Abstract
Compliance storage is an increasingly important area for businesses faced with a myriad of new document retention regulations. Today, businesses have turned to Write-One Read Many (WORM) storage technology to achieve compliance. But WORM answers only a part of the compliance puzzle; in addition to guaranteed document retention, businesses also need secure indexing, to ensure auditors can find required documents in a large database, secure deletion to expire documents (and their index entries) from storage once they are past their expiry period, and support for litigation holds, which require that certain documents are retained pending the resolution of active litigation.
We build upon previous work in compliance storage and attribute-based encryption to design a system that satisfies all three of these requirements. In particular, we design a new encrypted index, which allows the owner of a database of documents to grant access to only those documents that match a particular query. This enables litigation holds for expired documents, and at the same time restricts auditor access for unexpired documents, greatly limiting the potential for auditor abuse as compared to previous work. We show by way of formal security proofs that our construction is secure and that it prevents reconstruction attacks wherein the index is used to recover the contents of the document. Our experiments show that our scheme can be practical for large databases and moderate sizes of queries.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
The Enterprise Storage Group, Inc.: Compliance: The effect on information management and the storage industry (2003), http://www.enterprisestoragegroup.com
Securities and Exchange Commission: Guidance to broker-dealers on the use of electronic storage media under the national commerce act of 2000 with respect to rule 17a-4(f) (2001), http://www.sec.gov/rules/interp/34-44238.htm
Congress of the United States of America: Sarbanes–Oxley act (2002), http://thomas.loc.gov
EMC Corpopration: EMC Centera content addressed storage system (2003), http://www.emc.com/products/systems/centera_ce.jsp
IBM Corporation: IBM TotalStorage DR550 (2006), http://www-03.ibm.com/systems/storage/index.html
Network Appliance, Inc.: SnaplockTM compliance and SnapLock enterprise software (2003), http://www.netapp.com/products/filer/snaplock.html
Mitra, S., Hsu, W.W., Winslett, M.: Trustworthy keyword search for regulatory-compliant records retention. In: Dayal, U., Whang, K.Y., Lomet, D., Alonso, G., Lohman, G., Kersten, M., Cha, S.K., Kim, Y.K. (eds.) Conference on Very Large Data Bases, VLDB Endowment, September 2006, pp. 1001–1015 (2006)
Cohen, W.W.: Enron email dataset (2005), http://www.cs.cmu.edu/~enron
Witten, I.H., Moffat, A., Bell, T.C.: Managing Gigabytes: Compressing and Indexing Documents and Images. Morgan Kaufmann, San Francisco (1999)
Zhu, Q., Hsu, W.W.: Fossilized index: the linchpin of trustworthy non-alterable electronic records. In: ACM SIGMOD International Conference on Management of Data, pp. 395–406. ACM, New York (2005)
Mitra, S., Winslett, M., Borisov, N.: Deleting index entries from compliance storage. In: Kemper, A. (ed.) Conference on Extending Database Technology (March 2008)
Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Wright, R., di Vimercati, S.D.C. (eds.) ACM Conference on Computer and Communications Security, October 2006, pp. 89–98. ACM, New York (2006)
Frey, G., Rück, H.: A remark concerning m-divisibility and the discrete logarithm in the divisor class group of curves. Mathematics of Computation 62(206), 865–874 (1994)
Menezes, A., Okamoto, T., Vanstone, S.: Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Transactions on Information Theory 39(5), 1639–1646 (1993)
Miyaji, A., Nakabayashi, M., Takano, S.: New Explicit Conditions of Elliptic Curve Traces for FR-Reduction. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 84(5), 1234–1243 (2001)
Ballard, L., Green, M., de Medeiros, B., Monrose, F.: Correlation-resistant storage via keyword-searchable encryption. Cryptology ePrint Archive, Report 2005/417 (2005), http://eprint.iacr.org/
Joux, A.: A one round protocol for tripartite Diffie-Hellman. Journal of Cryptology 17(4) (2004)
Bellare, M., Canetti, R., Krawczyk, H.: Message authentication using hash functions: the HMAC construction. CryptoBytes 2(1), 12–15 (1996)
Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp. 44–55 (2000)
Goh, E.J.: Secure indexes. Cryptology ePrint Archive, Report 2003/216 (2003), http://eprint.iacr.org/
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, Springer, Heidelberg (2004)
Waters, B., Balfanz, D., Durfee, G., Smetters, D.: Building an encrypted and searchable audit log. In: Network and Distributed System Security Symposium (2004)
Golle, P., Staddon, J., Waters, B.: Secure Conjunctive Keyword Search over Encrypted Data. In: International Conference on Applied Cryptography and Network Security (June 2004)
Ballard, L., Kamara, S., Monrose, F.: Achieving Efficient Conjunctive Keyword Searches over Encrypted Data. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 414–426. Springer, Heidelberg (2005)
Park, D., Kim, K., Lee, P.: Public key encryption with conjunctive field keyword search. In: WISA, pp. 73–86 (2004)
Byun, J., Lee, D., Lim, J.: Efficient Conjunctive Keyword Search on Encrypted Data Storage System. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 184–196. Springer, Heidelberg (2006)
Hwang, Y., Lee, P.: Public key encryption with conjunctive keyword search and its extension to a multi-user system. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, Springer, Heidelberg (2007)
Ostrovsky, R., Waters, B.: Attribute-based encryption with non-monotonic access structures. [34] 195–203
Chase, M.: Multi-authority attribute-based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, Springer, Heidelberg (2007)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (2007)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Cheung, L., Newport, C.: Provably secure ciphertext policy ABE. [34], 456–465
Kapadia, A., Tsang, P., Smith, S.: Attribute-based publishing with hidden credentials and hidden policies. In: Arbaugh, W., Cowan, C. (eds.) Network and Distributed System Security Symposium (March 2007)
Syverson, P., Wright, R.: The 14th ACM Conference on Computer and Communications Security. ACM, New York (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Borisov, N., Mitra, S. (2008). Restricted Queries over an Encrypted Index with Applications to Regulatory Compliance. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2008. Lecture Notes in Computer Science, vol 5037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68914-0_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-68914-0_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68913-3
Online ISBN: 978-3-540-68914-0
eBook Packages: Computer ScienceComputer Science (R0)