Abstract
Data outsourcing is emerging today as a successful solution for organizations looking for a cost-effective way to make their data available for on-line querying. To protect outsourced data from unauthorized accesses, even from the (honest but curious) host server, data are encrypted and indexes associated with them enable the server to execute queries without the need of accessing cleartext. Current solutions consider the whole database as encrypted with a single key known only to the data owner, which therefore has to be kept involved in the query execution process. In this paper, we propose different multi-key data encryption strategies for enforcing access privileges. Our strategies exploit different keys, which are distributed to the users, corresponding to the different authorizations. We then present some experiments evaluating the quality of the proposed strategies with respect to the amount of cryptographic information to be produced and maintained.
Please use the following format when citing this chapter: Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., and Samarati, P., 2007, in IFIP International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Soims, R., (Boston: Springer), pp. 385–396
Chapter PDF
References
S. Akl and P. Taylor. Cryptographic solution to a problem of access control in a hierarchy. ACM Transactions on Computer System, 1(3), 239–248 (August 1983).
M.J. Atallah, K.B. Frikken, and M. Blanton. Dynamic and efficient key management for access hierarchies. In Proc. of the ACM CCS, Alexandria, VA, USA (November 2005).
J.C. Birget, X. Zou, G. Noubir, and B. Ramamurthy. Hierarchy-based access control in distributed environments. In Proc. of the IEEE International Conference on Communications, Helsinki, Finland (June 2002).
D. Boneh, G.D. Crescenzo, R. Ostrovsky, and G. Persiano. Public-key encryption with keyword search. In Proc. Eurocrypt 2004, Interlaken, Switzerland (May 2004).
L. Bouganim and P. Pucheral. Chip-secured data access: confidential data on untrusted servers. In Proc. of the 28th VLDB Conference, Hong Kong, China (August 2002).
A. Ceselli, E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Modeling and assessing inference exposure in encrypted databases. ACM TISSEC, 8(1), 119–152 (February 2005).
E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. Balancing confidentiality and efficiency in untrusted relational DBMSs. In Proc. of the ACM CCS, Washington, DC, USA (October 2003).
E. Gudes. The design of a cryptography based secure file system. IEEE Transactions on Software Engineering, 6(5), 411–420 (September 1980).
H. Hacigümüs, B. Iyer, and S. Mehrotra. Providing database as a service. In Proc. of the ICDE, San Jose, CA, USA (February 2002).
H. Hacigümüs, B. Iyer, S. Mehrotra, and C. Li. Executing SQL over encrypted data in the database-service-provider model. In Proc. of the ACM SIGMOD, Madison, Wisconsin, USA (June 2002).
E. Mykletun, M. Narasimha, and G. Tsudik. Authentication and integrity in outsourced database. In Proc. of the 11th Annual Network and Distributed System Security Symposium, San Diego, California, USA (February 2004).
R.S. Sandhu. Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters, 27(2), 95–98 (April 1988).
Y. Sun and K.J.R. Liu. Scalable hierarchical access control in secure group communications. In Proc. of the IEEE Infocom, Hong Kong, China (March 2004).
H. Tsai and C. Chang. A cryptographic implementation for dynamic access control in a user hierarchy. Computer and Security, 14(2), 159–166 (September 1995).
C.K. Wong, M. Gouda, and S.S. Lam. Secure group communications using key graphs. In Proc. of the ACM SIGCOMM, Vancouver, British Columbia (September 1998).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Damiani, E., De Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P. (2007). An Experimental Evaluation of Multi-Key Strategies for Data Outsourcing. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_33
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_33
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)