Skip to main content

Long White Cloud (LWC): A Practical and Privacy-Preserving Outsourced Database

  • Conference paper
  • First Online:
Information Security Theory and Practice (WISTP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10741))

  • 731 Accesses

Abstract

To fully benefit from a cloud storage approach, privacy in outsourced databases needs to be preserved in order to protect information about individuals and organisations from malicious cloud providers. As shown in recent studies [1, 2], encryption alone is insufficient to prevent a malicious cloud provider from analysing data access patterns and mounting statistical inference attacks on encrypted databases. In order to thwart such attacks, actions performed on outsourced databases need to be oblivious to cloud service providers. Approaches, such as Fully Homomorphic Encryption (FHE), Oblivious RAM (ORAM), or Secure Multi-Party Computation (SMC) have been proposed but they are still not practical. This paper investigates and proposes a practical privacy-preserving scheme, named Long White Cloud (LWC), for outsourced databases with a focus on providing security against statistical inferences. Performance is a key issue in the search and retrieval of encrypted databases. LWC supports logarithmic-time insert, search and delete queries executed by outsourced databases with minimised information leakage to curious cloud service providers. As a proof-of-concept, we have implemented LWC and compared it with a plaintext MySQL database: even with a database size of 10M records, our approach shows only a 10-time slowdown factor.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: Ray, I., Li, N., Kruegel, C. (eds.) SIGSAC 2015, pp. 668–679. ACM (2015)

    Google Scholar 

  2. Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Ray, I., Li, N., Kruegel, C. (eds.) SIGSAC 2015, pp. 644–655. ACM (2015)

    Google Scholar 

  3. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: S&P 2000, pp. 44–55. IEEE Computer Society (2000)

    Google Scholar 

  4. Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: NDSS 2012. The Internet Society (2012)

    Google Scholar 

  5. Ostrovsky, R.: Efficient computation on oblivious rams. In: Ortiz, H. (ed.) STOC 1990, pp. 514–523. ACM (1990)

    Google Scholar 

  6. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431–473 (1996)

    Article  MathSciNet  Google Scholar 

  7. Stefanov, E., van Dijk, M., Shi, E., Fletcher, C.W., Ren, L., Yu, X., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) SIGSAC 2013, pp. 299–310. ACM (2013)

    Google Scholar 

  8. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)

    Article  MathSciNet  Google Scholar 

  9. Williams, P., Sion, R.: Usable PIR. In: NDSS 2008. The Internet Society (2008)

    Google Scholar 

  10. Asghar, M.R., Russello, G., Crispo, B., Ion, M.: Supporting complex queries and access policies for multi-user encrypted databases. In: Juels, A., Parno, B. (eds.) CCSW 2013, pp. 77–88. ACM (2013)

    Google Scholar 

  11. Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: NDSS 2013, vol. 71, pp. 72–75 (2013)

    Google Scholar 

  12. Ishai, Y., Kushilevitz, E., Lu, S., Ostrovsky, R.: Private large-scale databases with distributed searchable symmetric encryption. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 90–107. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_6

    Chapter  Google Scholar 

  13. Cui, S., Asghar, M.R., Galbraith, S.D., Russello, G.: Secure and practical searchable encryption: a position paper. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 266–281. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60055-0_14

    Chapter  MATH  Google Scholar 

  14. Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) CCS 2006, pp. 79–88. ACM (2006)

    Google Scholar 

  15. Kamara, S., Papamanthou, C.: Parallel and dynamic searchable symmetric encryption. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 258–274. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_22

    Chapter  Google Scholar 

  16. Jannink, J.: Implementing deletion in B+-trees. SIGMOD Rec. 24, 33–38 (1995)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Shujie Cui .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cui, S., Zhang, M., Asghar, M.R., Russello, G. (2018). Long White Cloud (LWC): A Practical and Privacy-Preserving Outsourced Database. In: Hancke, G., Damiani, E. (eds) Information Security Theory and Practice. WISTP 2017. Lecture Notes in Computer Science(), vol 10741. Springer, Cham. https://doi.org/10.1007/978-3-319-93524-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-93524-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-93523-2

  • Online ISBN: 978-3-319-93524-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics