Skip to main content
SpringerLink
Log in

Property Preserving Encryption in NoSQL Wide Column Stores

  • Conference paper
  • First Online:
On the Move to Meaningful Internet Systems. OTM 2017 Conferences (OTM 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10574))

Abstract

Property preserving encryption (PPE) can enable database systems to process queries over encrypted data. While a lot of research in this area focusses on doing so with SQL databases, NoSQL (Not only SQL) cloud databases are good candidates either. On the one hand, they usually provide enough space to store the typically larger ciphertexts and special indexes of PPE-schemes. On the other hand in contrast to approaches for SQL systems, despite PPE the query expressiveness remains almost unaffected. Thus, in this paper we investigate (i) how PPE can be used in the popular NoSQL sub-category of so-called wide column stores in order to protect sensitive data in the threat model of a persistent honest-but-curious database provider, (ii) what PPE schemes are suited for this task and (iii) what performance levels can be expected.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Commonly referred to as “row key”. However we use “row identifier” to avoid confusions with cryptographic keys.

  2. 2.

    Mainly meaning adding items to the dataset. SE schemes capable of doing so are commonly referred to as being “dynamic”.

  3. 3.

    Apart from rare exceptions (e.g. [51]) OPE schemes are deterministic. Hence they leak not only the relative order between plaintexts, but also equality.

  4. 4.

    Available at https://www.bouncycastle.org/.

  5. 5.

    Available at https://www.cs.cmu.edu/~./enron/.

  6. 6.

    We do not perform test for byte blob data, since in the proposed OLM this would only result in performing in AES encryption.

References

  1. O’Reilly, T.: What is web 2.0: design patterns and business models for the next generation of software. Commun. Strat. 65(1), 17–37 (2007)

    Google Scholar 

  2. Han, J., Haihong, E., Le, G., Du, J.: Survey on NoSQL database. In: 2011 6th International Conference on Pervasive Computing and Applications (ICPCA), pp. 363–366. IEEE (2011)

    Google Scholar 

  3. Tudorica, B.G., Bucur, C.: A comparison between several NoSQL databases with comments and notes. In: 2011 10th Roedunet International Conference (RoEduNet), pp. 1–5. IEEE (2011)

    Google Scholar 

  4. Chang, F., Dean, J., Ghemawat, S., Hsieh, W.C., Wallach, D.A., Burrows, M., Chandra, T., Fikes, A., Gruber, R.E.: Bigtable: a distributed storage system for structured data. ACM Trans. Comput. Syst. 26(2), 4 (2008)

    Article  Google Scholar 

  5. Lakshman, A., Malik, P.: Cassandra: a decentralized structured storage system. ACM SIGOPS Operating Syst. Rev. 44(2), 35–40 (2010)

    Article  Google Scholar 

  6. Alex, H., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Appelbaum, J., Felten, E.: Lest we forget - cold boot attacks on encryption keys (2008)

    Google Scholar 

  7. Corkery, M.: Once Again, Thieves Enter Swift Financial Network and Steal, New York Times (2016). http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html. Accessed 20 Mar 2017

  8. Lennon, M.: Hackers Used Sophisticated SMB Worm Tool to Attack Sony, Security Week (2016). http://www.securityweek.com/hackers-used-sophisticated-smb-worm-tool-attack-sony. Accessed 20 Mar 2017

  9. Quinn, B., Arthur, C.: Playstation network hackers access data of 77 million users, The Guardian (2011). https://www.theguardian.com/technology/2011/apr/26/playstation-network-hackers-data. Accessed 20 Mar 2017

  10. Crawford, D., Fuhrmans, V., Ball, D.: Germany Tackles Tax Evasion, Wall Street Journal (2010). http://www.wsj.com/articles/SB10001424052748704197104575051480386248538. Accessed 20 Mar 2017

  11. Solid-IT: DB-engines ranking (2017). https://db-engines.com/de/ranking. Accessed 20 Mar 2017

  12. Borthakur, D., Gray, J., Sarma, J.S., Muthukkaruppan, K., Spiegelberg, N., Kuang, H., Ranganathan, K., Molkov, D., Menon, A., Rash, S., et al.: Apache hadoop goes realtime at Facebook. In: Proceedings of the 2011 ACM SIGMOD International Conference on Management of Data, pp. 1071–1080. ACM (2011)

    Google Scholar 

  13. Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of data, pp. 216–227. ACM (2002)

    Google Scholar 

  14. Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012)

