Xiaoning Jiang,Xiangfeng Kong,Zhenchi Xu

DOI: https://doi.org/10.1088/1742-6596/1550/3/032106

2020-05-01

Journal of Physics: Conference Series

Abstract:Abstract With the rapid development of cloud computing technology, cloud database, as an important part of cloud computing services, has gradually become necessary for daily work of enterprises or individuals. However, entrusting data to third-party managing can lead to security issues such as data leakage, and users cannot guarantee data security. To this end, this paper is based on the CryptDB, an open source database encryption proxy system designed by MIT, in this thesis we propose an improvement scheme for the shortcomings of the original CryptDB system. Specific contents including: By studying the CryptDB system, we find that the system is lack of scalability for different databases and does not involve the management of system keys. For the inefficiency of the mutable Order-Preserving Encryption (mOPE) in CryptDB system, we propose an improved additive Order-Revealing Encryption (aORE) scheme by combining the Practical Order-Revealing Encryption (P-ORE) and mOPE. The scheme is based on pseudorandom function and double encryption. Compared with mOPE, it can improve the execution efficiency of the Order-Preserving scheme at the expense of security.

Baiqiang Wang,Dongfang Zhao

2024-11-26

Abstract:Order-preserving encryption (OPE) is a fundamental cryptographic tool for enabling efficient range queries on encrypted data in outsourced databases. Despite its importance, existing OPE schemes face critical limitations that hinder their practicality. Stateful designs require clients to maintain plaintext-to-ciphertext mappings, imposing significant storage and management overhead. Stateless designs often rely on interactive protocols between the client and server, leading to high communication latency and limited scalability. These limitations make existing schemes unsuitable for real-world applications that demand simplicity, efficiency, and scalability. In this work, we present Homomorphic OPE (HOPE), a new OPE scheme that eliminates client-side storage and avoids additional client-server interaction during query execution. HOPE leverages the additive property of homomorphic encryption to introduce a novel comparison key mechanism, which transforms ciphertext comparison into a randomized difference computation. This mechanism ensures that only the sign of the comparison is preserved while fully masking the underlying plaintext values, enabling secure and efficient range queries without leaking additional information about the data. We provide a formal cryptographic analysis of HOPE, proving its security under the widely accepted IND-OCPA model. Our proofs rigorously demonstrate that the comparison key mechanism reveals no information beyond the order of the plaintexts and ensures resistance to both chosen-plaintext attacks and frequency analysis. To validate the practicality of HOPE, we conduct extensive experiments comparing it with state-of-the-art OPE schemes. The results demonstrate that HOPE achieves competitive query performance while addressing the key limitations of existing designs, making it a scalable and secure solution for outsourced database systems.

Cryptography and Security,Databases

Yu Zhan,Danfeng Shen,Pu Duan,Benyu Zhang,Zhiyong Hong,Baocang Wang

DOI: https://doi.org/10.1016/j.ins.2022.03.001

IF: 8.1

2022-05-01

Information Sciences

Abstract:Nowadays, tremendous information technology industries resort to cloud servers to store data with an outsourcing approach to extend their storage and computation power. This, however, also leads to privacy and security issues of unprotected data against curious cloud servers. The most common solution currently is to encrypt the data before uploading it. The problem is that encrypted data is out of control and users also cannot transfer the searching job to cloud serves anymore. Specifically, the order preserving encryption (OPE) provides an efficient solution to the order of plaintexts. Existing OPE schemes focus on single-dimensional data, and fail to effectively process multi-dimensional data. In this paper, we propose a multi-dimensional data order preserving encryption scheme MDOPE allowing fine-grained multi-dimensional range queries. Our scheme constructs query indexes for each dimension of the data based on the order preserving encryption network. In particular, the proposed scheme ensures that no external entity, including the cloud server, can obtain additional information other than the order of ciphertexts during the whole query process.

computer science, information systems

Ning Shen,Jyh-Haw Yeh,Hung-Min Sun,Chien-Ming Chen

DOI: https://doi.org/10.1109/prdc53464.2021.00025

2021-01-01

Abstract:Order-preserving encryption (OPE) plays an important role in securing outsourced databases. OPE schemes can be either Stateless or Stateful. Stateful schemes can achieve the ideal security of order-preserving encryption, i.e., “reveal no information about the plaintexts besides order.” However, comparing to stateless schemes, stateful schemes require maintaining some state information locally besides encryption keys and the ciphertexts are mutable. On the other hand, stateless schemes only require remembering encryption keys and thus is more efficient. It is a common belief that stateless schemes cannot provide the same level of security as stateful ones because stateless schemes reveal the relative distance among their corresponding plaintext. In real world applications, such security defects may lead to the leakage of statistical and sensitive information, e.g., the data distribution, or even negates the whole encryption. In this paper, we propose a practical and secure stateless order-preserving encryption scheme. With prior knowledge of the data to be encrypted, our scheme can achieve IND-CCPA (INDistinguishability under Committed ordered Chosen Plaintext Attacks) security for static data set. Though the IND-CCPA security can't be met for dynamic data set, our new scheme can still significantly improve the security in real world applications. Along with the encryption scheme, in this paper we also provide methods to eliminate access pattern leakage in communications and thus prevents some common attacks to OPE schemes in practice.

Ce Yang,Weiming Zhang,Nenghai Yu

DOI: https://doi.org/10.1016/j.ins.2016.12.025

IF: 8.1

2016-01-01

Information Sciences

Abstract:Order preserving encryption (OPE) is a kind of encryption designed to support searches on ciphertexts. OPE encrypts plaintexts to ciphertexts with the same order, making it possible to efficiently compare ciphertexts without decryption. Because of its efficiency, OPE has been used in systems aimed at practical use. However, even though many OPE schemes have been proposed, all suffer from security and ciphertext expansion problems.This paper proposes the notation of semi-order preserving encryption (SOPE) as a substitute for OPE. SOPE uses a semi-order preserving condition instead of strict order preserving condition to support a range query on ciphertexts. By this means, SOPE can enhance security and reduce storage cost with some sacrifice of precision. The loss of precision can be eliminated with the cost of extra communication and computation, because it is easy to generate a query on ciphertexts including all required plaintexts.To study the relationship among precision, security and ciphertext expansion, we introduce semi-order preserving degree d, which measures the difference between SOPE and OPE. The theoretical derivation shows that security will increase with d, while precision and ciphertext expansion will decrease with d. Thus SOPE can balance precision, security and ciphertext expansion by adjusting semi-order preserving degree d according to a concrete condition. Finally, we present an implementation of SOPE.

Qinyuan Liu,Zidong Wang,Xiao He,Donghua Zhou

DOI: https://doi.org/10.1109/cns.2018.8433179

2018-01-01

Abstract:Encryption, a powerful tool for data security, has been widely applied to protect sensitive data stored on untrusted cloud servers. One important problem in such an environment is how to support advanced query predicates, such as range queries, over an encrypted data set in an efficient and secure way. Order-preserving encryption (OPE) produces ciphertexts that preserve the order of their plaintexts and performs range queries directly on ciphertexts. However, ideally secure OPE schemes are inefficient (interactive and stateful), because they either ask for extensive client-to-server interactions or require a large persistent client storage that relates to the size of the data set. In this paper, we propose a comparable inner product encoding (CIPE) scheme to support multi-attribute range queries over encrypted data. Our main idea is to encode data and query values as encrypted vectors so that order comparison is realized by calculating the vector's inner product. Compared with existing OPE schemes, our scheme has the following merits: 1) High $e$ ficiency. It allows a client to retrieve data of interest in one round without maintaining any local state. 2) Enhanced security. It achieves ideal security while effectively resisting inference attacks that existing OPE schemes are vulnerable to. Extensive experiments conducted on a real- world, large-scale data set verify the effectiveness of our scheme.

Rui Li,Zhiqiang Wu

DOI: https://doi.org/10.14722/ndss.2023.24423

Abstract:—Dynamic searchable encryption (DSE) is a user-cloud protocol for searching over outsourced encrypted data. Many current DSE schemes resort to oblivious RAMs (ORAM) to achieve forward privacy and backward privacy, which is a concept to describe security levels of the protocol. We show that, however, most prior ORAM-based DSE suffers from a new problem: it is inefficient to fetch/insert a large set of data blocks. We call this the large-stash eviction problem. To address the problem, we present OBI, a multi-path Oblivious RAM, which accesses multiple tree paths per query for handling a large set of data blocks. We classify traditional tree-based ORAMs as single-path ORAMs if they access a single path per query. OBI has two new high-throughput multi-path eviction algorithms that are several orders of magnitude more efficient than the well-known PATH-ORAM eviction algorithm when the stash is large. We prove that the proposed multi-path ORAM outperforms the traditional single-path ORAM in terms of local stash size and insertion efficiency. Security analysis shows that OBI is secure under the strong forward and backward security model. OBI can protect the well-known DSE leakage, such as the search pattern and the size pattern. We also show that OBI can be applied to oblivious file systems and oblivious conjunctive-query DSE schemes. We conduct experiments on the Enron dataset. The experimental results demonstrate that OBI is far more efficient than the state-of-the-art ORAM-based DSE schemes.

Computer Science

Yang Yang,Peidong Guan,Haibo Tian,Fangguo Zhang

DOI: https://doi.org/10.1016/j.csi.2024.103846

IF: 3.721

2024-02-19

Computer Standards & Interfaces

Abstract:Oblivious polynomial evaluation (OPE) constitutes a crucial element in various two-party computation protocols, including private set intersection, data mining, and oblivious keyword search. Consequently, the development of an efficient OPE protocol is of paramount significance. Leveraging the homomorphic properties of encryption algorithms offers an effective avenue for constructing such a protocol. In this paper, we propose an elliptic code-based symmetric homomorphic encryption scheme that incorporates concepts introduced by Armknecht et al. We also provide parameter selection tailored to various security levels. This encryption scheme accommodates arbitrary additions and a finite number of multiplication operations. Expanding on our encryption scheme, we introduce three practical and straightforward OPE protocols that are fully compatible with our encryption framework. We complement these protocols with a comprehensive security analysis. Our protocols not only achieve a high level of security but also exhibit efficiency, requiring only two message transmissions for the entire OPE process. Furthermore, our protocols can concurrently compute function values at multiple evaluation points, whether for distinct functions or the same function.

computer science, software engineering, hardware & architecture

Yaxing Chen,Qinghua Zheng,Zheng Yan

DOI: https://doi.org/10.1145/3597021

IF: 1.6289

2023-01-01

ACM Transactions on Database Systems

Abstract:Hardware-enabled enclaves have been applied to efficiently enforce data security and privacy protection in cloud database services. Such enclaved systems, however, are reported to suffer from I/O-size (also referred to as communication-volume)-based side-channel attacks. Albeit differentially private padding has been exploited to defend against these attacks as a principle method, it introduces a challenging bi-objective parametric query optimization (BPQO) problem and current solutions are still not satisfactory. Concretely, the goal in BPQO is to find a Pareto-optimal plan that makes a tradeoff between query performance and privacy loss; existing solutions are subjected to poor computational efficiency and high cloud resource waste. In this article, we propose a two-phase optimization algorithm called TPOA to solve the BPQO problem. TPOA incorporates two novel ideas: divide-and-conquer to separately handle parameters according to their types in optimization for dimensionality reduction; on-demand-optimization to progressively build a set of necessary Pareto-optimal plans instead of seeking a complete set for saving resources. Besides, we introduce an acceleration mechanism in TPOA to improve its efficiency, which prunes the non-optimal candidate plans in advance. We theoretically prove the correctness of TPOA, numerically analyze its complexity, and formally give an end-to-end privacy analysis. Through a comprehensive evaluation on its efficiency by running baseline algorithms over synthetic and test-bed benchmarks, we can conclude that TPOA outperforms all benchmarked methods with an overall efficiency improvement of roughly two orders of magnitude; moreover, the acceleration mechanism speeds up TPOA by 10-200×.

