Abstract
Data outsourcing or database as a service is a new paradigm for data management in which a third party service provider hosts a database as a service. The service provides data management for its customers and thus obviates the need for the service user to purchase expensive hardware and software, deal with software upgrades and hire professionals for administrative and maintenance tasks. Since using an external database service promises reliable data storage at a low cost it is very attractive for companies. Such a service would also provide universal access, through the Internet to private data stored at reliable and secure sites in cloud computing infrastructures. However, recent governmental legislations, competition among companies, and data thefts mandate companies to use secure and privacy preserving data management techniques. The data provider, therefore, needs to guarantee that the data is secure, be able to execute queries on the data, and the results of the queries must also be secure and not visible to the data provider. Current research has been focused only on how to index and query encrypted data. However, querying encrypted data is computationally very expensive. Providing an efficient trust mechanism to push both database service providers and clients to behave honestly has emerged as one of the most important problem before data outsourcing to become a viable paradigm. In this paper, we describe scalable privacy preserving algorithms for data outsourcing in cloud computing infrastructures. Instead of encryption, which is computationally expensive, we use distribution on multiple sites that are available in the cloud and information theoretically proven secret sharing algorithms as the basis for privacy preserving outsourcing. The technical contributions of this paper is the establishment and development of a framework for efficient fault-tolerant scalable and theoretically secure privacy preserving data outsourcing that supports a diversity of database operations executed on different types of data.
This research was partially supported by the NSF under grant IIS-0847925.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hacigumus, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database service provider model. In: SIGMOD Conference (2002), http://citeseer.ist.psu.edu/hacigumus02executing.html
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proc. of the 30th Int’l. Conference on Very Large Databases VLDB, pp. 720–731 (2004)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: SIGMOD 2004: Proceedings of the, ACM SIGMOD International Conference on Management of Data, pp. 563–574. ACM Press, New York (2004)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: CIDR, pp. 186–199 (2005)
Kantarcıoǧlu, M., Clifton, C.: Security issues in querying encrypted data. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 325–337. Springer, Heidelberg (2005)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of the International Conference on Very Large Data Bases (2004)
Li, J., Omiecinski, E.R.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 69–83. Springer, Heidelberg (2005)
Shmueli, E., Waisenberg, R., Elovici, Y., Gudes, E.: Designing secure indexes for encrypted databases. In: Jajodia, S., Wijesekera, D. (eds.) Data and Applications Security 2005. LNCS, vol. 3654, pp. 54–68. Springer, Heidelberg (2005)
Yang, Z., Zhong, S., Wright, R.: Privacy-preserving queries on encrypted data. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 479–495. Springer, Heidelberg (2006)
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval. In: Proceedings of the FOCS (1997)
Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private infomation retrieval. Journal of the ACM 45(6), 965–982 (1998)
Stern, J.: A new and efficient all-or-nothing disclosure of secrets protocol. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 357–371. Springer, Heidelberg (1998)
Kushilevitz, E., Ostrovsky, R.: One-way trapdoor permutations are sufficient for non-trivial single-server private information retrieval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 104. Springer, Heidelberg (2000)
Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 402. Springer, Heidelberg (1999)
Chang, Y.: Single database private information retrieval with logarithmic communication (2004)
Sion, R., Carbunar, B.: On the computational practicality of private information retrieval. In: Proceedings of the Networks and Distributed Systems Security (2007)
Devambu, P., Gertz, M., Martel, C., Stubblebine, S.: Authentic third-party data publication. In: Proceedings of the IFIP Workshop on Database Security (2000)
