Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2007: Data and Applications Security XXI pp 14–30Cite as

  1. Home
  2. Data and Applications Security XXI
  3. Conference paper
Provably-Secure Schemes for Basic Query Support in Outsourced Databases

Provably-Secure Schemes for Basic Query Support in Outsourced Databases

  • Georgios Amanatidis1,
  • Alexandra Boldyreva1 &
  • Adam O’Neill1 
  • Conference paper

  • 1543 Accesses

  • 30 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4602)

Abstract

In this paper, we take a closer look at the security of outsourced databases (aka Database-as-the-Service or DAS), a topic of emerging importance. DAS allows users to store sensitive data on a remote, untrusted server and retrieve desired parts of it on request. At first we focus on basic, exact-match query functionality, and then extend our treatment to prefix-matching and, to a more limited extent, range queries as well. We propose several searchable encryption schemes that are not only practical enough for use in DAS in terms of query-processing efficiency but also provably-provide privacy and authenticity of data under new definitions of security that we introduce. The schemes are easy to implement and are based on standard cryptographic primitives such as block ciphers, symmetric encryption schemes, and message authentication codes. As we are some of the first to apply the provable-security framework of modern cryptography to this context, we believe our work will help to properly analyze future schemes and facilitate further research on the subject in general.

Keywords

  • Hash Function
  • Encryption Scheme
  • Range Query
  • Block Cipher
  • Encrypt Data

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Chapter PDF

Download to read the full chapter text

References

  1. The final HIPAA security rule. Federal Register (2003), Available at http://www.hipaadvisory.com/regs/finalsecurity/index.htm

  2. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: CIDR 2005 (2005)

    Google Scholar 

  3. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: SIGMOD 2004 (2004)

    Google Scholar 

  4. Amanatidis, G., Boldyreva, A., O’Neill, A.: New security models and provably-secure schemes for basic query support in outsourced databases. A full version of this paper (2007), Available at www-static.cc.gatech.edu/~aboldyre/publications.html

  5. An, J.-H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, Springer, Heidelberg (2002)

    Google Scholar 

  6. Bellare, M.: Practice-oriented provable-security. In: Information Security Workshop, ISW (1997)

    Google Scholar 

  7. Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  8. Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online ciphers and the Hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)

    Google Scholar 

  9. Bellare, M., Boldyreva, A., O’Neill, A.: Efficiently-searchable and deterministic asymmetric encryption. Cryptology ePrint Archive, Report, /186, 2006. (2006), http://eprint.iacr.org/2006/186/

  10. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, Springer, Heidelberg (1996)

    Google Scholar 

  11. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS (1997)

    Google Scholar 

  12. Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm. In: ACM Transactions on Information and System Security. vol. 7(2) (2004)

    Google Scholar 

  13. Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  14. Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: The three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, Springer, Heidelberg (2000)

    Google Scholar 

  15. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, Springer, Heidelberg (2004)

    Google Scholar 

  16. Canetti, R., Krawczyk, H., Nielsen, J.: Relaxing chosen-ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, Springer, Heidelberg (2003)

    Google Scholar 

  17. Ceselli, A., Damiani, E., De Capitani, d.S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inf. Syst. Secur. 8(1), 119–152 (2005)

    CrossRef  Google Scholar 

  18. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  19. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. Cryptology ePrint Archive, Report 2006/210 (2006)

    Google Scholar 

  20. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Computing range queries on obfuscated data. In: Information Processing and Management of Uncertainty in Knowledge-Based Systems (2004)

    Google Scholar 

  21. Damiani, E., De Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS (2003)

    Google Scholar 

  22. Goh, E.-J.: Secure indexes. Cryptology ePrint Archive, Report 2003/216 (2003), http://eprint.iacr.org/2003/216/

  23. Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and Systems Sciencies 28 (1984)

    Google Scholar 

  24. Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Applied Cryptography and Network Security Conference

    Google Scholar 

  25. Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD (2002)

    Google Scholar 

  26. Hacigümüs, H., Iyer, B.R., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, Springer, Heidelberg (2004)

    CrossRef  Google Scholar 

  27. Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: VLDB (2004)

    Google Scholar 

  28. Iyer, B.R., Mehrotra, S., Mykletun, E., Tsudik, G., Wu, Y.: A framework for efficient storage security in RDBMS. In: EDBT (2004)

    Google Scholar 

  29. Kantracioglu, M., Clifton, C.: Security issues in querying encrypted data. In: DBSec (2005)

    Google Scholar 

  30. Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: SIGMOD, ACM Press, New York (2006)

    Google Scholar 

  31. Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec (2005)

    Google Scholar 

  32. Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: NDSS (2004)

    Google Scholar 

  33. Mykletun, E., Tsudik, G.: Incorporating a secure coprocessor in the database-as-a-service model. In: International Workshop on Innovative Architecture for Future Generation High Performance Processors and Systems (2005)

    Google Scholar 

  34. Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: DBSEC (2006)

    Google Scholar 

  35. Narasimha, M., Tsudik, G.: DSAC: integrity for outsourced databases with signature aggregation and chaining. In: CIKM (2005)

    Google Scholar 

  36. Narasimha, M., Tsudik, G.: Authentication of outsourced databases using signature aggregation and chaining. In: Lee, M.L., Tan, K.-L., Wuwongse, V. (eds.) DASFAA 2006. LNCS, vol. 3882, Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  37. Özsoyoglu, G., Singer, D.A., Chung, S.S.: Anti-tamper databases: Querying encrypted databases. In: DBSec, pp. 133–146 (2003)

    Google Scholar 

  38. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM CCS (2001)

    Google Scholar 

  39. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  40. Arsenal Digital Solutions. Top 10 reasons to outsource remote data protection. http://www.arsenaldigital.com/services/remote_data_protection.htm

  41. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy (2000)

    Google Scholar 

  42. Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: ICNP (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Georgia Institute of Technology, USA

    Georgios Amanatidis, Alexandra Boldyreva & Adam O’Neill

Authors
  1. Georgios Amanatidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandra Boldyreva
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Adam O’Neill
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Steve Barker Gail-Joon Ahn

Rights and permissions

Reprints and Permissions

Copyright information

© 2007 IFIP International Federation for Information Processing

About this paper

Cite this paper

Amanatidis, G., Boldyreva, A., O’Neill, A. (2007). Provably-Secure Schemes for Basic Query Support in Outsourced Databases. In: Barker, S., Ahn, GJ. (eds) Data and Applications Security XXI. DBSec 2007. Lecture Notes in Computer Science, vol 4602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73538-0_2

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-540-73538-0_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-73533-5

  • Online ISBN: 978-3-540-73538-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Cancel contracts here

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature