Practical Application of Order-preserving Encryption in Wide Column Stores
Tim Waage, Daniel Homann, Lena Wiese
2016
Abstract
Order-preserving encryption (OPE) produces ciphertexts that preserve the relative order of the underlying plaintexts. Thus, it is very suitable for range queries over encrypted outsourced data, as it is a popular case in cloud database scenarios. Unfortunately, most schemes suffer from infeasibility in practice due to requirements like hardly maintainable data structures or additional architectural components. While OPE is a widely discussed topic in theory, to our knowledge only one OPE scheme received noticeable practical attention ((Boldyreva et al., 2009) for SQL-based systems in (Popa et al., 2011; Tu et al., 2013)). Therefore, our work identifies the practical requirements for utilizing OPE in real world usage with focus on existing NoSQL cloud database technologies. We evaluate a variety of popular schemes and propose improvements for two of them in order to further improve their practicability. Then we assess the performance of our modifications in comparison to the approach of (Boldyreva et al., 2011) (which can be considered the successor of (Boldyreva et al., 2009) by a runtime analysis in combination with two popular NoSQL wide column store databases.
References
- Agrawal, R., Kiernan, J., Srikant, R., and Xu, Y. (2004). Order preserving encryption for numeric data. In Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pages 563-574. ACM.
- Boldyreva, A., Chenette, N., Lee, Y., and O'Neill, A. (2009). Order-preserving symmetric encryption. In Advances in Cryptology-EUROCRYPT 2009, pages 224-241. Springer.
- Boldyreva, A., Chenette, N., and O'Neill, A. (2011). Orderpreserving encryption revisited: Improved security analysis and alternative solutions. In Advances in Cryptology-CRYPTO 2011, pages 578-595. Springer.
- Borthakur, D., Gray, J., Sarma, J. S., Muthukkaruppan, K., Spiegelberg, N., Kuang, H., Ranganathan, K., Molkov, D., and Menon, A. (2011). Apache hadoop goes realtime at facebook. In Proceedings of the SIGMOD International Conference on Management of Data, pages 1071-1080. ACM.
- Chang, F., Dean, J., Ghemawat, S., Hsieh, W. C., Wallach, D. A., Burrows, M., Chandra, T., and Fikes, A. (2008). Bigtable: A distributed storage system for structured data. ACM Transactions on Computer Systems (TOCS), 26(2):4.
- Chenette, N., Lewi, K., Weis, S. A., and Wu, D. J. (2015). Practical order-revealing encryption with limited leakage.
- Harrison, G. (2015). Database survey. In Next Generation Databases, pages 217-228. Springer.
- Kadhem, H., Amagasa, T., and Kitagawa, H. (2010). Mv-opes: Multivalued-order preserving encryption scheme: A novel scheme for encrypting integer value to many different values. IEICE TRANSACTIONS on Information and Systems, 93(9):2520-2533.
- Kerschbaum, F. and Schröpfer, A. (2014). Optimal averagecomplexity ideal-security order-preserving encryption. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 275-286. ACM.
- Lakshman, A. and Malik, P. (2010). Cassandra: a decentralized structured storage system. ACM SIGOPS Operating Systems Review, 44(2):35-40.
- Liu, D. and Wang, S. (2012). Programmable orderpreserving secure index for encrypted database query in service cloud environments. In Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on, pages 502-509. IEEE.
- Liu, Z., Chen, X., Yang, J., Jia, C., and You, I. (2014). New order preserving encryption model for outsourced databases in cloud environments. Journal of Network and Computer Applications.
- Mavroforakis, C., Chenette, N., O'Neill, A., Kollios, G., and Canetti, R. (2015). Modular order-preserving encryption, revisited. In Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, pages 763-777. ACM.
- Naveed, M., Kamara, S., and Wright, C. V. (2015). Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 644-655. ACM.
- Okman, L., Gal-Oz, N., Gonen, Y., Gudes, E., and Abramov, J. (2011). Security issues in nosql databases. In Trust, Security and Privacy in Computing and Communications, 2011 IEEE 10th International Conference on, pages 541-547. IEEE.
- Popa, R. A., Li, F. H., and Zeldovich, N. (2013). An idealsecurity protocol for order-preserving encoding. In IEEE Symposium on Security and Privacy, pages 463- 477.
- Popa, R. A., Redfield, C., Zeldovich, N., and Balakrishnan, H. (2011). Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, pages 85-100. ACM.
- Roche, D., Apon, D., Choi, S. G., and Yerukhimov, A. (2015). Pope: Partial order-preserving encoding. Technical report, Cryptology ePrint Arch. 2015/1106.
- Tu, S., Kaashoek, M. F., Madden, S., and Zeldovich, N. (2013). Processing analytical queries over encrypted data. In Proceedings of the VLDB Endowment, volume 6, pages 289-300. VLDB Endowment.
- Waage, T., Jhajj, R. S., and Wiese, L. (2015). Searchable encryption in apache cassandra. In Proceedings of the 8th Symposium on Foundations and Practice of Security (FPS). Springer.
- Wozniak, S., Rossberg, M., Grau, S., Alshawish, A., and Schaefer, G. (2013). Beyond the ideal object: towards disclosure-resilient order-preserving encryption schemes. In Proceedings of the 2013 ACM workshop on Cloud computing security, pages 89-100. ACM.
Paper Citation
in Harvard Style
Waage T., Homann D. and Wiese L. (2016). Practical Application of Order-preserving Encryption in Wide Column Stores . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 352-359. DOI: 10.5220/0005991403520359
in Bibtex Style
@conference{secrypt16,
author={Tim Waage and Daniel Homann and Lena Wiese},
title={Practical Application of Order-preserving Encryption in Wide Column Stores},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={352-359},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005991403520359},
isbn={978-989-758-196-0},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Practical Application of Order-preserving Encryption in Wide Column Stores
SN - 978-989-758-196-0
AU - Waage T.
AU - Homann D.
AU - Wiese L.
PY - 2016
SP - 352
EP - 359
DO - 10.5220/0005991403520359