论文信息 - Executing SQL over encrypted data in the database-service-provider model

Executing SQL over encrypted data in the database-service-provider model

Rapid advances in networking and Internet technologies have fueled the emergence of the "software as a service" model for enterprise computing. Successful examples of commercially viable software services include rent-a-spreadsheet, electronic mail services, general storage services, disaster protection services. "Database as a Service" model provides users power to create, store, modify, and retrieve data from anywhere in the world, as long as they have access to the Internet. It introduces several challenges, an important issue being data privacy. It is in this context that we specifically address the issue of data privacy.There are two main privacy issues. First, the owner of the data needs to be assured that the data stored on the service-provider site is protected against data thefts from outsiders. Second, data needs to be protected even from the service providers, if the providers themselves cannot be trusted. In this paper, we focus on the second challenge. Specifically, we explore techniques to execute SQL queries over encrypted data. Our strategy is to process as much of the query as possible at the service providers' site, without having to decrypt the data. Decryption and the remainder of the query processing are performed at the client site. The paper explores an algebraic framework to split the query to minimize the computation at the client site. Results of experiments validating our approach are also presented.

[1] Bruce Schneier,et al. Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[2] Abraham Silberschatz,et al. Database Systems Concepts , 1997 .

[3] Beng Chin Ooi,et al. Global optimization of histograms , 2001, SIGMOD '01.

[4] Ralph Howard,et al. Data encryption standard , 1987 .

[5] Ronald L. Rivest,et al. ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[6] Jennifer Widom,et al. Database Systems: The Complete Book , 2001 .

[7] Hakan Hacigümüs,et al. Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[8] Abraham Silberschatz,et al. Database System Concepts, 3rd Edition , 1991 .

[9] Marianne Winslett. Jeffrey D. Ullman Speaks Out on the Future of Higher Education, Startups, Database Theory, and More , 2001, SIGMOD Rec..

[10] Gregory Piatetsky-Shapiro,et al. Accurate estimation of the number of tuples satisfying a condition , 1984, SIGMOD '84.

[11] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12] Dawn Xiaodong Song,et al. Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[13] Yannis E. Ioannidis,et al. Histogram-Based Approximation of Set-Valued Query-Answers , 1999, VLDB.