Advertisement

Collusion-Resistant Processing of SQL Range Predicates

  • Manish Kesarwani
  • Akshar Kaul
  • Gagandeep Singh
  • Prasad M. Deshpande
  • Jayant R. HaritsaEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10828)

Abstract

Prior solutions for securely handling SQL range predicates in outsourced cloud-resident databases have primarily focused on passive attacks in the Honest-but-Curious adversarial model, where the server is only permitted to observe the encrypted query processing. We consider here a significantly more powerful adversary, wherein the server can launch an active attack by clandestinely issuing specific range queries via collusion with a few compromised clients. The security requirement in this environment is that data values from a plaintext domain of size N should not be leaked to within an interval of size \(H\). Unfortunately, all prior encryption schemes for range predicate evaluation are easily breached with only \(O(log_2\psi )\) range queries, where \(\psi = N/H\). To address this lacuna, we present SPLIT, a new encryption scheme where the adversary requires exponentially more\(\mathbf{O}(\psi )\) – range queries to breach the interval constraint, and can therefore be easily detected by standard auditing mechanisms.

The novel aspect of SPLIT is that each value appearing in a range-sensitive column is first segmented into two parts. These segmented parts are then independently encrypted using a layered composition of a Secure Block Cipher with the Order-Preserving Encryption and Prefix-Preserving Encryption schemes, and the resulting ciphertexts are stored in separate tables. At query processing time, range predicates are rewritten into an equivalent set of table-specific sub-range predicates, and the disjoint union of their results forms the query answer. A detailed evaluation of SPLIT on benchmark database queries indicates that its execution times are well within a factor of two of the corresponding plaintext times, testifying to its efficiency in resisting active adversaries.

References

  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: Proceedings of ACM SIGMOD Conference (2004)Google Scholar
  2. 2.
    Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: Orthogonal security with cipherbase. In: Proceedings of CIDR Conference (2013)Google Scholar
  3. 3.
    Bajaj, S., Sion, R.: TrustedDB: a trusted hardware based outsourced database engine. PVLDB 4(12), 1359–1362 (2011)Google Scholar
  4. 4.
    Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-05445-7_19CrossRefGoogle Scholar
  5. 5.
    Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_13CrossRefGoogle Scholar
  6. 6.
    Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22792-9_33CrossRefGoogle Scholar
  7. 7.
    Chi, J., Hong, C., Zhang, M., Zhang, Z.: Fast multi-dimensional range queries on encrypted cloud databases. In: Candan, S., Chen, L., Pedersen, T.B., Chang, L., Hua, W. (eds.) DASFAA 2017. LNCS, vol. 10177, pp. 559–575. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-55753-3_35CrossRefGoogle Scholar
  8. 8.
    Demertzis, I., Papadopoulos, S., Papapetrou, O., Deligiannakis, A., Garofalakis, M.: Practical private range search revisited. In: Proceedings of ACM SIGMOD Conference (2016)Google Scholar
  9. 9.
    Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of ACM SIGMOD Conference (2002)Google Scholar
  10. 10.
    Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of VLDB Conference (2004)CrossRefGoogle Scholar
  11. 11.
    Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of CCS Conference (2015)Google Scholar
  12. 12.
    Li, J., Omiecinski, E.R.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: Jajodia, S., Wijesekera, D. (eds.) DBSec 2005. LNCS, vol. 3654, pp. 69–83. Springer, Heidelberg (2005).  https://doi.org/10.1007/11535706_6CrossRefzbMATHGoogle Scholar
  13. 13.
    Li, R., Liu, A.X., Wang, A.L., Bruhadeshwar, B.: Fast range query processing with strong privacy protection for cloud computing. PVLDB 7(14), 1953–1964 (2014)Google Scholar
  14. 14.
    Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: Proceedings of IEEE Symposium on Security and Privacy (2013)Google Scholar
  15. 15.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012)CrossRefGoogle Scholar
  16. 16.
    Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. PVLDB 6(5), 289–300 (2013)Google Scholar
  17. 17.
    Wong, W.K., Kao, B., Cheung, D.W., Li, R., Yiu, S.: Secure query processing with data interoperability in a cloud database environment. In: Proceedings of ACM SIGMOD Conference (2014)Google Scholar
  18. 18.
    Xu, J., Fan, J., Ammar, M.H., Moon, A.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. In: Proceedings of ICNP Conference (2002)Google Scholar
  19. 19.
  20. 20.
  21. 21.

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Manish Kesarwani
    • 1
  • Akshar Kaul
    • 1
  • Gagandeep Singh
    • 1
  • Prasad M. Deshpande
    • 2
  • Jayant R. Haritsa
    • 3
    Email author
  1. 1.IBM India Research LabBangaloreIndia
  2. 2.KENA LabsNew DelhiIndia
  3. 3.Indian Institute of ScienceBangaloreIndia

Personalised recommendations