Abstract
Security and privacy concerns as well as legal considerations force many companies to encrypt the sensitive data in databases. However, storing the data in an encrypted format entails non-negligible performance penalties while processing queries. In this paper, we address several design issues related to querying encrypted data in relational databases. Based on our experiments, we propose new and efficient techniques to reduce the cost of cryptographic operations while processing different types of queries. Our techniques enable us not only to overlap the cryptographic operations with the IO latencies but also to reduce the number of block cipher operations with the help of selective decryption capabilities.
Keywords
- Block Cipher
- Encrypt Data
- Sensitive Attribute
- Cryptographic Operation
- Encryption Mode
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Chapter PDF
References
Jr, T.Z.: An ominous milestone: 100 million data leaks. New York Times (December 18,2006)
Trinanes, J.A.: Database security in high risk environments.Technical report, governmentsecurity.org (2005), http://www.governmentsecurity.org/articles/DatabaseSecurityinHighRiskEn%vironments.php
Standard for privacy of individually identifiable health information. Federal Register 67(157), 53181–53273 (2002)
California database security breach notification act (September 2002), http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_%_20020926_chaptered.html
Microsoft: Security features in microsoft sql server 2005. Technical report, Microsoft Corporation (2005), http://www.microsoft.com/sql/2005/productinfo/
IBM: Ibm data encryption for ims and db2 databases. Technical report, IBM Corporation (2006), http://www-306.ibm.com/software/data/db2imstools/db2tools/ibmencrypt.html
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France, June 13-18, 2004, ACM Press, New York (2004)
Bayer, R., Metzger, J.K.: On the encipherment of search trees and random access files. ACM Trans. Database Syst. 1(1), 37–52 (1976), http://doi.acm.org/10.1145/320434.320445
Hardjono, T., Seberry, J.: Search key substitution in the encipherment of b-trees. In: McLeod, D., Sacks-Davis, R., Schek, H.J. (eds.) 16th International Conference on Very Large Data Bases, Brisbane, Queensland, Australia, Proceedings, August 13-16, 1990, pp. 50–58. Morgan Kaufmann (1990)
Hacigumus, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, June 4-6, 2002, pp. 216–227. ACM Press, New York (2002), http://doi.acm.org/10.1145/564691.564717
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of the 30th International Conference on Very Large Data Bases, Morgan Kaufmann Publishers Inc., San Francisco (2004)
Damiani, E., Vimercati, S.D.C., Jodia, S.J., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational dbmss. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 93–102. ACM Press, New York (2003), http://doi.acm.org/10.1145/948109.948124
Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A framework for efficient storage security in rdbms. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, Springer, Heidelberg (2004)
Elovici, Y., Shmueli, E., nberg, R.W., Gudes, E.: A structure preserving database encryption scheme. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, Springer, Heidelberg (2004), http://www.extra.research.philips.com/sdm-workshop/RonenSDM.pdf
NIST: Advanced encryption standard (aes). Technical Report NIST Special Publication FIPS-197, National Institute of Standards and Technology (2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Recommendation for block cipher modes of operation methods and techniques. Technical Report NIST Special Publication 800-38A, National Institute of Standards and Technology (2001), http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Data encryption standard (des). Technical Report FIPS PUB 46-2, National Institutes of Standards and Technology (1988)
Schneier, B.: The blowfish encryption algorithm. Dr. Dobb’s Journal, 38–40 (April 1994)
Lipmaa, H., Rogaway, P., Wagner, D.: Ctr-mode encryption. In: NIST, Computer Security Resource Center, First Modes of Operation Workshop (2000), http://csrc.nist.gov/CryptoToolkit/modes/workshop1/papers/lipmaa-ctr.pdf
Cox, M., Engelschall, R., Henson, S., Laurie, B.: The OpenSSL Project, http://www.openssl.org/
IBM: Table Space Design, http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp?topic=/com%.ibm.db2.udb.admin.doc/doc/c0004935.htm
Lipmaa, H.: A cipher for muldimedia architectures? In: Tavares, S., Meijer, H. (eds.) Selected Areas in Cryptography 1998, Springer, Heidelberg (1998)
Ailamaki, A., DeWitt, D.J., Hill, M.D., Skounakis, M.: Weaving relations for cache performance. In: Proceedings of the 27th International Conference on Very Large Data Bases, pp. 169–180. Morgan Kaufmann Publishers Inc, San Francisco (2001)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Canim, M., Kantarcioglu, M. (2007). Design and Analysis of Querying Encrypted Data in Relational Databases. In: Barker, S., Ahn, GJ. (eds) Data and Applications Security XXI. DBSec 2007. Lecture Notes in Computer Science, vol 4602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73538-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-73538-0_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73533-5
Online ISBN: 978-3-540-73538-0
eBook Packages: Computer ScienceComputer Science (R0)