Dongfang Zhao

2024-06-06

Abstract:Order-preserving encryption (OPE) has been extensively studied for more than two decades in the context of outsourced databases because OPE is a key enabling technique to allow the outsourced database servers to sort encrypted tuples in order to build indexes, complete range queries, and so forth. The state-of-the-art OPE schemes require (i) a stateful client -- implying that the client manages the local storage of some mapping between plaintexts and ciphertexts, and/or (ii) the interaction between the client and the server during the query. In production systems, however, the above assumptions do not always hold (not to mention performance overhead): In the first case, the storage requirement could exceed the capability of the client; In the second case, the clients may not be accessible when the server executes a query involving sort or comparison. This paper proposes a new OPE scheme that works for stateless clients and requires no client-server interaction during the queries. The key idea of our proposed protocol is to leverage the underlying additive property of a homomorphic encryption scheme such that the sign of the difference between two plaintexts can be revealed by some algebraic operations with an evaluation key. We will demonstrate the correctness and security of the proposed protocol in this short paper; the implementation and experimental results will be presented in an extended report.

Cryptography and Security,Databases

Mohamed Alie Kamara,Xudong Li

DOI: https://doi.org/10.1007/978-3-030-70665-4_77

2021-01-01

Abstract:Cloud computing and Database as a service have gaining rapid interest by many organizations today because of its cost effectiveness but it faced a lot of security issued in protecting client business sensitive data, the traditional encryption techniques for database security cannot ensure that a database is safe for intrusion, unauthorized access and queries processes over encrypted data in the present technological evolution. This paper presents a review of Order Preserving Encryption schemes (OPES) a technique for database encryption which execute range queries in an efficient manner, the existing approaches of database encryption techniques using OPE, Principles, and Application of OPE, various types of Attack on OPE and overview of Mutable order Preserving Encoding mOPE.

Dongfang Zhao

DOI: https://doi.org/10.48550/arXiv.2301.04370

2023-01-11

Cryptography and Security

Abstract:The order-preserving encryption (OPE) problem was initially formulated by the database community in 2004 soon after the paradigm database-as-a-service (DaaS) was coined in 2002. Over the past two decades, OPE has drawn tremendous research interest from communities of databases, cryptography, and security; we have witnessed significant advances in OPE schemes both theoretically and systematically. All existing OPE schemes assume that the outsourced database is modeled as a single semi-honest adversary who should learn nothing more than the order information of plaintext messages up to a negligible probability. This paper addresses the OPE problem from a new perspective: instead of modeling the outsourced database as a single semi-honest adversary, we assume the outsourced database \textit{service} compromises a cluster of non-colluding servers, which is a practical assumption as all major cloud vendors support multiple database instances deployed to exclusive sub-networks or even to distinct data centers. This assumption allows us to design a new stateless OPE protocol, namely order-preserving database encryption with secret sharing (ODES), by employing secret-sharing schemes among those presumably non-colluding servers. We will demonstrate that ODES guarantees the latest security level, namely IND-FAOCPA, and outperforms the state-of-the-art scheme by orders of magnitude.

Hongyi Qiao,Cong Peng,Qi Feng,Min Luo,Debiao He

DOI: https://doi.org/10.1109/jiot.2024.3360141

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Range query is commonly used to support ciphertext retrieval on encrypted databases in a cloud-based environment, and order-revealing encryption (ORE) plays an increasingly important role in range query for ciphertext field processing. Specifically, one can utilize ORE to facilitate comparators to determine whether the order of ciphertext(s) corresponds to the associated plaintext(s). Newer ORE designs include those that are resistant to common attacks (e.g., spectral attacks) and those that are capable of supporting both multi-client and single-client settings. However, in the scenario of cross-database range queries, existing multi-client ORE approaches generally pass the data owner’s query key to the searcher during the authorization process. Consequently, this results in agent transfer and permission extension, which can be exploited to facilitate unauthorized access to the database data. To solve these limitations, we propose om-ORE. The latter uses the oblivious pseudorandom function (OPRF) protocol to further enhance the security of token generation mechanism in ORE, and is designed to ensure that neither the data owner nor the authorized client reveals any secret key or expected query range to each other. Using the proposed om-ORE scheme as a building block, we design a secure multi-client ciphertext range query scheme that is resilient to both agent transfer and permission extension attacks. The performance evaluation shows that om-ORE inherits the advantages of state-of-the-art multi-client ORE approaches, in terms of ciphertext size and comparison efficiency, as well as having comparable performance in the token generation process.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ru-Wei HUANG,Xiao-Lin GUI,Ning-Jiang CHEN,Jing YAO

