Jinfei Liu,Juncheng Yang,Li Xiong,Jian Pei

DOI: https://doi.org/10.1109/icde.2017.117

2017-01-01

Abstract:Outsourcing data and computation to cloud server provides a cost-e ective way to support large scale data storage and query processing. However, due to security and privacy concerns, sensitive data (e.g., medical records) need to be protected from the cloud server and other unauthorized users. One approach is to outsource encrypted data to the cloud server and have the cloud server perform query processing on the encrypted data only. It remains a challenging task to support various queries over encrypted data in a secure and e cient way such that the cloud server does not gain any knowledge about the data, query, and query result. In this paper, we study the problem of secure skyline queries over encrypted data. The skyline query is particularly important for multicriteria decision making but also presents significant challenges due to its complex computations. We propose a fully secure skyline query protocol on data encrypted using semanticallysecure encryption. As a key subroutine, we present a new secure dominance protocol, which can be also used as a building block for other queries. Finally, we provide both serial and parallelized implementations and empirically study the protocols in terms of e ciency and scalability under di erent parameter settings, verifying the feasibility of our proposed solutions.

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1007/11863908_29

2006-01-01

Abstract:Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.

Bo Sun,Sen Zhao,Guohua Tian

DOI: https://doi.org/10.1080/09540091.2024.2323059

2024-03-07

Connection Science

Abstract:Limited by the local storage resource, data users have to encrypt their data and outsource the encrypted databases to cloud servers to enjoy low-cost, professional data management services, which promotes the rapid development of outsourcing database technology. Despite this, the complex underlying setting and loosely coupled database architecture lead to various security risks and performance bottlenecks, while there is currently no work to achieve a comprehensive evaluation of existing encrypted database solutions from the aspects of underlying settings, security levels, functions, etc. In this work, we first propose an evaluation model to assess SQL functionalities and security from multiple dimensions. Secondly, we categorise the existing SQL query schemes into three categories: software-based construction, hardware-based construction, and hybrid-based construction, that is, a combination of software and hardware components. On this basis, we analyse the framework, advantages, and limitations of classic and state-of-the-art schemes. Finally, we summarise the software-based and hardware-based approaches from dimensions of SQL functionality, security, and efficiency, thus clarifying their ideal application scenarios. Notably, SQL query schemes that exhibit minimal equality of pair leakage and support strong obliviousness can achieve higher levels of security. In addition, hardware-based solutions can achieve more complex SQL queries and superior performance without designing complex and functionally-limited cryptographic tools.

computer science, artificial intelligence, theory & methods

Tikaram Sanyashi,Bernard Menezes

2023-08-05

Abstract:Sensitive applications running on the cloud often require data to be stored in an encrypted domain. To run data mining algorithms on such data, partially homomorphic encryption schemes (allowing certain operations in the ciphertext domain) have been devised. One such line of work yields schemes for secure \textit{k-nearest neighbors} computation that is designed to provide both \textit{Data Privacy} and \textit{Query Privacy}. Enhancements in this area further ensure that the data owner approves each query issued by a query user before the cloud server processes it. In this work, we describe an attack that invalidates the \textit{key confidentiality} claim, which further invalidates the \textit{Data Privacy} claim for these schemes. We show that a query user can specially tailor a query to extract information about the secret key used to encrypt the data points. Furthermore, the recovered secret information can be used to derive all the plaintext data points breaking \textit{data privacy}. We then suggest enhanced encryption schemes that make such attacks on \textit{data privacy} impossible while incurring meager additional costs in performance.

Cryptography and Security

Guoxiu Liu,Geng Yang,Haiwei Wang,Hua Dai,Qiang Zhou

DOI: https://doi.org/10.3837/tiis.2018.07.021

2018-01-01

KSII Transactions on Internet and Information Systems

Abstract:With the advent of database-as-a-service (DAAS) and cloud computing, more and more data owners are motivated to outsource their data to cloud database in consideration of convenience and cost. However, it has become a challenging work to provide security to database as service model in cloud computing, because adversaries may try to gain access to sensitive data, and curious or malicious administrators may capture and leak data. In order to realize privacy preservation, sensitive data should be encrypted before outsourcing. In this paper, we present a secure and practical system over encrypted cloud data, called QSDB (queryable and secure database), which simultaneously supports SQL query operations. The proposed system can store and process the floating point numbers without compromising the security of data. To balance tradeoff between data privacy protection and query processing efficiency, QSDB utilizes three different encryption models to encrypt data. Our strategy is to process as much queries as possible at the cloud server. Encryption of queries and decryption of encrypted queries results are performed at client. Experiments on the real-world data sets were conducted to demonstrate the efficiency and practicality of the proposed system.

