A SECURE AND EFFICIENT ORDER PRESERVING ENCRYPTION SCHEME FOR RELATIONAL DATABASES
Hasan Kadhem, Toshiyuki Amagasa, Hiroyuki Kitagawa
2010
Abstract
Encryption is a well-studied technique for protecting the confidentiality of sensitive data. However, encrypting relational databases affects the performance during query processing. Preserving the order of the encrypted values is a useful technique to perform queries over the encrypted database with a reasonable overhead. Unfortunately, the existing order preserving encryption schemes are not secure against known plaintext attacks and statistical attacks. In those attacks, it is assumed that the attacker has prior knowledge about plaintext values or statistical information on the plaintext domain. This paper presents a novel database encryption scheme called MV-POPES (Multivalued - Partial Order Preserving Encryption Scheme), which allows privacy-preserving queries over encrypted databases with an improved security level. Our idea is to divide the plaintext domain into many partitions and randomize them in the encrypted domain. Then, one integer value is encrypted to different multiple values to prevent statistical attacks. At the same time, MV-POPES preserves the order of the integer values within the partitions to allow comparison operations to be directly applied on encrypted data. Our scheme is robust against known plaintext attacks and statistical attacks. MV-POPES experiments show that security for sensitive data can be achieved with reasonable overhead, establishing the practicability of the scheme.
References
- Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. (2004). Order preserving encryption for numeric data. In SIGMOD 7804: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pages 563-574, New York, NY, USA. ACM.
- Blum, M. and Micali, S. (1984). How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput., 13(4):850-864.
- Boneh, D., Crescenzo, G. D., Ostrovsky, R., and Persiano, G. (2004). Public key encryption with keyword search. In EUROCRYPT 2004: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, pages 506-522. Springer.
- Chung, S. S. and Ozsoyoglu, G. (2006). Anti-tamper databases: Processing aggregate queries over encrypted databases. In ICDEW 7806: Proceedings of International Conference on Data Engineering Workshops, page 98, Washington, DC, USA. IEEE Computer Society.
- DES (1977). Data encryption standard. Federal Information Processing Standards Publication, FIPS PUB 46.
- Dong, C., Russello, G., and Dulay, N. (2008). Shared and searchable encrypted data for untrusted servers. In Proceeedings of the 22nd annual IFIP working conference on Data and Applications Security, pages 127-143, Berlin, Heidelberg. Springer-Verlag.
- Hacigümüs¸, H., Iyer, B., Li, C., and Mehrotra, S. (2002). Executing SQL over encrypted data in the databaseservice-provider model. In SIGMOD 7802: Proceedings of the 2002 ACM SIGMOD international conference on Management of data, pages 216-227, New York, NY, USA. ACM.
- Hore, B., Mehrotra, S., and Tsudik, G. (2004). A privacypreserving index for range queries. In VLDB 7804: Proceedings of the 30th international conference on Very large databases, pages 720-731. VLDB Endowment.
- Hsueh, S. (February 2008). Database encryption in SQL server 2008 enterprise edition. Microsoft White Papers, SQL Server 2008.
- Kadhem, H., Amagasa, T., and Kitagawa, H. (2010). MV-OPES: Multivalued - order preserving encryption scheme: A novel scheme for encrypting integer value to many different values. IEICE Transactions, 93- D(9):accepted.
- Menezes, A. J., Vanstone, S. A., and Oorschot, P. C. V. (1996). Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL, USA.
- Ozsoyoglu, G., Singer, D. A., and Chung, S. S. (2003). Anti-tamper databases: Querying encrypted databases. In 17th Annual IFIP Working Conference on Database and Applications Security, Estes Park, pages 4-6.
- Rivest, R. L., Shamir, A., and Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120-126.
- Schneier, B. (1994). Description of a new variablelength key, 64-bit block cipher (Blowfish). In Fast Software Encryption, Cambridge Security Workshop, pages 191-204, London, UK. Springer-Verlag.
- Song, D. X., Wagner, D., and Perrig, A. (2000). Practical techniques for searches on encrypted data. In SP'00: Proceedings of the 2000 IEEE Symposium on Security and Privacy, page 44, Washington, DC, USA. IEEE Computer Society.
- Wang, H. and Lakshmanan, L. V. S. (2006). Efficient secure query evaluation over encrypted XML databases. In VLDB 7806: Proceedings of the 32nd international conference on Very large databases, pages 127-138.
Paper Citation
in Harvard Style
Kadhem H., Amagasa T. and Kitagawa H. (2010). A SECURE AND EFFICIENT ORDER PRESERVING ENCRYPTION SCHEME FOR RELATIONAL DATABASES . In Proceedings of the International Conference on Knowledge Management and Information Sharing - Volume 1: KMIS, (IC3K 2010) ISBN 978-989-8425-30-0, pages 25-35. DOI: 10.5220/0003095700250035
in Bibtex Style
@conference{kmis10,
author={Hasan Kadhem and Toshiyuki Amagasa and Hiroyuki Kitagawa},
title={A SECURE AND EFFICIENT ORDER PRESERVING ENCRYPTION SCHEME FOR RELATIONAL DATABASES},
booktitle={Proceedings of the International Conference on Knowledge Management and Information Sharing - Volume 1: KMIS, (IC3K 2010)},
year={2010},
pages={25-35},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003095700250035},
isbn={978-989-8425-30-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Knowledge Management and Information Sharing - Volume 1: KMIS, (IC3K 2010)
TI - A SECURE AND EFFICIENT ORDER PRESERVING ENCRYPTION SCHEME FOR RELATIONAL DATABASES
SN - 978-989-8425-30-0
AU - Kadhem H.
AU - Amagasa T.
AU - Kitagawa H.
PY - 2010
SP - 25
EP - 35
DO - 10.5220/0003095700250035