DOI: https://doi.org/10.13328/j.cnki.jos.004656

2015-01-01

Abstract:With the development of cloud computing, privacy has become the key problem of cloud security. While encryption is a well-established technology for protecting sensitive data, it makes effective data utilization a very challenging task. To solve the problem, this paper designs a randomized data structure—random tree (RT), and constructs an encryption scheme OPEART (order-preserving encryption algorithm based on RT). OPEART realizes the encryption of data by randomness, and supports relational calculations (>, <, >=, etc.) on encrypted data. Security analysis and performance evaluation show that OPEART is IND-DNCPA while achieving the goal of relational calculations on encrypted cloud data efficiently.

Yuan Li,Hongbing Wang,Yunlei Zhao

DOI: https://doi.org/10.1145/3321705.3329829

2019-01-01

Abstract:Order-revealing encryption (ORE) is a basic cryptographic primitive for ciphertext comparisons based on the order relationship of plaintexts while maintaining the privacy of them. In the data era we are experiencing, cross-dataset transactions become ubiquitous in practice. However, almost all the previous ORE schemes can only support comparisons on ciphertexts from the same user, which does not meet the requirement for the multi-user environment. In this work, we introduce and design ORE schemes with delegation functionality, which is referred to as delegatable ORE (DORE). The "delegation" here is an authorization that allows for efficient ciphertext comparisons among different users. To the best of our knowledge, it is the first ORE that allows an user to delegate the comparison privilege for his ciphertexts, which also opens the door for future explorations. At the heart of the construction and analysis of DORE is a new building tool proposed in this work, named delegatable equality-revealing encoding (DERE), which might be of independent interest.

Sven Laur,Jan Willemson,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-24861-0_18

2011-01-01

Abstract:Most of the multi-party computation frameworks can be viewed as oblivious databases where data is stored and processed in a secret-shared form. However, data manipulation in such databases can be slow and cumbersome without dedicated protocols for certain database operations. In this paper, we provide efficient protocols for oblivious selection, filtering and shuffle essential tools in privacy-preserving data analysis. As the first contribution, we present a 1-out-of-n oblivious transfer protocol with 0(log log n) rounds, which achieves optimal communication and time complexity and works over any ring Z(N). Secondly, we show how to construct round-efficient shuffle protocols with optimal asymptotic computation complexity and provide several optimizations.

Hui Li,Jingwen Shi,Qi Tian,Zheng Li,Yan Fu,Bingqing Shen,Yaofeng Tu

2024-04-10

Abstract:As cloud computing gains traction, data owners are outsourcing their data to cloud service providers (CSPs) for Database Service (DBaaS), bringing in a deviation of data ownership and usage, and intensifying privacy concerns, especially with potential breaches by hackers or CSP insiders. To address that, encrypted database services propose encrypting every tuple and query statement before submitting to the CSP, ensuring data confidentiality when the CSP is honest-but-curious, or even compromised. Existing solutions either employ property preserving cryptography schemes, which can perform certain operations over ciphertext without decrypting the data over the CSP, or utilize trusted execution environment (TEE) to safeguard data and computations from the CSP. Based on these efforts, we introduce Enc2DB, a novel secure database system, following a hybrid strategy on PostgreSQL and openGauss. We present a micro-benchmarking test and self-adaptive mode switch strategy that can dynamically choose the best execution path (cryptography or TEE) to answer a given query. Besides, we also design and implement a ciphertext index compatible with native cost model and query optimizers to accelerate query processing. Empirical study over TPC-C test justifies that Enc2DB outperforms pure TEE and cryptography solutions, and our ciphertext index implementation also outperforms the state-of-the-art cryptographic-based system.

