Strongly Secure and Efficient Range Queries in Cloud Databases under Multiple Keys

Cloud database provides an advantageous platform for outsourcing of database service. To protect data confidentiality from an untrusted cloud, the original database is often encrypted and then uploaded to the cloud. However, in order to support functional queries, existing secure databases require users to encrypt their data under the same public/symmetric key, which restricts the usage scenarios since users do not really trust each other in practice. Imagine a scenario where a user uploaded his/her own encrypted data to the cloud database and another user wants to execute private range queries on this data. This scenario occurs in many cases of collaborative statistical analysis where the data provider and analyst are different entities. Then either the data provider must reveal its encryption key or the analyst must reveal the private queries. In this paper, we overcome this restriction for secure range queries by enabling query executions on the multi-key encryption data. We propose a secure cloud database supporting range queries under multiple keys, in which all users could preserve the confidentiality of their own different keys, and do not have to share them with each other. At a higher level, our system is constructed on a two-cloud architecture and a novel distributed two-trapdoor public key cryptosystem. We prove that the proposed scheme achieves the goal of a secure query without leaking data privacy, query privacy, and data access patterns. Finally, we use extensive experiments over a real-world dataset on a commercial cloud platform to verify the efficacy of our proposed scheme.

[1]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[2]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[3]  Emmanuel Bresson,et al.  A Simple Public-Key Cryptosystem with a Double Trapdoor Decryption Mechanism and Its Applications , 2003, ASIACRYPT.

[4]  Florian Kerschbaum,et al.  Secure Range Queries for Multiple Users , 2018, ArXiv.

[5]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[6]  Rishabh Poddar,et al.  Arx: A Strongly Encrypted Database System , 2016, IACR Cryptol. ePrint Arch..

[7]  Technologie NIST Special Publication 800-53 , 2010 .

[8]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[9]  Yantian Hou,et al.  Secure Similar Sequence Query on Outsourced Genomic Data , 2018, AsiaCCS.

[10]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[11]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[12]  Stefan Katzenbeisser,et al.  Efficiently Outsourcing Multiparty Computation Under Multiple Keys , 2013, IEEE Transactions on Information Forensics and Security.

[13]  Robert H. Deng,et al.  A Privacy-Preserving Outsourced Functional Computation Framework Across Large-Scale Multiple Encrypted Domains , 2016, IEEE Transactions on Computers.

[14]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[15]  Ken Eguro,et al.  Transaction processing on confidential data using cipherbase , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[16]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[17]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[18]  Ming Li,et al.  A tale of two clouds: Computing on data encrypted under multiple keys , 2014, 2014 IEEE Conference on Communications and Network Security.

[19]  Nenghai Yu,et al.  Two-Cloud Secure Database for Numeric-Related SQL Range Queries With Privacy Preserving , 2017, IEEE Transactions on Information Forensics and Security.

[20]  Xiaohong Jiang,et al.  Secure k-NN Query on Encrypted Cloud Data with Multiple Keys , 2017 .

[21]  N. B. Anuar,et al.  The rise of "big data" on cloud computing: Review and open research issues , 2015, Inf. Syst..

[22]  Mauro Barni,et al.  Composite Signal Representation for Fast and Storage-Efficient Processing of Encrypted Signals , 2010, IEEE Transactions on Information Forensics and Security.

[23]  Robert K. Cunningham,et al.  SoK: Cryptographically Protected Database Search , 2017, 2017 IEEE Symposium on Security and Privacy (SP).