Self-Enforcing Access Control for Encrypted RDF

  • Javier D. Fernández
  • Sabrina Kirrane
  • Axel Polleres
  • Simon SteyskalEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10249)


The amount of raw data exchanged via web protocols is steadily increasing. Although the Linked Data infrastructure could potentially be used to selectively share RDF data with different individuals or organisations, the primary focus remains on the unrestricted sharing of public data. In order to extend the Linked Data paradigm to cater for closed data, there is a need to augment the existing infrastructure with robust security mechanisms. At the most basic level both access control and encryption mechanisms are required. In this paper, we propose a flexible and dynamic mechanism for securely storing and efficiently querying RDF datasets. By employing an encryption strategy based on Functional Encryption (FE) in which controlled data access does not require a trusted mediator, but is instead enforced by the cryptographic approach itself, we allow for fine-grained access control over encrypted RDF data while at the same time reducing the administrative overhead associated with access control management.


  1. 1.
    Abadi, D.J., Marcus, A., Madden, S.R., Hollenbach, K.: Scalable semantic web data management using vertical partitioning. In: Proceedings of Very Large Data Bases, pp. 411–422 (2007)Google Scholar
  2. 2.
    Abdalla, M., Bourse, F., Caro, A., Pointcheval, D.: Simple functional encryption schemes for inner products. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 733–751. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_33CrossRefGoogle Scholar
  3. 3.
    Arias, M., Fernández, J.D., Martínez-Prieto, M.A., de la Fuente, P.: An empirical study of real-world SPARQL queries. arXiv preprint arXiv:1103.5043 (2011)
  4. 4.
    Cash, D., Jaeger, J., Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.-C., Steiner, M.: Dynamic searchable encryption in very-large databases: data structures and implementation. IACR Cryptology ePrint Archive, 2014:853 (2014)Google Scholar
  5. 5.
    Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_20CrossRefGoogle Scholar
  6. 6.
    Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005). doi: 10.1007/11496137_30CrossRefGoogle Scholar
  7. 7.
    Chase, M., Shen, E.: Pattern matching encryption. IACR Cryptology ePrint Archive, 2014:638 (2014)Google Scholar
  8. 8.
    Cudré-Mauroux, P., et al.: NoSQL databases for RDF: an empirical evaluation. In: Alani, H., et al. (eds.) ISWC 2013. LNCS, vol. 8219, pp. 310–325. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41338-4_20CrossRefGoogle Scholar
  9. 9.
    Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of Computer and Communications Security, pp. 79–88 (2006)Google Scholar
  10. 10.
    da Rocha Pinto, P., Dinsdale-Young, T., Dodds, M., Gardner, P., Wheelhouse, M.J.: A simple abstraction for complex concurrent indexes. In: Proceedings of Object-Oriented Programming, Systems, Languages, and Applications, pp. 845–864 (2011)Google Scholar
  11. 11.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    De Caro, A., Iovino, V.: JPBC: Java pairing based cryptography. In: Proceedings of IEEE Symposium on Computers and Communications, pp. 850–855 (2011)Google Scholar
  13. 13.
    De Capitani di Vimercati, S., Foresti, S., Livraga, G., Samarati, P.: Practical techniques building on encryption for protecting and managing data in the cloud. In: Ryan, P.Y.A., Naccache, D., Quisquater, J.-J. (eds.) The New Codebreakers - Essays Dedicated to David Kahn on the Occasion of His 85th Birthday. LNCS, vol. 9100, pp. 205–239. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49301-4_15CrossRefzbMATHGoogle Scholar
  14. 14.
    Fernández, J.D., Martínez-Prieto, M.A., Gutiérrez, C., Polleres, A., Arias, M.: Binary RDF representation for publication and exchange (HDT). J. Web Seman. 19, 22–41 (2013)CrossRefGoogle Scholar
  15. 15.
    Gentry, C., et al.: Fully homomorphic encryption using ideal lattices. In: Proceedings of ACM Symposium on Theory of Computing, vol. 9, pp. 169–178 (2009)Google Scholar
  16. 16.
    Gerbracht, S.: Possibilities to encrypt an RDF-Graph. In: Proceedings of Information and Communication Technologies: From Theory to Applications, pp. 1–6 (2008)Google Scholar
  17. 17.
    Giereth, M.: On partial encryption of RDF-Graphs. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 308–322. Springer, Heidelberg (2005). doi: 10.1007/11574620_24CrossRefGoogle Scholar
  18. 18.
    Guo, Y., Pan, Z., Heflin, J.: LUBM: a benchmark for OWL knowledge base systems. J. Web Seman. 3(2), 158–182 (2005)CrossRefGoogle Scholar
  19. 19.
    Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898 (Informational), September 2000Google Scholar
  20. 20.
    Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 258–274. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39884-1_22CrossRefGoogle Scholar
  21. 21.
    Kasten, A., Scherp, A., Armknecht, F., Krause, M.: Towards search on encrypted graph data. In: Proceedings of the International Conference on Society, Privacy and the Semantic Web-Policy and Technology, pp. 46–57 (2013)Google Scholar
  22. 22.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. J. Cryptology 26(2), 191–224 (2013)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Kirrane, S., Mileo, A., Decker, S.: Access control and the resource description framework: a survey. Seman. Web 8(2), 311–352 (2017). doi: 10.3233/SW-160236. Scholar
  24. 24.
    Kurosawa, K., Phong, L.T.: Kurosawa-desmedt key encapsulation mechanism, revisited. IACR Cryptology ePrint Archive, 2013:765 (2013)Google Scholar
  25. 25.
    Ladwig, G., Harth, A.: CumulusRDF: linked data management on nested key-value stores. In: Proceedings of Scalable Semantic Web Knowledge Base Systems, p. 30 (2011)Google Scholar
  26. 26.
    Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_4CrossRefGoogle Scholar
  27. 27.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi: 10.1007/3-540-48910-X_16CrossRefGoogle Scholar
  28. 28.
    Popa, R., Zeldovich, N., Balakrishnan, H.: Cryptdb: a practical encrypted relational dbms. Technical report, MIT-CSAIL-TR–005 (2011)Google Scholar
  29. 29.
    Sagiv, Y.: Concurrent operations on B*-trees with overtaking. J. Comput. Syst. Sci. 33(2), 275–296 (1986)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: Proceedings of Network and Distributed System Security, vol. 14, pp. 23–26 (2014)Google Scholar
  31. 31.
    Verborgh, R., Vander Sande, M., Hartig, O., Van Herwegen, J., De Vocht, L., De Meester, B., Haesendonck, G., Colpaert, P.: Triple pattern fragments: a low-cost knowledge graph interface for the Web. J. Web Seman. 37–38, 184–206 (2016)CrossRefGoogle Scholar
  32. 32.
    Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of World Wide Web, pp. 531–540 (2009)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Javier D. Fernández
    • 1
    • 2
  • Sabrina Kirrane
    • 1
  • Axel Polleres
    • 1
    • 2
  • Simon Steyskal
    • 1
    • 3
    Email author
  1. 1.Vienna University of Economics and BusinessViennaAustria
  2. 2.Complexity Science Hub ViennaViennaAustria
  3. 3.Siemens AG ÖsterreichViennaAustria

Personalised recommendations