    Article  Google Scholar 

  15. Shahzad, F., Iqbal, W., Bokhari, F.S.: On the use of CryptDB for securing electronic health data in the cloud: a performance study. In: 2015 17th International Conference on E-health Networking, Application and Services (HealthCom), pp. 120–125. IEEE (2015)

    Google Scholar 

  16. Tetali, S.D., Lesani, M., Majumdar, R., Millstein, T.: MrCrypt: static analysis for secure cloud computations. ACM SIGPLAN Not. 48(10), 271–286 (2013)

    Article  Google Scholar 

  17. Akin, I.H., Sunar, B.: On the difficulty of securing web applications using CryptDB. In: 2014 IEEE Fourth International Conference on Big Data and Cloud Computing (BdCloud), pp. 745–752. IEEE (2014)

    Google Scholar 

  18. Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. Proc. VLDB Endowment 6, 289–300 (2013)

    Article  Google Scholar 

  19. Pappas, V., Krell, F., Vo, B., Kolesnikov, V., Malkin, T., Choi, S.G., George, W., Keromytis, A., Bellovin, S.: Blind seer: a scalable private DBMS. In: IEEE Symposium on Security and Privacy, vol. 2014, pp. 359–374. IEEE (2014)

    Google Scholar 

  20. Sarfraz, M.I., Nabeel, M., Cao, J., Bertino, E.: DBMask: fine-grained access control on encrypted relational databases. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 1–11. ACM (2015)

    Google Scholar 

  21. Li, J., Liu, Z., Chen, X., Xhafa, F., Tan, X., Wong, D.S.: L-EncDB: a lightweight framework for privacy-preserving data queries in cloud computing. Knowl.-Based Syst. 79, 18–26 (2015)

    Article  Google Scholar 

  22. Kasten, A., Scherp, A., Armknecht, F., Krause, M.: Towards search on encrypted graph data. In: Proceedings of PrivOn (2013)

    Google Scholar 

  23. Yuan, X., Wang, X., Wang, C., Qian, C., Lin, J.: Building an encrypted, distributed, and searchable key-value store. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 547–558. ACM (2016)

    Google Scholar 

  24. Poddar, R., Boelter, T., Popa, R.A.: Arx: a strongly encrypted database system. IACR Cryptology ePrint Arch. 2016, 591 (2016)

    Google Scholar 

  25. Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: Orthogonal security with cipherbase. In: CIDR (2013)

    Google Scholar 

  26. Bajaj, S., Sion, R.: TrustedDB: a trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng. 26(3), 752–765 (2014)

    Article  Google Scholar 

  27. Khetrapal, A., Ganesh, V.: HBase and hypertable for large scale distributed storage systems. Department of Computer Science, Purdue University, pp. 22–28 (2006)

    Google Scholar 

  28. Sawyer, S.M., O’Gwynn, B.D., Tran, A., Yu, T.: Understanding query performance in Accumulo. In: 2013 IEEE High Performance Extreme Computing Conference (HPEC), pp. 1–6. IEEE (2013)

    Google Scholar 

  29. Cooney, M.: IBM touts encryption innovation, Network World (2009). http://www.networkworld.com/article/2259168/data-center/ibm-touts-encryption-innovation.html. Accessed 20 Mar 2017

  30. Kadhem, H., Amagasa, T., Kitagawa, H.: A secure and efficient order preserving encryption scheme for relational databases. In: KMIS, pp. 25–35 (2010)

    Google Scholar 

  31. Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_33

    Chapter  Google Scholar 

  32. Liu, D., Wang, S.: Programmable order-preserving secure index for encrypted database query. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 502–509. IEEE (2012)

    Google Scholar 

  33. Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 463–477. IEEE (2013)

    Google Scholar 

  34. Wozniak, S., Rossberg, M., Grau, S., Alshawish, A., Schaefer, G.: Beyond the ideal object: towards disclosure-resilient order-preserving encryption schemes. In: Proceedings of the 2013 ACM Workshop on Cloud Computing Security Workshop, pp. 89–100. ACM (2013)

    Google Scholar 

  35. Kerschbaum, F., Schröpfer, A.: Optimal average-complexity ideal-security order-preserving encryption. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 275–286. ACM (2014)

    Google Scholar 

  36. Chenette, N., Lewi, K., Weis, S.A., Wu, D.J.: Practical order-revealing encryption with limited leakage. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 474–493. Springer, Heidelberg (2016). doi:10.1007/978-3-662-52993-5_24

    Chapter  Google Scholar 

  37. Goh, E.J., et al.: Secure indexes. IACR Cryptology ePrint Arch. 2003, 216 (2003)

    Google Scholar 

  38. Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 442–455. Springer, Heidelberg (2005). doi:10.1007/11496137_30

