Shuffle Index

Data outsourcing and cloud computing have been emerging at an ever-growing rate as successful approaches for allowing users and companies to rely on external services for storing and managing data. As data and access to them are not under the control of the data owner, there is a clear need to provide proper confidentiality protection. Such requirements concern the confidentiality not only of the stored data (content) but also of the specific accesses (or patterns of them) that users make on such data. In this article, we address these issues and propose an approach for guaranteeing content, access, and pattern confidentiality in a data outsourcing scenario. The proposed solution is based on the definition of a shuffle index structure, which adapts traditional B +-trees and, by applying a combination of techniques (covers, caches, and shuffling), ensures confidentiality of the data and of queries over them, protecting each single access as well as sequences thereof. The proposed solution also supports update operations over the data, while making reads and writes not recognizable as such by the server. We show that the shuffle index exhibits a limited performance cost, thus resulting effectively usable in practice.

[1]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[2]  Jinsheng Zhang,et al.  A Light-Weight Solution to Preservation of Access Pattern Privacy in Un-trusted Clouds , 2011, ESORICS.

[3]  Sushil Jajodia,et al.  Preserving confidentiality of security policies in data outsourcing , 2008, WPES '08.

[4]  Sara Foresti,et al.  Preserving Privacy in Data Outsourcing , 2010, Advances in Information Security.

[5]  Sabrina De Capitani di Vimercati,et al.  Managing and accessing data in the cloud: Privacy risks and approaches , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[6]  Gerardo Pelosi,et al.  Efficient and Private Access to Outsourced Data , 2011, 2011 31st International Conference on Distributed Computing Systems.

[7]  Kenneth Baclawski,et al.  Quickly generating billion-record synthetic databases , 1994, SIGMOD '94.

[8]  K. Selçuk Candan,et al.  Hiding Traversal of Tree Structured Data from Untrusted Data Stores , 2003, ISI.

[9]  Cong Wang,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2012, IEEE Transactions on Parallel and Distributed Systems.

[10]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[11]  Divyakant Agrawal,et al.  Secure and privacy-preserving database services in the cloud , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[12]  Murat Kantarcioglu,et al.  Secure multidimensional range queries over outsourced data , 2012, The VLDB Journal.

[13]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[14]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[15]  Elaine Shi,et al.  ObliviStore: High Performance Oblivious Cloud Storage , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[17]  Kyriakos Mouratidis,et al.  Enhancing access privacy of range retrievals over B+-trees , 2013, IEEE Transactions on Knowledge and Data Engineering.

[18]  Vijayalakshmi Atluri,et al.  UICDS-based information sharing among emergency response application systems , 2011, dg.o '11.

[19]  Gerardo Pelosi,et al.  Supporting Concurrency in Private Data Outsourcing , 2011, ESORICS.

[20]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[21]  B. Silverman,et al.  Density estimation in action , 1986 .

[22]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[23]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[24]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[25]  Michael Mitzenmacher,et al.  Privacy Preserving Keyword Searches on Remote Encrypted Data , 2005, ACNS.

[26]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.

[27]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[28]  Ehud Gudes,et al.  Designing Secure Indexes for Encrypted Databases , 2005, DBSec.

[29]  Cong Wang,et al.  Secure Ranked Keyword Search over Encrypted Cloud Data , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[30]  Ari Juels,et al.  HAIL: a high-availability and integrity layer for cloud storage , 2009, CCS.

[31]  Gerardo Pelosi,et al.  Distributed Shuffling for Preserving Access Confidentiality , 2013, ESORICS.

[32]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[33]  Elaine Shi,et al.  Path ORAM: an extremely simple oblivious RAM protocol , 2012, CCS.

[34]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[35]  Dimitris Gritzalis,et al.  The Insider Threat in Cloud Computing , 2011, CRITIS.

[36]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[37]  Gerardo Pelosi,et al.  Supporting concurrency and multiple indexes in private access to outsourced data , 2013, J. Comput. Secur..

[38]  P. J. Green,et al.  Density Estimation for Statistics and Data Analysis , 1987 .

[39]  J SivaSankar,et al.  Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data , 2015 .

[40]  Peter Williams,et al.  PrivateFS: a parallel oblivious file system , 2012, CCS.

[41]  Divyakant Agrawal,et al.  A Comprehensive Framework for Secure Query Processing on Relational Data in the Cloud , 2011, Secure Data Management.

[42]  Robert H. Deng,et al.  Database Access Pattern Protection Without Full-Shuffles , 2011, IEEE Transactions on Information Forensics and Security.

[43]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[44]  Ming Li,et al.  Verifiable Privacy-Preserving Multi-Keyword Text Search in the Cloud Supporting Similarity-Based Ranking , 2014, IEEE Trans. Parallel Distributed Syst..

[45]  Bernard W. Silverman,et al.  Density Estimation for Statistics and Data Analysis , 1987 .

[46]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[47]  K. Selçuk Candan,et al.  Secure and Privacy Preserving Outsourcing of Tree Structured Data , 2004, Secure Data Management.

[48]  Murat Kantarcioglu,et al.  Inference attack against encrypted range queries on outsourced databases , 2014, CODASPY '14.

[49]  Vincenzo Piuri,et al.  Supporting Security Requirements for Resource Management in Cloud Computing , 2012, 2012 IEEE 15th International Conference on Computational Science and Engineering.

[50]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[51]  Wei Wang,et al.  Storage and Query over Encrypted Character and Numerical Data in Database , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).