Skip to main content
SpringerLink
Log in

Collusion-Resistant Processing of SQL Range Predicates

  • Conference paper
  • First Online:
Database Systems for Advanced Applications (DASFAA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10828))

Included in the following conference series:

  • 3569 Accesses

Abstract

Prior solutions for securely handling SQL range predicates in outsourced cloud-resident databases have primarily focused on passive attacks in the Honest-but-Curious adversarial model, where the server is only permitted to observe the encrypted query processing. We consider here a significantly more powerful adversary, wherein the server can launch an active attack by clandestinely issuing specific range queries via collusion with a few compromised clients. The security requirement in this environment is that data values from a plaintext domain of size N should not be leaked to within an interval of size \(H\). Unfortunately, all prior encryption schemes for range predicate evaluation are easily breached with only \(O(log_2\psi )\) range queries, where \(\psi = N/H\). To address this lacuna, we present SPLIT, a new encryption scheme where the adversary requires exponentially more\(\mathbf{O}(\psi )\) – range queries to breach the interval constraint, and can therefore be easily detected by standard auditing mechanisms.

The novel aspect of SPLIT is that each value appearing in a range-sensitive column is first segmented into two parts. These segmented parts are then independently encrypted using a layered composition of a Secure Block Cipher with the Order-Preserving Encryption and Prefix-Preserving Encryption schemes, and the resulting ciphertexts are stored in separate tables. At query processing time, range predicates are rewritten into an equivalent set of table-specific sub-range predicates, and the disjoint union of their results forms the query answer. A detailed evaluation of SPLIT on benchmark database queries indicates that its execution times are well within a factor of two of the corresponding plaintext times, testifying to its efficiency in resisting active adversaries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The CustName column is encrypted with AES for additional security.

  2. 2.

    The Collateral range is fixed to a single value since the objective is to breach LoanAmt. A similar exercise can be carried out to break the Collateral column.

  3. 3.

    For visual clarity, CustName is not shown in the figure, but its encrypted form, \(CustName\_Enc\), is present in all four tables.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: Proceedings of ACM SIGMOD Conference (2004)

    Google Scholar 

  2. Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: Orthogonal security with cipherbase. In: Proceedings of CIDR Conference (2013)

    Google Scholar 

  3. Bajaj, S., Sion, R.: TrustedDB: a trusted hardware based outsourced database engine. PVLDB 4(12), 1359–1362 (2011)

    Google Scholar 

  4. Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_19

    Chapter  Google Scholar 

  5. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13

    Chapter  Google Scholar 

  6. Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_33

    Chapter  Google Scholar 

  7. Chi, J., Hong, C., Zhang, M., Zhang, Z.: Fast multi-dimensional range queries on encrypted cloud databases. In: Candan, S., Chen, L., Pedersen, T.B., Chang, L., Hua, W. (eds.) DASFAA 2017. LNCS, vol. 10177, pp. 559–575. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-55753-3_35

    Chapter  Google Scholar 

  8. Demertzis, I., Papadopoulos, S., Papapetrou, O., Deligiannakis, A., Garofalakis, M.: Practical private range search revisited. In: Proceedings of ACM SIGMOD Conference (2016)

    Google Scholar 

  9. Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of ACM SIGMOD Conference (2002)

    Google Scholar 

  10. Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of VLDB Conference (2004)

    Google Scholar 

  11. Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of CCS Conference (2015)

    Google Scholar 

  12. Li, J., Omiecinski, E.R.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: Jajodia, S., Wijesekera, D. (eds.) DBSec 2005. LNCS, vol. 3654, pp. 69–83. Springer, Heidelberg (2005). https://doi.org/10.1007/11535706_6

    Chapter  MATH  Google Scholar 

  13. Li, R., Liu, A.X., Wang, A.L., Bruhadeshwar, B.: Fast range query processing with strong privacy protection for cloud computing. PVLDB 7(14), 1953–1964 (2014)

    Google Scholar 

  14. Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: Proceedings of IEEE Symposium on Security and Privacy (2013)

    Google Scholar 

  15. Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012)

    Article  Google Scholar 

  16. Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. PVLDB 6(5), 289–300 (2013)

    Google Scholar 

  17. Wong, W.K., Kao, B., Cheung, D.W., Li, R., Yiu, S.: Secure query processing with data interoperability in a cloud database environment. In: Proceedings of ACM SIGMOD Conference (2014)

    Google Scholar 

  18. Xu, J., Fan, J., Ammar, M.H., Moon, A.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. In: Proceedings of ICNP Conference (2002)

    Google Scholar 

  19. https://aws.amazon.com/ec2/pricing/

  20. http://dsl.cds.iisc.ac.in/publications/report/TR/TR-2016-01.pdf

  21. http://www.tpc.org/tpcds/

Download references

Author information

Authors and Affiliations

  1. IBM India Research Lab, Bangalore, India

    Manish Kesarwani, Akshar Kaul & Gagandeep Singh

  2. KENA Labs, New Delhi, India

    Prasad M. Deshpande

  3. Indian Institute of Science, Bangalore, India

    Jayant R. Haritsa

Authors
  1. Manish Kesarwani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akshar Kaul
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gagandeep Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Prasad M. Deshpande
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jayant R. Haritsa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jayant R. Haritsa .

Editor information

Editors and Affiliations

  1. Simon Fraser University, Burnaby, BC, Canada

    Jian Pei

  2. Aristotle University of Thessaloniki, Thessaloniki, Greece

    Yannis Manolopoulos

  3. University of Queensland, Brisbane, QLD, Australia

    Shazia Sadiq

  4. University of Western Australia, Crawley, WA, Australia

    Jianxin Li

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kesarwani, M., Kaul, A., Singh, G., Deshpande, P.M., Haritsa, J.R. (2018). Collusion-Resistant Processing of SQL Range Predicates. In: Pei, J., Manolopoulos, Y., Sadiq, S., Li, J. (eds) Database Systems for Advanced Applications. DASFAA 2018. Lecture Notes in Computer Science(), vol 10828. Springer, Cham. https://doi.org/10.1007/978-3-319-91458-9_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-91458-9_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-91457-2

  • Online ISBN: 978-3-319-91458-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation