Searchable Encryption to Reduce Encryption Degradation in Adjustably Encrypted Databases

Processing queries on encrypted data protects sensitive data stored in cloud databases. CryptDB has introduced the approach of adjustable encryption for such processing. A database column is adjusted to the necessary level of encryption, e.g. order-preserving, for the set of executed queries, but never reversed. This has the drawback that long running cloud databases will eventually transform into only order-preserving encrypted databases. In this paper we propose searchable encryption as an alternative in order to reduce this encryption degradation. It maintains security while only marginally impacting performance when applied only to infrequently used queries for searching. We present a budget-based encryption selection algorithm as part of query planning for making the appropriate choice between searchable and deterministic or order-preserving encryption. We evaluate our algorithm on a long-tail distributed TPC-C benchmark on an experimental implementation of encrypted queries in an in-memory database. In one choice of parameters our algorithm incurs only a \(1.5\%\) performance penalty, but one of 15 columns is not decrypted to order-preserving or deterministic encryption. Our selection algorithm is configurable, such that higher security gains are possible at the cost of performance.

[1]  Florian Kerschbaum,et al.  Searchable Encryption with Secure and Efficient Updates , 2014, CCS.

[2]  Ernesto Damiani,et al.  ENKI: Access Control for Encrypted Query Processing , 2015, SIGMOD Conference.

[3]  Florian Kerschbaum,et al.  Practical Privacy-Preserving Multiparty Linear Programming Based on Problem Transformation , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[4]  Florian Kerschbaum,et al.  Practical Privacy-Preserving Benchmarking , 2008, SEC.

[5]  Florian Kerschbaum,et al.  Automatic Protocol Selection in Secure Two-Party Computations , 2013, NDSS.

[6]  Florian Kerschbaum,et al.  Poly-Logarithmic Range Queries on Encrypted Data with Small Leakage , 2016, CCSW.

[7]  G. Danezis,et al.  Privacy Technologies for Smart Grids - A Survey of Options , 2012 .

[8]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[9]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[10]  Debmalya Biswas,et al.  On the practical importance of communication complexity for secure multi-party computation protocols , 2009, SAC '09.

[11]  Florian Kerschbaum An access control model for mobile physical objects , 2010, SACMAT '10.

[12]  Florian Kerschbaum,et al.  Filtering for Private Collaborative Benchmarking , 2006, ETRICS.

[13]  Florian Kerschbaum,et al.  Building a Privacy-Preserving Benchmarking Enterprise System , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[14]  Florian Kerschbaum,et al.  Frequency-Hiding Order-Preserving Encryption , 2015, CCS.

[15]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[16]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[17]  Stavros Papadopoulos,et al.  Practical Private Range Search Revisited , 2016, SIGMOD Conference.

[18]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[19]  Florian Kerschbaum,et al.  RFID-based supply chain partner authentication and key agreement , 2009, WiSec '09.

[20]  Florian Kerschbaum,et al.  Encrypting Analytical Web Applications , 2016, CCSW.

[21]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[22]  Octavian Catrina,et al.  Secure Collaborative Supply-Chain Management , 2011, Computer.

[23]  Florian Kerschbaum,et al.  Privacy-Preserving Pattern Matching for Anomaly Detection in RFID Anti-Counterfeiting , 2010, RFIDSec.

[24]  Florian Kerschbaum,et al.  A verifiable, centralized, coercion-free reputation system , 2009, WPES '09.

[25]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[26]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[27]  Florian Kerschbaum,et al.  Optimal Average-Complexity Ideal-Security Order-Preserving Encryption , 2014, CCS.

[28]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[30]  Octavian Catrina,et al.  Fostering the Uptake of Secure Multiparty Computation in E-Commerce , 2008, 2008 Third International Conference on Availability, Reliability and Security.