    Chapter  Google Scholar 

  39. Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 79–88. ACM (2006)

    Google Scholar 

  40. Sedghi, S., Van Liesdonk, P., Doumen, J.M., Hartel, P.H., Jonker, W.: Adaptively secure computationally efficient searchable symmetric encryption (2009)

    Google Scholar 

  41. van Liesdonk, P., Sedghi, S., Doumen, J., Hartel, P., Jonker, W.: Computationally efficient searchable symmetric encryption. In: Jonker, W., Petković, M. (eds.) SDM 2010. LNCS, vol. 6358, pp. 87–100. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15546-8_7

    Chapter  Google Scholar 

  42. Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 965–976. ACM (2012)

    Google Scholar 

  43. Hahn, F., Kerschbaum, F.: Searchable encryption with secure and efficient updates. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 310–320. ACM (2014)

    Google Scholar 

  44. Jho, N.S., Chang, K.Y., Hong, D., Seo, C.: Symmetric searchable encryption with efficient range query using multi-layered linked chains. J. Supercomputing 72, 1–14 (2015)

    Google Scholar 

  45. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, S&P 2000, Proceedings, pp. 44–55. IEEE (2000)

    Google Scholar 

  46. Anderson, R., Biham, E., Knudsen, L.: Serpent: a proposal for the advanced encryption standard. NIST AES Proposal 174, 1–23 (1998)

    Google Scholar 

  47. Roche, D., Apon, D., Choi, S.G., Yerukhimov, A.: POPE: Partial order-preserving encoding. Technical report, Cryptology ePrint Arch. 2015/1106 (2015)

    Google Scholar 

  48. Liu, Z., Chen, X., Yang, J., Jia, C., You, I.: New order preserving encryption model for outsourced databases in cloud environments. J. Netw. Comput. Appl. 59, 198–207 (2014)

    Article  Google Scholar 

  49. Mavroforakis, C., Chenette, N., O’Neill, A., Kollios, G., Canetti, R.: Modular order-preserving encryption, revisited. In: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, pp. 763–777. ACM (2015)

    Google Scholar 

  50. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_13

    Chapter  Google Scholar 

  51. Kadhem, H., Amagasa, T., Kitagawa, H.: MV-OPES: multivalued-order preserving encryption scheme: a novel scheme for encrypting integer value to many different values. IEICE Trans. Inf. Syst. 93(9), 2520–2533 (2010)

    Article  Google Scholar 

  52. Bösch, C., Hartel, P., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. (CSUR) 47(2), 18 (2015)

    Google Scholar 

  53. Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 85–100. ACM (2011)

    Google Scholar 

  54. Waage, T., Homann, D., Wiese, L.: Practical application of order-preserving encryption in wide column stores. In: Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - SECRYPT, pp. 352–359 (2016)

    Google Scholar 

  55. Waage, T., Jhajj, R.S., Wiese, L.: Searchable encryption in apache cassandra. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds.) FPS 2015. LNCS, vol. 9482, pp. 286–293. Springer, Cham (2016). doi:10.1007/978-3-319-30303-1_19

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Research Group Knowledge Engineering, Georg August Universität Göttingen, Institute of Computer Science, Goldschmidtstraße 7, 37077, Göttingen, Germany

    Tim Waage & Lena Wiese

Authors
  1. Tim Waage
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lena Wiese
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tim Waage .

Editor information

Editors and Affiliations

  1. University of Lorraine, Nancy, France

    Hervé Panetto

  2. Odisee University College, Brussels, Belgium

    Christophe Debruyne

  3. Télécom SudParis, Évry, France

    Walid Gaaloul

  4. Tilburg University, Tilburg, The Netherlands

    Mike Papazoglou

  5. Freie Universität Berlin and Fraunhofer FOKUS, Berlin, Germany

    Adrian Paschke

  6. Università degli Studi di Milano, Crema, Italy

    Claudio Agostino Ardagna

  7. TU Graz, Graz, Austria

    Robert Meersman

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Waage, T., Wiese, L. (2017). Property Preserving Encryption in NoSQL Wide Column Stores. In: Panetto, H., et al. On the Move to Meaningful Internet Systems. OTM 2017 Conferences. OTM 2017. Lecture Notes in Computer Science(), vol 10574. Springer, Cham. https://doi.org/10.1007/978-3-319-69459-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69459-7_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69458-0

  • Online ISBN: 978-3-319-69459-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation