Secure Data Outsourcing Based on Threshold Secret Sharing ; Towards a More Practical Solution

Database outsourcing is a noteworthy solution to improve quality of services while reducing data management costs. When data is stored and processed out of the territory of its owner, security becomes the first concern. Confidentiality of the outsourced data, correctness assurance of query results, and preserving users' access privacy are the primary requirements of secure data outsourcing. Nevertheless, most of research activities concentrate on confidentiality based on different encryption schemes. This paper reports some aspects of our ongoing research on secure data outsourcing plus our future directions. We propose a framework to provide confidentiality and privacy based on the threshold secret sharing. We discuss the extension points of the framework to satisfy other requirements of secure data outsourcing as well.

[1]  Yi Tang,et al.  A Method for Reducing False Hits in Querying Encrypted Databases , 2006, The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE'06).

[2]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[3]  Divyakant Agrawal,et al.  Database Management as a Service: Challenges and Opportunities , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[4]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[5]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[6]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[7]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[8]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[9]  Sheng Zhong,et al.  Privacy-Preserving Queries on Encrypted Data , 2006, ESORICS.

[10]  Xiaofeng Meng,et al.  Integrity Auditing of Outsourced Data , 2007, VLDB.

[11]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[12]  Oliver Günther,et al.  Provable Security for Outsourcing Database Operations , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[13]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[14]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[15]  Wei Wang,et al.  Fast Query Over Encrypted Character Data in Database , 2004, International Conference on Computational Intelligence and Security.

[16]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[17]  Radu Sion Secure Data Outsourcing , 2007, VLDB.

[18]  Shuai Liu,et al.  Towards Efficient Over-Encryption in Outsourced Databases Using Secret Sharing , 2008, 2008 New Technologies, Mobility and Security.

[19]  Chu-Hsing Lin,et al.  Efficient Secret Sharing with Access Structures in a Hierarchy , 2005, AINA.

[20]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[21]  Jeroen Doumen,et al.  Experiments with Queries over Encrypted Data Using Secret Sharing , 2005, Secure Data Management.

[22]  Yong Zhang,et al.  A Method of Bucket Index over Encrypted Character Data in Database , 2007, Third International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2007).

[23]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[24]  Carles Padró,et al.  Secret sharing schemes on access structures with intersection number equal to one , 2006, Discret. Appl. Math..

[25]  Hakan Hacigümüs,et al.  Query Optimization in Encrypted Database Systems , 2005, DASFAA.

[26]  Jeroen Doumen,et al.  Using Secret Sharing for Searching in Encrypted Data , 2004, Secure Data Management.