Cryptography and Security,Databases

Ke Li,Weiming Zhang,Ce Yang,Nenghai Yu

DOI: https://doi.org/10.1109/tifs.2015.2435697

IF: 7.231

2015-01-01

IEEE Transactions on Information Forensics and Security

Abstract:For ranked search in encrypted cloud data, order preserving encryption (OPE) is an efficient tool to encrypt relevance scores of the inverted index. When using deterministic OPE, the ciphertexts will reveal the distribution of relevance scores. Therefore, Wang et al. proposed a probabilistic OPE, called one-to-many OPE, for applications of searchable encryption, which can flatten the distribution of the plaintexts. In this paper, we proposed a differential attack on one-to-many OPE by exploiting the differences of the ordered ciphertexts. The experimental results show that the cloud server can get a good estimate of the distribution of relevance scores by a differential attack. Furthermore, when having some background information on the outsourced documents, the cloud server can accurately infer the encrypted keywords using the estimated distributions.

Gongyu Shi,Geng Wang,Shi-Feng Sun,Dawu Gu

DOI: https://doi.org/10.1007/s00778-024-00852-1

2024-05-24

The VLDB Journal

Abstract:In an encrypted database, all data items stored at the server are encrypted and some operations can be performed directly over ciphertexts. Most existing encrypted database schemes cannot support data interoperability, that is, it cannot handle complex queries which require the output of one operator as the input to another. Wong et al. presented the encrypted database SDB (SIGMOD'14), and it is the only scheme that achieves data interoperability to the best of our knowledge. Recently, Cao et al. revisited the security of SDB (PVLDB'21) and proposed a ciphertext-only attack named "co-prime" attack. Their attack has a high success rate (84.9–99.9% on real-world benchmarks) and works on several common operations in SDB, including addition , sum , equi-join and group-by . However, the attack is time-consuming when the plaintext space (denoted as M ) is large, since the time complexity is , or O ( M ) with the meet-in-the-middle strategy. Cao et al. 's experiments showed that the attack takes minutes on a laptop when . And the expected time cost will be 15,261 years if , which is infeasible. In addition, the authors provided the countermeasures to prevent co-prime attack. Our main contribution in this paper is twofold. First, we propose an improved ciphertext-only attack based on lattice reduction against SDB with time complexity O (1). Our attack works on not only the previous four operations discussed by Cao et al., but also some aggregate operations, and its success rate is the same as that of co-prime attack. With the same parameters, our attack only takes  s on a laptop, which is 37 faster than co-prime attack. Besides, our attack works for large M up to while the time cost remains almost unchanged. Thus, our attack is much more efficient and powerful. Next, we analyze the countermeasures proposed by Cao et al. and present an efficient attack with the orthogonal lattice reduction method, which denies the security of Cao et al.'s modified scheme. The time complexity is , and the attack takes several minutes on a laptop. Furthermore, we validate our attacks on two real-world public datasets and make some discussions.

computer science, information systems, hardware & architecture

Chuting Tan,Zoe L. jiang,Xuan Wang,S. M. Yiu,Junbin Fang,Jin Li,Yabin Jin,Jiajun Huang

DOI: https://doi.org/10.1145/2897845.2897919

2016-01-01

Abstract:There is an increasing trend for data owners to store their data in a third-party cloud server and buy the service from the cloud server to provide information to other users. To ensure confidentiality, the data is usually encrypted. Therefore, an encrypted data searching scheme with privacy preserving is of paramount importance. Predicate encryption (PE) is one of the attractive solutions due to its attribute-hiding merit. However, as cloud is not always trusted, verifying the searched results is also crucial. Firstly, a generic construction of Publicly Verifiable Predicate Encryption (PVPE) scheme is proposed to provide verification for PE. We reduce the security of PVPE to the security of PE. However, from practical point of view, to decrease the communication overhead and computation overhead, an improved PVPE is proposed with the trade-off of a small probability of error.