Fast, Secure Encryption for Indexing in a Column-Oriented DBMS

Networked information systems require strong security guarantees because of the new threats that they face. Various forms of encryption have been proposed to deal with this problem. In a database system, there are often two contradictory goals: security of the encryption and fast performance of queries. There have been a number of proposals of database encryption schemes to facilitate queries on encrypted columns. Order-preserving encryption techniques are well-suited for databases since they support a simple, and efficient way to build indices. However, as we will show, they are insecure under straightforward attack scenarios. We propose a new light-weight database encryption scheme (called FCE) for column stores in data warehouses with trusted servers. The low decryption overhead of FCE makes comparisons of ciphertexts and hence indexing operations very fast. Since it is hard to use classical security definitions in cryptography to prove the security of any existing symmetric encryption scheme, we propose a relaxed measure of security, called INFO-CPA-DB. INFO-CPA-DB is based on a well-established security definition in cryptography and relaxes it using information theoretic concepts. Using INFO-CPA-DB, we give strong evidence that FCE is as secure as any underlying block cipher (yet more efficient than using the block cipher itself). Using the same security measure we also show the inherent insecurity of any order preserving encryption scheme under straightforward attack scenarios. We discuss indexing techniques based on FCE as well.

[1]  Moni Naor,et al.  Derandomized Constructions of k-Wise (Almost) Independent Permutations , 2005, APPROX-RANDOM.

[2]  Eli Upfal,et al.  Probability and Computing: Randomized Algorithms and Probabilistic Analysis , 2005 .

[3]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[4]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[5]  Steven Myers,et al.  Simple permutations mix well , 2005, Theor. Comput. Sci..

[6]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  Gultekin Özsoyoglu,et al.  Anti-Tamper Databases: Querying Encrypted Databases , 2003, DBSec.

[8]  Michael Stonebraker,et al.  C-Store: A Column-oriented DBMS , 2005, VLDB.

[9]  Chris Clifton,et al.  Security Issues in Querying Encrypted Data , 2005, DBSec.

[10]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[11]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[12]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[13]  Ralph Howard,et al.  Data encryption standard , 1987 .