Secure outsourcing of IT services in a non-trusted environment

This thesis considers the possibilities of secure outsourcing of databases and of content-based routing operations to an untrusted service provider. We explore the limits of the security that is achievable in these scenarios. When discussing security, we refer to the state of the art definitions from cryptography and complexity theory. The key contributions of the thesis are the following: We explore the applicability of cryptographic constructs that allow performing operations over encrypted data, also known as privacy homomorphisms, for creating protocols that could enable secure database outsourcing. We also describe a framework for secure database outsourcing that is based on searchable encryption schemes, and prove its correctness and security. We describe a new searchable encryption scheme that exceeds existing analogues with regard to certain parameters: compared to the existing works, the proposed scheme allows for performing a larger number of operations over a securely outsourced database and has significantly lower chances of returning erroneous results of a search. We propose an approach for managing discretionary access to securely outsourced and encrypted databases. Compared to existing techniques, our approach is applicable to more general scenarios, is simpler and has similar performance characteristics. We examine possibilities of performing a secure content-based routing by building a formal security model that describes a secure content-based routing system, evaluate existing approaches against this model, and provide an analysis of the possibilities for achieving confidentiality when performing the routing. Compared to the existing works, which fail in providing complete confidentiality, our security model considers shortcomings of these solutions. We also describe a content-based routing system that satisfies this model and to the best of our knowledge is the first of its kind to provide a complete confidentiality.

[1]  Jun Li,et al.  An Efficient Scheme for Preserving Confidentiality in Content-Based Publish-Subscribe Systems , 2004 .

[2]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[3]  David S. Rosenblum,et al.  Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures , 2006, 2006 Securecomm and Workshops.

[4]  Mudhakar Srivatsa,et al.  Securing publish-subscribe overlay services with EventGuard , 2005, CCS '05.

[5]  Atul Prakash,et al.  Secure Distribution of Events in Content-Based Publish Subscribe Systems , 2001, USENIX Security Symposium.

[6]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[7]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  K. Romer,et al.  Event-based systems for detecting real-world states with sensor networks: a critical analysis , 2004, Proceedings of the 2004 Intelligent Sensors, Sensor Networks and Information Processing Conference, 2004..

[9]  Oliver Günther,et al.  Provable Security for Outsourcing Database Operations , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[10]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  Oliver Günther,et al.  Encryption Techniques for Secure Database Outsourcing , 2007, ESORICS.

[13]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[14]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[15]  Lein Harn,et al.  A cryptographic key generation scheme for multilevel data security , 1990, Comput. Secur..

[16]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[17]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[18]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[19]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[20]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[21]  Raghu Ramakrishnan,et al.  Database Management Systems , 1976 .

[22]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[23]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[24]  Claus Boyens,et al.  Privacy trade-offs in web-based services , 2005 .

[25]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[26]  Oliver Günther,et al.  Using online services in untrusted environments: a privacy-preserving architecture , 2003, ECIS.

[27]  Mike Bond,et al.  Cryptographic Processors-A Survey , 2006, Proceedings of the IEEE.

[28]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[29]  Robert H. Deng,et al.  Private Information Retrieval Using Trusted Hardware , 2006, IACR Cryptol. ePrint Arch..

[30]  Sheng Zhong,et al.  Privacy-Preserving Queries on Encrypted Data , 2006, ESORICS.

[31]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 1, Basic Tools , 2001 .

[32]  Yi Tang Sharing Session Keys in Encrypted Databases , 2006, 2006 IEEE International Conference on e-Business Engineering (ICEBE'06).

[33]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[34]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[35]  Christof Bornhövd,et al.  CREAM: An Infrastructure for Distributed, Heterogeneous Event-Based Applications , 2003, OTM.

[36]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[37]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[38]  Sushil Jajodia,et al.  Key management for multi-user encrypted databases , 2005, StorageSS '05.

[39]  Sean W. Smith,et al.  Protecting client privacy with trusted computing at the server , 2005, IEEE Security & Privacy Magazine.

[40]  Oliver Günther,et al.  Trust Is not Enough: Privacy and Security in ASP and Web Service Environments , 2002, ADBIS.

[41]  Oliver Günther,et al.  Practical Access Control Management for Outsourced EPC-related Data in RFID-enabled Supply Chain , 2007, IEEE International Conference on e-Business Engineering (ICEBE'07).

[42]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[43]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[44]  Johann-Christoph Freytag,et al.  Almost Optimal Private Information Retrieval , 2002, Privacy Enhancing Technologies.

[45]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[46]  Wei-Pang Yang,et al.  Controlling access in large partially ordered hierarchies using cryptographic keys , 2003, J. Syst. Softw..

[47]  Mudhakar Srivatsa,et al.  Secure Event Dissemination in Publish-Subscribe Networks , 2007, 27th International Conference on Distributed Computing Systems (ICDCS '07).

[48]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[49]  Josep Domingo-Ferrer,et al.  A Privacy Homomorphism Allowing Field Operations on Encrypted Data , 1998 .