Zoe L. Jiang,Jiajun Huang,Zechao Liu,Xuan Wang

DOI: https://doi.org/10.1109/spac.2017.8304269

2017-01-01

Abstract:With the rapid popularization of cloud computing, people began to store data in the cloud server, to avoid the cumbersome local data management and to get more convenient services. However, on one hand the cloud server cannot guarantee absolute security, as Hackers will use a variety of unexpected method to intrude the cloud server. On the other hand, the cloud server administrator may leak data in database, which may lead to serious consequence. The data can be stored in the form of ciphertext for the sake of protecting the privacy of user data. One efficient method to prevent data leakage is data encryption. However, this brings a range of problems. For example, in what ways the encrypted data which stored in the cloud server can be searched by authorized data users? Motivated by this question, we proposed Attribute-based Queries over Outsourced Encrypted Database. This method enables a data user, whose attributes satisfy one specific data owners access control policy, search over the data owners outsourced encrypted database.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Wenjie Liu,Peipei Gao,Zhihao Liu,Hanwu Chen,Maojun Zhang

DOI: https://doi.org/10.1155/2019/4923590

2020-02-01

Abstract:Cloud computing is a powerful and popular information technology paradigm that enables data service outsourcing and provides higher-level services with minimal management effort. However, it is still a key challenge to protect data privacy when a user accesses the sensitive cloud data. Privacy-preserving database query allows the user to retrieve a data item from the cloud database without revealing the information of the queried data item, meanwhile limiting user's ability to access other ones. In this study, in order to achieve the privacy preservation and reduce the communication complexity, a quantum-based database query scheme for privacy preservation in cloud environment is developed. Specifically, all the data items of the database are firstly encrypted by different keys for protecting server's privacy, and in order to guarantee the clients' privacy, the server is required to transmit all these encrypted data items to the client with the oblivious transfer strategy. Besides, two oracle operations, a modified Grover iteration, and a special offset encryption mechanism are combined together to ensure that the client can correctly query the desirable data item. Finally, performance evaluation is conducted to validate the correctness, privacy, and efficiency of our proposed scheme.

Quantum Physics,Cryptography and Security

Shunrong Jiang,Xiaoyan Zhu,Linke Guo,Jianqing Liu

DOI: https://doi.org/10.1109/tcc.2017.2684811

IF: 5.697

2017-01-01

IEEE Transactions on Cloud Computing

Abstract:Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations while keeping privacy-preservation and achieving the verification requirements: authenticity, freshness, and completeness. The security analysis and performance evaluation show that the proposed scheme is privacy-preserving and practical.

Wentao Wang,Yuxuan Jin,Bin Cao

DOI: https://doi.org/10.1109/pst55820.2022.9851989

2022-01-01

Abstract:The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dual-server model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.

Bharath K. Samanthula,Wei Jiang,Elisa Bertino

DOI: https://doi.org/10.48550/arXiv.1401.3768

2014-01-15

Cryptography and Security

Abstract:With the many benefits of cloud computing, an entity may want to outsource its data and their related analytics tasks to a cloud. When data are sensitive, it is in the interest of the entity to outsource encrypted data to the cloud; however, this limits the types of operations that can be performed on the cloud side. Especially, evaluating queries over the encrypted data stored on the cloud without the entity performing any computation and without ever decrypting the data become a very challenging problem. In this paper, we propose solutions to conduct range queries over outsourced encrypted data. The existing methods leak valuable information to the cloud which can violate the security guarantee of the underlying encryption schemes. In general, the main security primitive used to evaluate range queries is secure comparison (SC) of encrypted integers. However, we observe that the existing SC protocols are not very efficient. To this end, we first propose a novel SC scheme that takes encrypted integers and outputs encrypted comparison result. We empirically show its practical advantage over the current state-of-the-art. We then utilize the proposed SC scheme to construct two new secure range query protocols. Our protocols protect data confidentiality, privacy of user's query, and also preserve the semantic security of the encrypted data; therefore, they are more secure than the existing protocols. Furthermore, our second protocol is lightweight at the user end, and it can allow an authorized user to use any device with limited storage and computing capability to perform the range queries over outsourced encrypted data.

