Database Management as a Service: Challenges and Opportunities

Data outsourcing or database as a service is a new paradigm for data management in which a third party service provider hosts a database as a service. The service provides data management for its customers and thus obviates the need for the service user to purchase expensive hardware and software, deal with software upgrades and hire professionals for administrative and maintenance tasks. Since using an external database service promises reliable data storage at a low cost it is very attractive for companies. Such a service would also provide universal access, through the Internet to private data storedat reliable and secure sites. A client would store their data, and not need to carry their data with them as they travel. They would also not need to log remotely to their home machines, which may suffer from crashes and be unavailable. However, recent governmental legislations, competition among companies, and database thefts mandate companies to use secure and privacy preserving data management techniques. The data provider, therefore, needs to guarantee that the data is secure, be able to execute queries on the data, and the results of the queries must also be secure and not visible to the data provider. Current research has been focused only on how to index and query encrypted data. However, querying encrypted data is computationally very expensive. \emph{Providing an efficient trust mechanism} to push both database service providers and clients to behave honestly has emerged as one of the most important problem before data outsourcing to become a viable paradigm. In this paper, we describe scalable privacy preserving algorithms for data outsourcing. Instead of encryption, which is computationally expensive, we use distribution on multiple data provider sites and information theoretically proven secret sharing algorithms as the basis for privacy preserving outsourcing. The technical contributions of this paper is the establishment and development of a framework for efficient fault-tolerant scalable and theoretically secure privacy preserving data outsourcing that supports a diversity of database operations executed on different types of data, which can even leverage publicly available data sets.

[1]  Radu Sion,et al.  Query Execution Assurance for Outsourced Databases , 2005, VLDB.

[2]  Julien P. Stern A new and efficient all-or-nothing disclosure of secrets protocol , 1998 .

[3]  TsudikGene,et al.  Authentication and integrity in outsourced databases , 2006 .

[4]  Radu Sion Secure Data Outsourcing , 2007, VLDB.

[5]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[6]  Sushil Jajodia,et al.  Over-encryption: Management of Access Control Evolution on Outsourced Data , 2007, VLDB.

[7]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[8]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[9]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[10]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[11]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[12]  Luc Bouganim,et al.  GhostDB: querying visible and hidden data without leaks , 2007, SIGMOD '07.

[13]  Divyakant Agrawal,et al.  Privacy Preserving Query Processing Using Third Parties , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[14]  Sheng Zhong,et al.  Privacy-Preserving Queries on Encrypted Data , 2006, ESORICS.

[15]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[16]  Chris Clifton,et al.  Security Issues in Querying Encrypted Data , 2005, DBSec.

[17]  Stanley B. Zdonik,et al.  Answering Aggregation Queries in a Secure System Model , 2007, VLDB.

[18]  Rafail Ostrovsky,et al.  One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval , 2000, EUROCRYPT.

[19]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[20]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[21]  Yan-Cheng Chang,et al.  Single Database Private Information Retrieval with Logarithmic Communication , 2004, ACISP.

[22]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[23]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[24]  Rafail Ostrovsky,et al.  Private Information Storage , 1996, IACR Cryptol. ePrint Arch..

[25]  Jun Li,et al.  Efficiency and Security Trade-Off in Supporting Range Queries on Encrypted Databases , 2005, DBSec.

[26]  Radu Sion,et al.  Towards Secure Data Outsourcing , 2008, Handbook of Database Security.

[27]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[28]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[29]  Divyakant Agrawal,et al.  ABACUS: A Distributed Middleware for Privacy Preserving Data Sharing Across Private Data Warehouses , 2005, Middleware.

[30]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[31]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[32]  Ehud Gudes,et al.  Designing Secure Indexes for Encrypted Databases , 2005, DBSec.

[33]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.