Advertisement

Searchable Encryption to Reduce Encryption Degradation in Adjustably Encrypted Databases

  • Florian Kerschbaum
  • Martin Härterich
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10359)

Abstract

Processing queries on encrypted data protects sensitive data stored in cloud databases. CryptDB has introduced the approach of adjustable encryption for such processing. A database column is adjusted to the necessary level of encryption, e.g. order-preserving, for the set of executed queries, but never reversed. This has the drawback that long running cloud databases will eventually transform into only order-preserving encrypted databases. In this paper we propose searchable encryption as an alternative in order to reduce this encryption degradation. It maintains security while only marginally impacting performance when applied only to infrequently used queries for searching. We present a budget-based encryption selection algorithm as part of query planning for making the appropriate choice between searchable and deterministic or order-preserving encryption. We evaluate our algorithm on a long-tail distributed TPC-C benchmark on an experimental implementation of encrypted queries in an in-memory database. In one choice of parameters our algorithm incurs only a \(1.5\%\) performance penalty, but one of 15 columns is not decrypted to order-preserving or deterministic encryption. Our selection algorithm is configurable, such that higher security gains are possible at the cost of performance.

References

  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM International Conference on Management of Data, SIGMOD (2004)Google Scholar
  2. 2.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_13 CrossRefGoogle Scholar
  3. 3.
    Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_20 CrossRefGoogle Scholar
  4. 4.
    Catrina, O., Kerschbaum, F.: Fostering the uptake of secure multiparty computation in e-commerce. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, ARES (2008)Google Scholar
  5. 5.
    Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)CrossRefGoogle Scholar
  6. 6.
    Demertzis, I., Papadopoulos, S., Papapetrou, O., Deligiannakis, A., Garofalakis, M.: Practical private range search revisited. In: Proceedings of the ACM International Conference on Management of Data, SIGMOD (2016)Google Scholar
  7. 7.
    Dreier, J., Kerschbaum, F.: Practical privacy-preserving multiparty linear programming based on problem transformation. In: Proceedings of the 3rd IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT (2011)Google Scholar
  8. 8.
    Fuhry, B., Tighzert, W., Kerschbaum, F.: Encrypting analytical web applications. In: Proceedings of the 8th ACM Cloud Computing Security Workshop, CCSW (2016)Google Scholar
  9. 9.
    Hacigümüs, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Proceedings of the 9th International Conference on Database Systems for Advances Applications, DASFAA (2004)Google Scholar
  10. 10.
    Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM International Conference on Management of Data, SIGMOD (2002)Google Scholar
  11. 11.
    Hahn, F., Kerschbaum, F.: Searchable encryption with secure and efficient updates. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS (2014)Google Scholar
  12. 12.
    Hahn, F., Kerschbaum, F.: Poly-logarithmic range queries on encrypted data with small leakage. In: Proceedings of the 8th ACM Cloud Computing Security Workshop, CCSW (2016)Google Scholar
  13. 13.
    Hang, I., Kerschbaum, F., Damiani, E.: Enki: access control for encrypted query processing. In: Proceedings of the ACM International Conference on Management of Data, SIGMOD (2015)Google Scholar
  14. 14.
    Jawurek, M., Kerschbaum, F., Danezis, G.: SOK: privacy technologies for smart grids - a survey of options. Technical report MSR-TR-2012-119, Microsoft (2012)Google Scholar
  15. 15.
    Kerschbaum, F.: Building a privacy-preserving benchmarking enterprise system. Enterp. Inf. Syst. 2(4), 421–441 (2008)CrossRefGoogle Scholar
  16. 16.
    Kerschbaum, F.: Practical privacy-preserving benchmarking. In: Proceedings of the IFIP International Information Security Conference, SEC (2008)Google Scholar
  17. 17.
    Kerschbaum, F.: A verifiable, centralized, coercion-free reputation system. In: Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, WPES (2009)Google Scholar
  18. 18.
    Kerschbaum, F.: An access control model for mobile physical objects. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, SACMAT (2010)Google Scholar
  19. 19.
    Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS (2015)Google Scholar
  20. 20.
    Kerschbaum, F., Dahlmeier, D., Schröpfer, A., Biswas, D.: On the practical importance of communication complexity for secure multi-party computation protocols. In: Proceedings of the ACM Symposium on Applied Computing, SAC (2009)Google Scholar
  21. 21.
    Kerschbaum, F., Oertel, N.: Privacy-preserving pattern matching for anomaly detection in RFID anti-counterfeiting. In: Proceedings of the International Workshop on Radio Frequency Identification: Security and Privacy Issues, RFIDSec (2010)Google Scholar
  22. 22.
    Kerschbaum, F., Schneider, T., Schröpfer, A.: Automatic protocol selection in secure two-party computations. In: Proceedings of the 12th International Conference on Applied Cryptography and Network Security, ACNS (2014)Google Scholar
  23. 23.
    Kerschbaum, F., Schröpfer, A.: Optimal average-complexity ideal-security order-preserving encryption. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS (2014)Google Scholar
  24. 24.
    Kerschbaum, F., Schröpfer, A., Zilli, A., Pibernik, R., Catrina, O., de Hoogh, S., Schoenmakers, B., Cimato, S., Damiani, E.: Secure collaboratiue supply-chain management. IEEE Comput. 44(9), 38–43 (2011)CrossRefGoogle Scholar
  25. 25.
    Kerschbaum, F., Sorniotti, A.: RFID-based supply chain partner authentication and key agreement. In: Proceedings of the 2nd ACM Conference on Wireless Network Security, WISEC (2009)Google Scholar
  26. 26.
    Kerschbaum, F., Terzidis, O.: Filtering for private collaborative benchmarking. In: Proceedings of the International Conference on Emerging Trends in Information and Communication Security, ETRICS (2006)Google Scholar
  27. 27.
    Naveed, M., Kamara, S., Wright, C.: Inference attacks on property-preserving encrypted databases. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS (2014)Google Scholar
  28. 28.
    Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: Proceedings of the 34th IEEE Symposium on Security and Privacy, S&P (2013)Google Scholar
  29. 29.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP (2011)Google Scholar
  30. 30.
    Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. In: Proceedings of the 39th International Conference on Very Large Data Bases, PVLDB (2013)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.University of WaterlooWaterlooCanada
  2. 2.SAPKarlsruheGermany

Personalised recommendations