Abstract
Prior solutions for securely handling SQL range predicates in outsourced cloud-resident databases have primarily focused on passive attacks in the Honest-but-Curious adversarial model, where the server is only permitted to observe the encrypted query processing. We consider here a significantly more powerful adversary, wherein the server can launch an active attack by clandestinely issuing specific range queries via collusion with a few compromised clients. The security requirement in this environment is that data values from a plaintext domain of size N should not be leaked to within an interval of size \(H\). Unfortunately, all prior encryption schemes for range predicate evaluation are easily breached with only \(O(log_2\psi )\) range queries, where \(\psi = N/H\). To address this lacuna, we present SPLIT, a new encryption scheme where the adversary requires exponentially more – \(\mathbf{O}(\psi )\) – range queries to breach the interval constraint, and can therefore be easily detected by standard auditing mechanisms.
The novel aspect of SPLIT is that each value appearing in a range-sensitive column is first segmented into two parts. These segmented parts are then independently encrypted using a layered composition of a Secure Block Cipher with the Order-Preserving Encryption and Prefix-Preserving Encryption schemes, and the resulting ciphertexts are stored in separate tables. At query processing time, range predicates are rewritten into an equivalent set of table-specific sub-range predicates, and the disjoint union of their results forms the query answer. A detailed evaluation of SPLIT on benchmark database queries indicates that its execution times are well within a factor of two of the corresponding plaintext times, testifying to its efficiency in resisting active adversaries.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The CustName column is encrypted with AES for additional security.
- 2.
The Collateral range is fixed to a single value since the objective is to breach LoanAmt. A similar exercise can be carried out to break the Collateral column.
- 3.
For visual clarity, CustName is not shown in the figure, but its encrypted form, \(CustName\_Enc\), is present in all four tables.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: Proceedings of ACM SIGMOD Conference (2004)
Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: Orthogonal security with cipherbase. In: Proceedings of CIDR Conference (2013)
Bajaj, S., Sion, R.: TrustedDB: a trusted hardware based outsourced database engine. PVLDB 4(12), 1359–1362 (2011)
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295–312. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05445-7_19
Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13
Boldyreva, A., Chenette, N., O’Neill, A.: Order-preserving encryption revisited: improved security analysis and alternative solutions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 578–595. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_33
Chi, J., Hong, C., Zhang, M., Zhang, Z.: Fast multi-dimensional range queries on encrypted cloud databases. In: Candan, S., Chen, L., Pedersen, T.B., Chang, L., Hua, W. (eds.) DASFAA 2017. LNCS, vol. 10177, pp. 559–575. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-55753-3_35
Demertzis, I., Papadopoulos, S., Papapetrou, O., Deligiannakis, A., Garofalakis, M.: Practical private range search revisited. In: Proceedings of ACM SIGMOD Conference (2016)
Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of ACM SIGMOD Conference (2002)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of VLDB Conference (2004)
Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of CCS Conference (2015)
Li, J., Omiecinski, E.R.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: Jajodia, S., Wijesekera, D. (eds.) DBSec 2005. LNCS, vol. 3654, pp. 69–83. Springer, Heidelberg (2005). https://doi.org/10.1007/11535706_6
Li, R., Liu, A.X., Wang, A.L., Bruhadeshwar, B.: Fast range query processing with strong privacy protection for cloud computing. PVLDB 7(14), 1953–1964 (2014)
Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: Proceedings of IEEE Symposium on Security and Privacy (2013)
Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012)
Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. PVLDB 6(5), 289–300 (2013)
Wong, W.K., Kao, B., Cheung, D.W., Li, R., Yiu, S.: Secure query processing with data interoperability in a cloud database environment. In: Proceedings of ACM SIGMOD Conference (2014)
Xu, J., Fan, J., Ammar, M.H., Moon, A.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme. In: Proceedings of ICNP Conference (2002)
http://dsl.cds.iisc.ac.in/publications/report/TR/TR-2016-01.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Kesarwani, M., Kaul, A., Singh, G., Deshpande, P.M., Haritsa, J.R. (2018). Collusion-Resistant Processing of SQL Range Predicates. In: Pei, J., Manolopoulos, Y., Sadiq, S., Li, J. (eds) Database Systems for Advanced Applications. DASFAA 2018. Lecture Notes in Computer Science(), vol 10828. Springer, Cham. https://doi.org/10.1007/978-3-319-91458-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-91458-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91457-2
Online ISBN: 978-3-319-91458-9
eBook Packages: Computer ScienceComputer Science (R0)