An Experimental Evaluation of Multi-Key Strategies for Data Outsourcing

Data outsourcing is emerging today as a successful solution for organizations looking for a cost-effective way to make their data available for on-line querying. To protect outsourced data from unauthorized accesses, even from the (honest but curious) host server, data are encrypted and indexes associated with them enable the server to execute queries without the need of accessing cleartext. Current solutions consider the whole database as encrypted with a single key known only to the data owner, which therefore has to be kept involved in the query execution process. In this paper, we propose different multi-key data encryption strategies for enforcing access privileges. Our strategies exploit different keys, which are distributed to the users, corresponding to the different authorizations. We then present some experiments evaluating the quality of the proposed strategies with respect to the amount of cryptographic information to be produced and maintained.

[1]  Byrav Ramamurthy,et al.  Hierarchy-based access control in distributed environments , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[2]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[3]  Chinchen Chang,et al.  A cryptographic implementation for dynamic access control in a user hierarchy , 1995, Comput. Secur..

[4]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[5]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[6]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.

[7]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[8]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[9]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[10]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[11]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[12]  Luc Bouganim,et al.  Chip-Secured Data Access: Confidential Data on Untrusted Servers , 2002, VLDB.

[13]  TsudikGene,et al.  Authentication and integrity in outsourced databases , 2006 .

[14]  Tsai Hui-Min,et al.  Refereed paper: A cryptographic implementation for dynamic access control in a user hierarchy , 1995 .

[15]  K. J. Ray Liu,et al.  Scalable hierarchical access control in secure group communications , 2004, IEEE INFOCOM 2004.

[16]  Marina Blanton,et al.  Dynamic and Efficient Key Management for Access Hierarchies , 2009, TSEC.

[17]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.