Zheli Liu,Haoyu Ma,Jin Li,Chunfu Jia,Jingwei Li,Ke Yuan

DOI: https://doi.org/10.1007/978-3-642-38631-2_32

2013-01-01

Abstract:Outsourcing database has attracted much attention recently due to the emergence of Cloud Computing. However, there are still two problems to solve, 1) how to encipher and protect the sensitive information before outsourcing while keeping the database structure, and 2) how to enable better utilization of the database like fuzzy queries over the encrypted information. In this paper we propose a new solution based on format-preserving encryption, which protects the privacy of the sensitive data and keeps the data structure as well in the encrypted database. We also show how to perform fuzzy queries over such enciphered data. Specially, our scheme supports fuzzy queries by simply exploiting the internal storing and query mechanism of the databases, thus the influence on both the inner relation of databases and the construction of applications are minimized. Evaluation indicates that our scheme is able to efficiently perform fuzzy query on encrypted database.

Peiyi Tu,Xingjun Wang

DOI: https://doi.org/10.1007/978-981-97-0945-8_22

2024-01-01

Abstract:In recent years, the Database-as-a-Service (DAS) model has become increasingly popular for cost-effective data outsourcing to cloud service providers. To ensure data security and functionality, Searchable Encryption (SE) has been introduced. However, many existing SE schemes unintentionally leak access patterns, posing significant privacy risks. While solutions like Oblivious RAM (ORAM) and Fully Homomorphic Encryption (FHE) can mitigate this, they are computationally intensive, limiting their practicality for large-scale databases. In this paper, we design a dynamic and efficient SE scheme called DPDSE that exploits differential privacy obfuscation of access patterns. Specifically, we obfuscate the ciphertext by deploying Laplace and Randomized Response mechanism. DPDSE strikes a balance between privacy and storage costs, while maintaining compatibility with any SE scheme. We give a formal mathematical proof of the security of DPDSE and conduct experiments on real datasets. The results show that DPDSE is significantly more secure than traditional SE schemes at a storage cost of up to 2.5%.

Johannes Koppenwallner,Erich Schikuta

2023-12-19

Abstract:Outsourcing a relational database to the cloud offers several benefits, including scalability, availability, and cost-effectiveness. However, there are concerns about the security and confidentiality of the outsourced data. A general approach here would be to encrypt the data with a standardized encryption algorithm and then store the data only encrypted in the cloud. The problem with this approach, however, is that with encryption, important properties of the data such as sorting, format or comparability, which are essential for the functioning of database queries, are lost. One solution to this problem is the use of encryption algorithms, which also preserve these properties in the encrypted data, thus enabling queries to encrypted data. These algorithms range from simple algorithms like Caesar encryption to secure algorithms like mOPE. The report at hand presents a survey on common encryption techniques used for storing data in relation Cloud database services. It presents the applied methods and identifies their characteristics.

Cryptography and Security,Databases

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2011.00110

2011-01-01

Journal of Computer Applications

Abstract:Currently in outsourced database service,to consider a unilateral protection technology outsourcing is difficult to meet the security requirements of the lack of a database.In this paper,the authors proposed a solution to enforce data confidentiality,data privacy,user privacy and access control over outsourced database services.The approach started from a flexible definition of privacy constraints on a relational schema,applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information.Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection,the approach allowed storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Meanwhile,by applying cryptographic technology on the auxiliary random server protocol,the approach can solve the problem of private information retrieval to protect user privacy and access control.The theoretical analysis shows that the new model can provide efficient data privacy protection and query processing,efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control.

Dmytro Bogatov,Georgios Kellaris,George Kollios,Kobbi Nissim,Adam O'Neill

DOI: https://doi.org/10.1145/3460120.3484786

2021-09-28

Abstract:As organizations struggle with processing vast amounts of information, outsourcing sensitive data to third parties becomes a necessity. To protect the data, various cryptographic techniques are used in outsourced database systems to ensure data privacy, while allowing efficient querying. A rich collection of attacks on such systems has emerged. Even with strong cryptography, just communication volume or access pattern is enough for an adversary to succeed. In this work we present a model for differentially private outsourced database system and a concrete construction, $\mathcal{E}\text{psolute}$, that provably conceals the aforementioned leakages, while remaining efficient and scalable. In our solution, differential privacy is preserved at the record level even against an untrusted server that controls data and queries. $\mathcal{E}\text{psolute}$ combines Oblivious RAM and differentially private sanitizers to create a generic and efficient construction. We go further and present a set of improvements to bring the solution to efficiency and practicality necessary for real-world adoption. We describe the way to parallelize the operations, minimize the amount of noise, and reduce the number of network requests, while preserving the privacy guarantees. We have run an extensive set of experiments, dozens of servers processing up to 10 million records, and compiled a detailed result analysis proving the efficiency and scalability of our solution. While providing strong security and privacy guarantees we are less than an order of magnitude slower than range query execution of a non-secure plain-text optimized RDBMS like MySQL and PostgreSQL.

