Security Issues in Querying Encrypted Data

There has been considerable interest in querying encrypted data, allowing a “secure database server” model where the server does not know data values. This paper shows how results from cryptography prove the impossibility of developing a server that meets cryptographic-style definitions of security and is still efficient enough to be practical. The weaker definitions of security supported by previous secure database server proposals have the potential to reveal significant information. We propose a definition of a secure database server that provides probabilistic security guarantees, and sketch how a practical system meeting the definition could be built and proven secure. The primary goal of this paper is to provide a vision of how research in this area should proceed: efficient encrypted database and query processing with provable security properties.

[1]  Niv Ahituv,et al.  Processing encrypted data , 1987, CACM.

[2]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[3]  K. Selçuk Candan,et al.  Hiding Traversal of Tree Structured Data from Untrusted Data Stores , 2003, ISI.

[4]  Gultekin Özsoyoglu,et al.  Anti-Tamper Databases: Querying Encrypted Databases , 2003, DBSec.

[5]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[6]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[7]  Hakan Hacigümüs,et al.  Search on Encrypted Data , 2007, Secure Data Management in Decentralized Systems.

[8]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[9]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[10]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[11]  Oded Goldreich Foundations of Cryptography: Encryption Schemes , 2004 .

[12]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[13]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[14]  Oded Goldreich,et al.  Foundations of Cryptography: General Cryptographic Protocols , 2004 .

[15]  Johann-Christoph Freytag,et al.  Almost Optimal Private Information Retrieval , 2002, Privacy Enhancing Technologies.

[16]  Bhavani Thuraisingham,et al.  Security Constraint Processing in a Multilevel Secure Distributed Database Management System , 2004 .

[17]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[18]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[19]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..