Privacy and integrity preserving multi-dimensional range queries for cloud computing

In cloud computing, a cloud provider hosts the data of an organization and replies query results to the customers of the organization. Because organization's data are confidential and the cloud provider cannot be fully trusted, some schemes have been proposed to preserve data privacy and query result integrity. However, these schemes either include false positives in query results, or are too expensive. In this paper, we propose an effective and efficient privacy and integrity preserving scheme for multi-dimensional range queries. To preserve privacy, we propose an order-preserving hash-based function to encode both data and queries so that a cloud provider can correctly process encoded queries over encoded data without knowing their values. To preserve integrity, we propose a new data structure called local bit matrices that allows a customer to verify the integrity of a query result with a high probability. Experimental results show that our scheme can efficiently process a dataset with one million data items.

[1]  Hong Chen,et al.  Access Control Friendly Query Verification for Outsourced Data Publishing , 2008, ESORICS.

[2]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[3]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[4]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[5]  Hari Balakrishnan,et al.  CryptDB: A Practical Encrypted Relational DBMS , 2011 .

[6]  Michael Gertz,et al.  Authentic Data Publication Over the Internet , 2003, J. Comput. Secur..

[7]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[8]  Eugene Ciurana,et al.  Google App Engine , 2009 .

[9]  Cyrus Shahabi,et al.  Verifying spatial queries using Voronoi neighbors , 2010, GIS '10.

[10]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[11]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Carlo Curino,et al.  Relational Cloud: a Database Service for the cloud , 2011, CIDR.

[13]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[14]  Kian-Lee Tan,et al.  Authenticating Multi-dimensional Query Results in Data Publishing , 2006, DBSec.

[15]  Kian-Lee Tan,et al.  Authenticating query results in edge computing , 2004, Proceedings. 20th International Conference on Data Engineering.

[16]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[17]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[18]  Yin Yang,et al.  Authenticated indexing for outsourced spatial databases , 2009, The VLDB Journal.

[19]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[20]  Alex X. Liu,et al.  SafeQ: Secure and Efficient Query Processing in Sensor Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[21]  Edward A. Fox,et al.  Order-preserving minimal perfect hash functions and information retrieval , 1991, TOIS.

[22]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.