Cryptography and Security

Zheli Liu,Jingwei Li,Jin Li,Chunfu Jia,Jun Yang,Ke Yuan

DOI: https://doi.org/10.4018/ijdwm.2014100104

2014-01-01

International Journal of Data Warehousing and Mining

Abstract:With the development of cloud computing and big data, data privacy protection has become an urgent problem to solve. Data encryption is the most effective way to protect privacy; however, it will change the data format and result in: 1. database structure and application software will be changed; 2. structured query language (SQL) operations cannot work properly, especially in SQL-based fuzzy query. As a result, it is necessary to provide an SQL-based fuzzy query mechanism over encrypted databases, including traditional databases and cloud outsourced databases. This paper establishes a secure database system using format-preserving encryption (FPE) as the underlying primitive to protect the data privacy while not change the database structure. It further proposes a new SQL-based fuzzy query mechanism supporting directly query over encrypted data, which is constructed by FPE and universal hash function (UHF). The security of the proposed mechanism is analyzed as well. In the end, it makes extensive experiments on the system to demonstrate its practical performance.

Jing Yao,Helei Cui,Xiaolin Gui

DOI: https://doi.org/10.1109/dsc47296.2019.8937632

2019-01-01

Abstract:Searchable symmetric encryption (SSE) is a practical technique that allows a client to outsource her encrypted files while maintaining an efficient and secure keyword search ability to authorized clients. To support multi-keyword or Boolean search capability, most of the existing SSE designs inevitably reveal the intermediate single keyword search result to the remote server. Such unintended leakage could be abused to infer the valuable information of the encrypted dataset. In order to hide this kind of intermediate search result (even in some private manners), two promising directions could be adopted, one is a hardware-assisted technology, e.g., Intel SGX, and the other is a software-based approach, e.g., indistinguishability obfuscation (iO). Here, we focus on the iO approach and devise a highly-scalable SSE design for supporting Boolean queries without revealing its single keyword search results. To show the advantages of our proposed design, we conduct a theoretical comparison between some related SSE protocols and ours in terms of storage and computation costs.

Ye Xiong,Dawu Gu,Haining Lu

DOI: https://doi.org/10.2991/ccis-13.2013.115

2013-01-01

Abstract:With the prevalence of cloud computing, more and more data are outsourced to the untrusted cloud servers, which raises a security issue that how can data owners ensure the privacy of their data in cloud. A straightforward way is to encrypt the data before uploading, but it will face new challenge when data owners need to search on their encrypted data.Searchable encryption will help to solve this problem by enabling the cloud servers to perform searching for the data owners while not learning any information about the data and the searching criteria.Range query on large encrypted data set is one of the most difficult parts of searchable encryption. In this paper, we proposed a novel scheme which improves the security and avoids any false positive. And the evaluation shows that our scheme reduces client storage and remain efficiency compared with the existing schemes.

Lu Li,Xufeng Jiang,Fei Zhu,An Liu

DOI: https://doi.org/10.1007/978-981-15-3281-8_9

2020-01-01

Abstract:In the cloud computing paradigm, data owners could outsource their databases to the service provider, and thus reap huge benefits from releasing the heavy storage and management tasks to the cloud server. However, sensitive data, such as medical or financial records, should be encrypted before uploading to the cloud server. Unfortunately, this will introduce new challenges to data utilization. In this paper, we study the problem of skyline queries in a way that data privacy for both data owner and the client is preserved. We propose a hybrid protocol via additively homomorphic encryption system and Yao’s garbled circuits. By taking advantages of Yao’s protocol, we design a highly improved protocol which can be used to determine the skyline point and exclude the points dominated by others in an oblivious way. Based on this subroutine, we construct a fully secure protocol for skyline queries. We theoretically prove that the protocols are secure in the semi-honest model. Through analysis and extensive experiments, we demonstrate the efficiency and scalability of our proposed solutions.