nach oben

International Journal of Information Security

Erschienen in:

01.11.2015 | Regular Contribution

Security and searchability in secret sharing-based data outsourcing

verfasst von: Mohammad Ali Hadavi, Rasool Jalili, Ernesto Damiani, Stelvio Cimato

Erschienen in: International Journal of Information Security | Ausgabe 6/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

A major challenge organizations face when hosting or moving their data to the Cloud is how to support complex queries over outsourced data while preserving their confidentiality. In principle, encryption-based systems can support querying encrypted data, but their high complexity has severely limited their practical use. In this paper, we propose an efficient yet secure secret sharing-based approach for outsourcing relational data to honest-but-curious data servers. The problem with using secret sharing in a data outsourcing scenario is how to efficiently search within randomly generated shares. We present multiple partitioning methods that enable clients to efficiently search among shared secrets while preventing inference attacks on the part of data servers, even if they can observe shares and queries. Also, we prove that with some of our partitioning methods the probability of finding a correspondence between a set of shares and their original values is almost equal to that of a random guess. We discuss query processing for different types of queries including equality, range, aggregation, projection, join, and update queries. Our extensive experimentation confirms the practicality and efficiency of our approach in terms of query execution time, storage, and communication overheads.

Vorheriger Artikel Flexible attribute-based encryption applicable to secure e-healthcare records

Nächster Artikel Secure floating point arithmetic and private satellite collision analysis

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

For instance, one can refer to the distribution of Age values stored in an organizational database.

Shares ordering has been discussed in [13] as part of the attack scenario on using secret sharing for outsourcing scenario.

Adam, N.R., Worthmann, J.C.: Security control methods for statistical databases: a comparative study. ACM Comput. Surv. 21(4), 515–556 (1989)CrossRef

Agrawal, D., Abbadi, A.E., Emekci, F., Metwally, A., Wang, S.: Secure data management service on cloud computing infrastructures. In: Agrawal, D., Candan, K.S., Li, W. (eds.) New Frontiers in Information and Software as Services. Lecture Notes in Business Information Processing, vol. 74, pp. 57–80. Springer, Berlin (2011)CrossRef

Agrawal, D., El Abbadi, A., Emekci, F., Metwally, A.: Database management as a service: challenges and opportunities. In: IEEE 25th International Conference on Data Engineering, 2009. ICDE’09, pp. 1709–1716 (2009)

Agrawal, R., Kiernan, J., Srikant Ramakrishnan, Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pp. 563–574. ACM (2004)

Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: Proceedings of the 4th Conference on Theory of Cryptography, pp. 535–554. Springer, Berlin (2007)

Brinkman, R., Doumen, J., Jonker, W.: Using Secret Sharing for Searching in Encrypted Data. Secure Data Management. Lecture Notes in Computer Science, vol. 3178, pp. 18–27. Springer, Berlin Heidelberg (2004)

Ceselli, A., Damiani, E., di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Modeling and assessing inference exposure in encrypted databases. ACM Trans. Inf. Syst. Secur. (TISSEC) 8(1), 119–152 (2005)CrossRef

Chow, S.S.M., Lee, J.-H., Subramanian, L.: Two-party computation model for privacy-preserving queries over distributed databases. In: Proceedings of the Network and Distributed System Security Symposium, (NDSS), The Internet Society (2009)

Ciriani, V., Capitani, De: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 1–33 (2010)CrossRef

10.

Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation design for efficient query execution over sensitive distributed databases. In: Proceedings of the 29th IEEE International Conference on Distributed Computing Systems, ICDCS ’09, pp. 32–39. IEEE Computer Society (2009)

11.

Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 93–102 (2003)

12.

Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Computing range queries on obfuscated data. In: Proceedings of the Information Processing and Management of Uncertainty in Knowledge-Based Systems, pp. 1333–1340. IEEE Computer Society (2004)

13.

Dautrich, J.L., Ravishanka, C.V.: Security limitations of using secret sharing for data outsourcing. In: Proceedings of DBSec 2012, Lecture Notes in Computer Science, pp. 145–160. Springer, Berlin (2012)

14.

De Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: Proceedings of IEEE ICDCS 2011, pp. 710–719. IEEE Computer Society (2011)

15.

Emekci, F., Methwally, A., Agrawal, D., Abbadi, A.E.: Dividing secrets to secure data outsourcing. Inf. Sci. 263, 198–210 (2014)CrossRef

16.

Ferretti, L., Colajanni, M., Marchetti, M.: Distributed, concurrent, and independent access to encrypted cloud databases. IEEE Trans. Parallel Distrib. Syst. 25(2), 437–446 (2014)CrossRef

17.

Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database service provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, pp. 216–227. ACM (2002)

18.