Mykletun, E., Narasimha, M., Tsudik, G.: Authentiction and integrity in outsourced databases. In: Proceedings of the ISOC Symposium on Network and Distributed Systems Security (2004)
Sion, R.: Query execution assurance for outsourced database. In: Proceedings of the Interntional Conference on Very Large Data Bases (VLDB 2005) (2005)
Pang, H., Jain, A., Ramamritham, K., Tan, K.: Verifying completeness of relational query resultts in data publishing. In: Proceedings of the ACM International Conference on Management of Data (SIGMOD 2005) (2005)
Narasimha, M., Tsudik, G.: Authentication of outsourced databases using signature aggregation and chaining. In: Li Lee, M., Tan, K.-L., Wuwongse, V. (eds.) DASFAA 2006. LNCS, vol. 3882, pp. 420–436. Springer, Heidelberg (2006)
Sion, R.: Secure data outsourcing. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 1431–1432 (2007)
Agrawal, R., Asonov, D., Srikant, R.: Enabling sovereign information sharing using web services. In: SIGMOD Conference, pp. 873–877 (2004)
Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proc. of the 2003 ACM SIGMOD International Conference on on Management of Data, pp. 86–97 (2003)
Ge, T., Zdonik, S.B.: Answering aggregation queries in a secure system model. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 519–530 (2007)
di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of access control evolution on outsourced data. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 123–134 (2007)
Anciaux, N., Benzine, M., Bouganim, L., Pucheral, P., Shasha, D.: Ghostdb: querying visible and hidden data without leaks. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 677–688 (2007)
Scannapieco, M., Figotin, I., Bertino, E., Elmagarmid, A.K.: Privacy preserving schema and data matching. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 653–664 (2007)
Ostrovsky, R., Shoup, V.: Private Information Storage. In: Proceedings of the STOC (1997)
Gertner, Y., Ishai, Y., Kushilevitz, E., Malkin, T.: Protecting data privacy in private information retrieval schemes. In: Proc. of the Thirtieth Annual ACM Symposium on Theory of Computing, pp. 151–160. ACM Press, New York (1998)
Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Proc. of the Thirty-First Annual ACM Symposium on Theory of Computing, pp. 245–254. ACM Press, New York (1999)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: PODC 1991: Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, pp. 51–59 (1991)
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)
Jarecki, S.: Proactive secret sharing and public key cryptosystems. Master’s thesis, MIT (1995), http://citeseer.ist.psu.edu/jarecki95proactive.html
Zhou, L., Schneider, F.B., Renesse, R.V.: APSS: Proactive secret sharing in asynchronous systems. ACM Transactions on Information System Security 8(3), 259–286 (2005)
Emekci, F., Agrawal, D.P., El Abbadi, A.: ABACUS: A distributed middleware for privacy preserving data sharing across private data warehouses. In: Alonso, G. (ed.) Middleware 2005. LNCS, vol. 3790, pp. 21–41. Springer, Heidelberg (2005)
Emekçi, F., Agrawal, D., El Abbadi, A., Gulbeden, A.: Privacy preserving query processing using third parties. In: ICDE, p. 27 (2006)
Aggarwal, G., Mishra, N., Pinkas, B.: Privacy-preserving computation of the k’th-ranked element. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 40–55. Springer, Heidelberg (2004)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178 (2009)
Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, American Federation of Information Processing Societies, vol. 48, pp. 313–317 (1979)
Stinson, D., Wei, R.: Bibliography on secret sharing schemes, http://www.cacr.math.uwaterloo.ca/dstinson/ssbib.html
McEliece, R.J., Sarwate, D.V.: On sharing secrets and reed-solomon codes. Communications of ACM 24(9), 583–584 (1981)
Cramer, R., Fehr, S.: Optimal black-box secret sharing over arbitrary abelian groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 272–287. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Agrawal, D., El Abbadi, A., Emekci, F., Metwally, A., Wang, S. (2011). Secure Data Management Service on Cloud Computing Infrastructures. In: Agrawal, D., Candan, K.S., Li, WS. (eds) New Frontiers in Information and Software as Services. Lecture Notes in Business Information Processing, vol 74. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19294-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-19294-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19293-7
Online ISBN: 978-3-642-19294-4
eBook Packages: Computer ScienceComputer Science (R0)