An Index Structure for Private Data Outsourcing

  • Aaron Steele
  • Keith B. Frikken
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6818)


Data outsourcing provides companies a cost effective method for their data to be stored, managed, and maintained by a third-party. Data outsourcing offers many economical benefits, but also introduces several privacy concerns. Many solutions have been proposed for maintaining privacy while outsourcing data in the data as plain-text model. We propose a method that can maintain a similar level of privacy while improving upon the query performance of previous solutions. The motivating principle behind our solution is that if the data owner possesses a small amount of secure local storage, it can be used as a pseudo-index table to improve query performance for selection queries involving conjunctions. We offer a heuristic approach for calculating the required storage resources and provide experimental analysis of the scheme.


Data Outsourcing Privacy Indexing 


  1. 1.
    Aggarwal, G., Bawa, M., Ganesan, P., Garcia-molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: Proc. CIDR (2005)Google Scholar
  2. 2.
    Cesell, A., Damiani, E., De Capitani Di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inf. Syst. Secur. 8, 119–152 (2005)CrossRefGoogle Scholar
  3. 3.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation design for efficient query execution over sensitive distributed databases. In: 29th IEEE International Conference on Distributed Computing Systems, ICDCS 2009, pp. 32–39 (22-26, 2009)Google Scholar
  4. 4.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. In: ACM TISSEC (2010)Google Scholar
  5. 5.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Enforcing confidentiality constraints on sensitive databases with lightweight trusted clients. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 225–239. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    De Capitani di Vimercati, S., Foresti, S.: Privacy of outsourced data. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) IFIP AICT, vol. 320, pp. 174–187. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Iyer, B., Hacigümüş, H., Mehrotra, S.: Providing database as a service. In: Proc. of ICDE (2002)Google Scholar
  9. 9.
    Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in the database-service-provider model. In: SIGMOD 2002: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, pp. 216–227. ACM, New York (2002)CrossRefGoogle Scholar
  10. 10.
    Kantarcioglu, M., Clifton, C.: Security issues in querying encrypted data. Technical Report TR-04-013, Purdue University (2004)Google Scholar
  11. 11.
    Samarati, P., De Capitani di Vimercati, S.: Data protection in outsourcing scenarios: Issues and directions. In: ASIACCS 2010: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 1–14. ACM, New York (2010)CrossRefGoogle Scholar
  12. 12.
    Agrawaland, R., Srikant, R.: Privacy-preserving data mining. SIGMOD Rec. 29, 439–450 (2000)CrossRefGoogle Scholar
  13. 13.
    Wang, H., Lakshmanan, L.: Efficient secure query evaluation over encrypted xml databases. In: Proceedings of the 32nd International Conference on Very Large Data Bases, VLDB 2006, pp. 127–138. VLDB Endowment (2006)Google Scholar
  14. 14.
    Xiong, L., Chitti, S., Liu, L.: Preserving data privacy in outsourcing data aggregation services. ACM Trans. Internet Technol. 7(3), 17 (2007)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Aaron Steele
    • 1
  • Keith B. Frikken
    • 1
  1. 1.Department of Computer Science and Software EngineeringMiami UniversityOxford

Personalised recommendations