Skip to main content
SpringerLink
Log in

AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving Database Outsourcing

  • Conference paper
Data Privacy Management and Autonomous Spontaneous Security (DPM 2012, SETOP 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7731))

Abstract

Researchers have been studying security challenges of database outsourcing for almost a decade. Privacy of outsourced data is one of the main challenges when the “Database As a Service” model is adopted in the service oriented trend of the cloud computing paradigm. This is due to the insecurity of the network environment or even the untrustworthiness of the service providers. This paper proposes a method to preserve privacy of outsourced data based on Shamir’s secret sharing scheme. We split attribute values into several parts and distribute them among untrusted servers. The problem of using secret sharing in data outsourcing scenario is how to search efficiently within the randomly generated pool of shares. In this paper, at first, we customize Shamir’s scheme to have A Searchable Secret Sharing Scheme (AS4) that enables the efficient execution of different kinds of queries over distributed shares. Then, we extend our method for sharing values to A Secure Searchable Secret Sharing Scheme (AS5) to tolerate statistical attacks based on adversary’s knowledge about outsourced data distribution. In AS5 data shares are generated uniformly across a domain to prevent information leakage about the outsourced data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over Encrypted Data in the Database-Service-Provider Model. In: ACM SIGMOD International Conference on Management of Data, SIGMOD 2002, New York, USA, pp. 216–227 (2002)

    Google Scholar 

  2. Agrawal, R., Kiernan, G.G.: System and method for fast querying of encrypted databases. US Patent 7,395,437: Google Patents (2008)

    Google Scholar 

  3. Canim, M., Kantarcioglu, M.: Design and analysis of querying encrypted data in relational databases. In: The 21st Annual IFIP WG 11.3 working Conference on Data and Applications Security, pp. 177–194 (2007)

    Google Scholar 

  4. Zhang, Y., Li, W.-X., Niu, X.-M.: Secure cipher index over encrypted character data in database. In: 2008 International Conference on Machine Learning and Cybernetics, pp. 1111–1116 (2008)

    Google Scholar 

  5. Zhu, H., Cheng, J., Jin, R., Lu, K.: Executing Query over Encrypted Character Strings in Databases. In: 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology (FCST 2007), pp. 90–97 (2007)

    Google Scholar 

  6. Damiani, E., Vimercati, S.D.C., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing Confidentiality and Efficiency in Untrusted Relational DBMSs. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, CCS 2003, New York, USA, pp. 93–102 (2003)

    Google Scholar 

  7. Li, J., Omiecinski, E.R.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: 19th Annual IFIP WG 11.3 Working Conference on Database and Applications Security, pp. 69–83 (2005)

    Google Scholar 

  8. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two Can Keep a Secret: A Distributed Architecture for Secure Database Services. In: 2nd Biennial Conference on Innovative Data Systems Research (2005)

    Google Scholar 

  9. Samarati, P., Ciriani, V., Foresti, S.: Keep a Few: Outsourcing Data While Maintaining Confidentiality. In: 14th European Conference on Research in Computer Security, pp. 440–455 (2009)

    Google Scholar 

  10. Wiese, L.: Horizontal Fragmentation for Data Outsourcing with Formula-Based Confidentiality Constraints. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 101–116. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Soodejani, A.T., Hadavi, M.A., Jalili, R.: k-Anonymity-Based Horizontal Fragmentation to Preserve Privacy in Data Outsourcing. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 263–273. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Ciriani, V., Vimercati, S.D., Foresti, S., Jajodia, S.: Combining Fragmentation and Encryption to Protect Privacy in Data Storage. ACM Transactions on Information and System Security (TISSEC) 13, 1094–9224 (2010)

    Article  Google Scholar 

  13. Ciriani, V., Vimercati, S.D.C.D., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and Encryption to Enforce Privacy in Data Storage. In: 12th European Symposium on Research in Computer Security, pp. 171–186 (2007)

    Google Scholar 

  14. Agrawal, D., Abbadi, A.E., Emekci, F., Metwally, A.: Database Management as a Service: Challenges and Opportunities. In: 2009 IEEE 25th International Conference on Data Engineering, pp. 1709–1716 (2009)

    Google Scholar 

  15. Hadavi, M.A., Jalili, R.: Secure Data Outsourcing Based on Threshold Secret Sharing: Towards a More Practical Solution. In: VLDB 2010 PhD Workshop, Singapore, pp. 54–59 (2010)

    Google Scholar 

  16. Hadavi, M.A., Noferesti, M., Jalili, R., Damiani, E.: Database as a Service: Towards a Unified Solution for Security Requirements. In: 36th International Conference on Computer Software and Applications, The 4th IEEE International Workshop on Security Aspects in Processes and Services Engineering, Izmir, Turkey, pp. 415–420 (2012)

    Google Scholar 

  17. Shamir, A.: How to Share a Secret. Communications of the ACM 22, 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  18. Dautrich, J.L., Ravishankar, C.V.: Security Limitations of Using Secret Sharing for Data Outsourcing. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 145–160. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Data and Network Security Laboratory (DNSL), Department of Computer Engineering, Sharif University of Technology, Tehran, Iran

    Mohammad Ali Hadavi, Rasool Jalili & Zeinab Ganjei

  2. SErvice-oriented Software Architecture Research (SESAR) Lab, Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Crema, Italy

    Ernesto Damiani & Stelvio Cimato

Authors
  1. Mohammad Ali Hadavi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rasool Jalili
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stelvio Cimato
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zeinab Ganjei
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Università degli Studi Roma Tre, Largo San Leonardo Murialdo, 1, 00146, Rome, Italy

    Roberto Di Pietro

  2. Universitat Politècnica de Catalunya, c. Jordi Girona 1-3, 08034, Barcelona, Spain

    Javier Herranz

  3. Università degli Studi di Milano, Via Bramante, 65, 26013, Milan, Italy

    Ernesto Damiani

  4. University of Luxembourg, rue Alphonse Weicker, 4, 2721, Luxembourg, Luxembourg

    Radu State

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hadavi, M.A., Damiani, E., Jalili, R., Cimato, S., Ganjei, Z. (2013). AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving Database Outsourcing. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2012 2012. Lecture Notes in Computer Science, vol 7731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35890-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35890-6_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35889-0

  • Online ISBN: 978-3-642-35890-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation