Beyond the ideal object: towards disclosure-resilient order-preserving encryption schemes

With the emergence of affordable cloud services, users are currently moving data to external services providers. Hence, they implicitly trust providers to not abuse or "lose" sensitive data. To protect this data in the context of cloud computing, the use of Order-Preserving Encryption (OPE) has been suggested to encrypt data while still allowing efficient queries. The reference approach builds on Order-Preserving Functions (OPFs) drawn uniformly at random: the so-called "ideal object". However, recent results question the suitability of this construction, as its security properties turn out to be poor. In this article, we investigate possible alternatives. For this, we introduce two descriptive metrics rating one-wayness-related properties of OPF construction schemes, i.e., the ability of an adversary to estimate the plaintext when given a ciphertext and possible extra information. Furthermore, we propose three novel approaches to draw OPFs and apply the introduced metrics to study their security features in relation to the "ideal object". The results visualize the extent of insecurity caused by using the "ideal object" and qualify the suitability of the alternative schemes under different threat scenarios.

[1]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[2]  Moti Yung,et al.  Order-Preserving Encryption Secure Beyond One-Wayness , 2014, IACR Cryptol. ePrint Arch..

[3]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[4]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[5]  Takuji Nishimura,et al.  Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator , 1998, TOMC.

[6]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[7]  I-Ling Yen,et al.  Extending Order Preserving Encryption for Multi-User Systems , 2012, IACR Cryptol. ePrint Arch..

[8]  I-Ling Yen,et al.  A Note for the Ideal Order-Preserving Encryption Object and Generalized Order-Preserving Encryption , 2012, IACR Cryptol. ePrint Arch..

[9]  I-Ling Yen,et al.  Security analysis for order preserving encryption schemes , 2012, 2012 46th Annual Conference on Information Sciences and Systems (CISS).

[10]  Gultekin Özsoyoglu,et al.  Anti-Tamper Databases: Querying Encrypted Databases , 2003, DBSec.

[11]  Murat Kantarcioglu,et al.  Secure multidimensional range queries over outsourced data , 2012, The VLDB Journal.

[12]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.