Enforcing Privacy in Cloud Databases

Outsourcing databases, i.e., resorting to Database-as-a-Service (DBaaS), is nowadays a popular choice due to the elasticity, availability, scalability and pay-as-you-go features of cloud computing. However, most data are sensitive to some extent, and data privacy remains one of the top concerns to DBaaS users, for obvious legal and competitive reasons.In this paper, we survey the mechanisms that aim at making databases secure in a cloud environment, and discuss current pitfalls and related research challenges.

[1]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[2]  Gultekin Özsoyoglu,et al.  Anti-Tamper Databases: Querying Encrypted Databases , 2003, DBSec.

[3]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[4]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[5]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[6]  Ramakrishnan Srikant,et al.  Privacy preserving OLAP , 2005, SIGMOD '05.

[7]  Radu Sion,et al.  Towards Secure Data Outsourcing , 2008, Handbook of Database Security.

[8]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[9]  Raluca A. Popa,et al.  Building practical systems that compute on encrypted data , 2014 .

[10]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[11]  Jun Furukawa Short Comparable Encryption , 2014, CANS.

[12]  Ehud Gudes,et al.  A Structure Preserving Database Encryption Scheme , 2004, Secure Data Management.

[13]  Sam Yuan Sung,et al.  Privacy Preservation for Data Cubes , 2004, ICDE.

[14]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[15]  Josep Domingo-Ferrer,et al.  Privacy-Preserving Cloud-Based Statistical Analyses on Sensitive Categorical Data , 2016, MDAI.

[16]  Hugo Krawczyk,et al.  Secret Sharing Made Short , 1994, CRYPTO.

[17]  Divyakant Agrawal,et al.  Database Management as a Service: Challenges and Opportunities , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[18]  Rasool Jalili,et al.  Secure Data Outsourcing Based on Threshold Secret Sharing ; Towards a More Practical Solution , 2010 .

[19]  Sushil Jajodia,et al.  Selective data outsourcing for enforcing privacy , 2011, J. Comput. Secur..

[20]  Andreas Schaad,et al.  Adjustably encrypted in-memory column-store. , 2013, CCS 2013.

[21]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[22]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[23]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[24]  Ramarathnam Venkatesan,et al.  FPGAs for trusted cloud computing , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[25]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[26]  Johannes Gehrke,et al.  iReduct: differential privacy with reduced relative errors , 2011, SIGMOD '11.

[27]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[28]  Philip S. Yu,et al.  A General Survey of Privacy-Preserving Data Mining Models and Algorithms , 2008, Privacy-Preserving Data Mining.

[29]  Ernesto Damiani,et al.  Database as a Service: Towards a Unified Solution for Security Requirements , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops.

[30]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[31]  Jérôme Darmont,et al.  fVSS: A New Secure and Cost-Efficient Scheme for Cloud Data Warehouses , 2014, DOLAP '14.

[32]  Andreas Schaad,et al.  DEMO: Adjustably encrypted in-memory column-store , 2013, CCS.

[33]  Ernesto Damiani,et al.  AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving Database Outsourcing , 2012, DPM/SETOP.

[34]  Ehud Gudes,et al.  Designing Secure Indexes for Encrypted Databases , 2005, DBSec.

[35]  Divyakant Agrawal,et al.  A Comprehensive Framework for Secure Query Processing on Relational Data in the Cloud , 2011, Secure Data Management.

[36]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[37]  Yin Yang,et al.  Differential privacy in data publication and analysis , 2012, SIGMOD Conference.

[38]  Stan Matwin,et al.  Processing OLAP Queries over an Encrypted Data Warehouse Stored in the Cloud , 2014, DaWaK.

[39]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[40]  Ian Goldberg,et al.  Sublinear Scaling for Multi-Client Private Information Retrieval , 2015, Financial Cryptography.

[41]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[42]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[43]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[44]  John B. Kam,et al.  A database encryption system with subkeys , 1981, TODS.

[45]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[46]  Yiwei Thomas Hou,et al.  Privacy-Preserving Keyword Search Over Encrypted Data in Cloud Computing , 2014, Secure Cloud Computing.

[47]  Christoph Meinel,et al.  Processing Over Encrypted Data: Between Theory and Practice , 2016, SGMD.

[48]  Cynthia Dwork,et al.  Differential Privacy , 2006, Encyclopedia of Cryptography and Security.

[49]  Hiroyuki Kitagawa,et al.  MV-OPES: Multivalued-Order Preserving Encryption Scheme: A Novel Scheme for Encrypting Integer Value to Many Different Values , 2010, IEICE Trans. Inf. Syst..

[50]  Peter Williams,et al.  Access privacy and correctness on untrusted storage , 2013, TSEC.

[51]  Hakan Hacigümüs,et al.  Managing and Querying Encrypted Data , 2008, Handbook of Database Security.

[52]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[53]  Stuart Haber,et al.  Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases , 2009, Privacy Enhancing Technologies.

[54]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[55]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[56]  Ken Eguro,et al.  Transaction processing on confidential data using cipherbase , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[57]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[58]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[59]  Ling Liu,et al.  Preserving data privacy in outsourcing data aggregation services , 2007, TOIT.

[60]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[61]  Ran Canetti,et al.  Modular Order-Preserving Encryption, Revisited , 2015, SIGMOD Conference.

[62]  Ilsun You,et al.  New order preserving encryption model for outsourced databases in cloud environments , 2016, J. Netw. Comput. Appl..

[63]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[64]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[65]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[66]  Yan-Cheng Chang,et al.  Single Database Private Information Retrieval with Logarithmic Communication , 2004, ACISP.

[67]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[68]  Nihad Hadzic,et al.  IBM 4765 cryptographic coprocessor , 2012, IBM J. Res. Dev..

[69]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..

[70]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[71]  Ramarathnam Venkatesan,et al.  Orthogonal Security with Cipherbase , 2013, CIDR.

[72]  Murat Kantarcioglu,et al.  Secure multidimensional range queries over outsourced data , 2012, The VLDB Journal.

[73]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[74]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[75]  Stanley B. Zdonik,et al.  Answering Aggregation Queries in a Secure System Model , 2007, VLDB.