Anti-Tamper Databases: Querying Encrypted Databases

With advances in mobile computing, web technologies, and powerful laptops, databases with sensitive data can be physically retrieved by malicious users who can employ techniques that were not previously thought of, such as disk scans, compromising the data by bypassing the database management system software or database user authentication processes. Or, when databases are provided as a service, the service providers may not be trustworthy. A way to prevent, delay, limit, or contain the compromise of the protected data in a database from such outsider or insider threats is to encrypt the data and the database schema, and yet allow queries and transactions over the encrypted data without decrypting data. In this thesis, we propose the use of anti-tamper databases, where (a) the database contents are encrypted a priori for security in a way to allow efficient query processing directly on the encrypted database, and (b) for SQL queries expressible in relational algebra, there is no extra query processing cost except for the decryption of the final query output. We investigate the capabilities and limitations of encrypting the database in relational databases, and yet allowing, to the extent possible, efficient SQL querying of the encrypted database. We concentrate on integer-valued attributes, and investigate a family of open-form and closed-form homomorphism encryption/decryption functions, the associated query transformation problems, inference control issues, and how to handle overflow and precision errors in computing systems. Furthermore, we quantify the additional costs incurred when executing aggregate nested SQL queries over encrypted relational databases. We present the query execution strategies, derive cost formulas, and analyze detailed experimental results for such queries. We observe the crossover points as to when processing a query over an encrypted database is still more advantageous than shipping it over the Internet to a server housing with the original, nonencrypted database, evaluating it and returning the query output to the user. We conclude that anti-tamper databases approach is feasible and effective to protect data privacy in a relational database against insider and outsider threats in the current web-based and mobile computing environments.

[1]  Kyuseok Shim,et al.  Including Group-By in Query Optimization , 1994, VLDB.

[2]  A. Karr,et al.  Disseminating Information but Protecting Confidentiality , 2000 .

[3]  Fang Chen,et al.  The semantics and expressive power of the MLR data model , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[4]  Kyuseok Shim,et al.  Optimizing Queries with Aggregate Views , 1996, EDBT.

[5]  Raghu Ramakrishnan,et al.  Database Management Systems , 1976 .

[6]  David Jordan,et al.  The Object Database Standard: ODMG 2.0 , 1997 .

[7]  Jim Melton,et al.  SQL: 1999, formerly known as SQL3 , 1999, SGMD.

[8]  Won Kim,et al.  On optimizing an SQL-like nested query , 1982, TODS.

[9]  Dorothy E. Denning,et al.  The SeaView security model , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[10]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[11]  G. Duncan,et al.  Private Lives and Public Policies: Confidentiality and Accessibility of Government Statistics , 1993 .

[12]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13]  Gultekin Özsoyoglu,et al.  A Relational Calculus with Set Operators, Its Safety and Equivalent Graphical Languages , 1989, IEEE Trans. Software Eng..

[14]  Joseph M. Hellerstein,et al.  Practical predicate placement , 1994, SIGMOD '94.

[15]  Josep Domingo-Ferrer Multi-application smart cards and encrypted data, processing , 1996, Future Gener. Comput. Syst..

[16]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[17]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[18]  César A. Galindo-Legaria,et al.  Orthogonal optimization of subqueries and aggregation , 2001, SIGMOD '01.

[19]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[20]  George T. Duncan,et al.  Obtaining Information while Preserving Privacy: A Markov Perturbation Method for Tabular Data , 1997 .

[21]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[22]  Hamid Pirahesh,et al.  Cost-based optimization for magic: algebra and implementation , 1996, SIGMOD '96.

[23]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[24]  Peter D. Schumer Introduction to Number Theory , 1995 .

[25]  Teresa F. Lunt,et al.  A Semantic Framework of the Multilevel Secure Relational Model , 1997, IEEE Trans. Knowl. Data Eng..

[26]  Umeshwar Dayal,et al.  Of Nests and Trees: A Unified Approach to Processing Queries That Contain Nested Subqueries, Aggregates, and Quantifiers , 1987, VLDB.

[27]  Gultekin Özsoyoglu,et al.  Information loss in three cell-level control techniques for summary tables , 1993, Inf. Sci..

[28]  Richard J. Lipton,et al.  Foundations of Secure Computation , 1978 .

[29]  Michael Stonebraker,et al.  Predicate migration: optimizing queries with expensive predicates , 1992, SIGMOD Conference.

[30]  Gultekin Özsoyoglu,et al.  Auditing and Inference Control in Statistical Databases , 1982, IEEE Transactions on Software Engineering.

[31]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[32]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[33]  E. Brickell,et al.  On privacy homomorphisms , 1987 .

[34]  Rodney W. Topor,et al.  Safety and correct translation of relational calculus formulas , 1987, PODS '87.

[35]  J. Miller Numerical Analysis , 1966, Nature.

[36]  Frédéric Cuppens,et al.  A 'natural' decomposition of multi-level relations , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[37]  J. Ferrer A new privacy homomorphism and applications , 1996 .

[38]  Gultekin Özsoyoglu,et al.  On Inference Control in Semantic Data Models for Statistical Databases , 1990, J. Comput. Syst. Sci..

[39]  Dmitri Asonov,et al.  Querying Databases Privately , 2004, Lecture Notes in Computer Science.

[40]  M. J. Maron,et al.  Numerical Analysis: A Practical Approach , 1982 .

[41]  George T. Duncan,et al.  Disclosure Risk vs. Data Utility: The R-U Confidentiality Map , 2003 .

[42]  Alon Y. Halevy,et al.  Query Optimization by Predicate Move-Around , 1994, VLDB.

[43]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[44]  Josep Domingo-Ferrer,et al.  A Provably Secure Additive and Multiplicative Privacy Homomorphism , 2002, ISC.

[45]  Surajit Chaudhuri,et al.  Maintenance of Materialized Views: Problems, Techniques, and Applications. , 1995 .

[46]  Sushil Jajodia,et al.  Multilevel Secure Transaction Processing , 1999, Advances in Database Systems.

[47]  Richard J. Lipton,et al.  Secure databases: protection against user influence , 1979, TODS.

[48]  Gultekin Özsoyoglu,et al.  Controlling FD and MVD Inferences in Multilevel Relational Database Systems , 1991, IEEE Trans. Knowl. Data Eng..

[49]  Niv Ahituv,et al.  Processing encrypted data , 1987, CACM.

[50]  A. Craig Eddy,et al.  The Effect of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) on Health Care Fraud in Montana , 2000 .

[51]  Sushil Jajodia,et al.  Multilevel Security Transaction Processing , 2001, Journal of computing and security.

[52]  Jeffrey D. Uuman Principles of database and knowledge- base systems , 1989 .

[53]  Jon M. Kleinberg,et al.  Auditing Boolean attributes , 2000, PODS.

[54]  Patricia G. Selinger,et al.  Access path selection in a relational database management system , 1979, SIGMOD '79.

[55]  George T. Duncan,et al.  [Enhancing Access to Microdata While Protecting Confidentiality: Prospects for the Future]: Rejoinder , 1991 .

[56]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[57]  Sushil Jajodia,et al.  Policy algebras for access control: the propositional case , 2001, CCS '01.

[58]  Surajit Chaudhuri,et al.  An overview of query optimization in relational systems , 1998, PODS.

[59]  J. Douglas Faires,et al.  Numerical Analysis , 1981 .

[60]  Don Redmond Number Theory , 2018, Theoretical and Mathematical Physics.