 1
  • Martin Härterich
    • 1
  • Florian Kerschbaum
    • 1
  • Mathias Kohler
    • 1
  • Andreas Schaad
    • 1
  • Axel Schröpfer
    • 1
  • Walter Tighzert
    • 1
  1. 1.SAPKarlsruheGermany

Personalised recommendations