Hadavi, M.A., Damiani, E., Jalili, R., Cimato, S., Ganjei, Z.: AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving Database Outsourcing. Data Privacy Management and Autonomous Spontaneous Security. Lecture Notes in Computer Science, vol. 7731, pp. 201–216. Springer, Berlin Heidelberg (2013)

19.

Hadavi, M.A., Jalili, R.: Secure data outsourcing based on threshold secret sharing: Towards a more practical solution. In: Proceedings of VLDB PhD Workshop, pp. 54–59. VLDB Endowment (2010)

20.

Hadavi, M.A., Noferesti, M., Jalili, R., Damiani, E.: Database as a service: towards a unified solution for security requirements. In: Proceedings of 36th IEEE COMPSACW, pp. 415–420. IEEE Computer Society (2012)

21.

Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of 30th International Confernece on Very Large Database, pp. 720–731. VLDB Endowment (2004)

22.

Kerschbaum, F., Schropfer, A., Zilli, A., Pibernik, R., Catrina, O., Hoogh, Sd, Schoenmakers, B., Cimato, S., Damiani, E.: Secure collaborative supply-chain management. Computer 44(9), 38–43 (2011)CrossRef

23.

Laur, S., Talviste, R., Willemson, J.: From oblivious AES to efficient and secure database join in the multiparty setting. Applied Cryptography and Network Security. Lecture Notes in Computer Science, vol. 7954, pp. 84–101. Springer, Berlin Heidelberg (2013)

24.

Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of Computer and Communication Security Workshops 2011, pp. 113–124. ACM (2011)

25.

Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: Cryptdb: processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012)CrossRef

26.

Ruggles, S., Alexander, J.T., Genadek, K., Goeken, R., Schroeder, M.B., Sobek, M.: Integrated Public Use Microdata Series: Version 5.0 [Machine-readable database]. Tech. rep., University of Minnesota, Minneapolis: University of Minnesota (2010)

27.

Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MATHMathSciNetCrossRef

28.

Steele, A., Frikken, K.B.: An index structure for private data outsourcing. In: Proceedings of DBSec 2011, pp. 247–254. Springer, Berlin (2011)

29.

Taheri Soodejani, A., Hadavi, M.A., Jalili, R.: K-Anonymity-based horizontal fragmentation to preserve privacy in data outsourcing. In: Proceedings of the 26th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec’12, pp. 263–273. Springer, Berlin (2012)

30.

Tian, X., Sha, C., Wang, X., Zhou, A.: Privacy preserving query processing on secret share based data storage. Database Systems for Advanced Applications. Lecture Notes in Computer Science, vol. 6587, pp. 108–122. Springer, Berlin Heidelberg (2011)

31.

Wang, S., Agrawal, D., Abbadi, A.: A comprehensive framework for secure query processing on relational data in the cloud. Secure Data Management. Lecture Notes in Computer Science, vol. 6933, pp. 52–69. Springer, Berlin Heidelberg (2011)

32.

Wang, S., Agrawal, D., Abbadi, A.E.: Towards practical private processing of database queries over public data with homomorphic encryption. Tech. rep., 2011–06, Department of Computer Science, University of California at Santa Barbara (2011). https://p2p.cs.ucsb.edu/research/tech_reports/reports/2011-06

33.

Wang, W., Hu, Y., Chen, L., Huang, X., Sunar, B.: Accelerating fully homomorphic encryption using GPU. In: 2012 IEEE Conference on High Performance Extreme Computing (HPEC), pp. 1–5 (2012)

34.

Yu, S., Wang, C., Ren, K., Lou, W.: Achieving secure, scalable, and fine-grained data access control in cloud computing. Proc. IEEE INFOCOM 2010, 1–9 (2010)

35.

Zhang, Z., Plantard, T., Susilo, W.: Reaction attack on outsourced computing with fully homomorphic encryption schemes. In: Proceedings of ICISC 2011, pp. 419–436. Springer, Berlin (2011)

Titel: Security and searchability in secret sharing-based data outsourcing
verfasst von: Mohammad Ali Hadavi
Rasool Jalili
Ernesto Damiani
Stelvio Cimato
Publikationsdatum: 01.11.2015
Verlag: Springer Berlin Heidelberg
Erschienen in: International Journal of Information Security / Ausgabe 6/2015
Print ISSN: 1615-5262
Elektronische ISSN: 1615-5270
DOI: https://doi.org/10.1007/s10207-015-0277-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 6/2015

Secure floating point arithmetic and private satellite collision analysis

URL query string anomaly sensor designed with the bidimensional Haar wavelet transform

Privacy-preserving personal health record using multi-authority attribute-based encryption with revocation

Gait authentication on mobile phone using biometric cryptosystem and fuzzy commitment scheme

Security and privacy of electronic health information systems

Flexible attribute-based encryption applicable to secure e-healthcare records