Using Multi Shares for Ensuring Privacy in Database-as-a-Service

Database-as-a-service (DAAS) is a new model for data management, where a service provider offers customers software management functionalities as well as the use of expensive hardware. This service enables data integration and access on a large scale in cloud computing infrastructures. Addressing data privacy in DAAS is considered a significant issue for any organizational database. Due to the fact that data will be shared with a third party, an un-trusted server is dangerous and unsafe for the user. This paper proposes the architecture of a new model appropriate for NetDB2 architecture, known as NetDB2 Multi-Shares (NetDB2-MS). It is based on multi-service providers and a secret sharing algorithm instead of encryption, which is used by the existing NetDB2 service. The evaluation is done through simulations. It shows a significant improvement in performance for data storage and retrieval for various query types.

[1]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[2]  Divyakant Agrawal,et al.  Database Management as a Service: Challenges and Opportunities , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[3]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[4]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[5]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[6]  Doo-Kwon Baik,et al.  A practical approach for modeling the quality of multimedia data , 2001, MULTIMEDIA '01.

[7]  Taflan I. Gündem,et al.  A survey on querying encrypted XML documents for databases as a service , 2008, SGMD.

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[10]  Radu Sion,et al.  Query Execution Assurance for Outsourced Databases , 2005, VLDB.

[11]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[12]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[13]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[14]  Radu Sion Secure Data Outsourcing , 2007, VLDB.

[15]  Diane M. Strong,et al.  AIMQ: a methodology for information quality assessment , 2002, Inf. Manag..

[16]  Deepak Gupta,et al.  A Formal Framework for On-line Software Version Change , 1996, IEEE Trans. Software Eng..

[17]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[18]  Yuan Zhou,et al.  Supporting Database Applications as a Service , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[19]  Torsten Grust,et al.  Multi-tenant databases for software as a service: schema-mapping techniques , 2008, SIGMOD Conference.

[20]  Luc Bouganim,et al.  GhostDB: querying visible and hidden data without leaks , 2007, SIGMOD '07.