Searchable Encryption in Apache Cassandra
In today’s cloud computing applications it is common practice for clients to outsource their data to cloud storage providers. That data may contain sensitive information, which the client wishes to protect against this untrustworthy environment. Confidentiality can be preserved by the use of encryption. Unfortunately that makes it difficult to perform efficient searches.
There are a couple of different schemes proposed in order to overcome this issue, but only very few of them have been implemented and tested with database servers yet. While traditional databases usually rely on the SQL model, a lot of alternative approaches, commonly referred to as NoSQL (short for “Not only SQL”) databases, occurred in the last years to meet the new requirements of the so called “Web 2.0”, especially in terms of availability and partition tolerance. In this paper we implement three different approaches for searching over encrypted data in the popular NoSQL database Apache Cassandra (offered by many cloud storage providers) and run tests in a distributed environment. Furthermore we quantify their performances and explore options for optimization.
KeywordsSearchable encryption Benchmarking Apache Cassandra
This work was partially funded by the DFG under grant number WI 4086/2-1.
- 1.Brewer, E.: A certain freedom: thoughts on the CAP theorem. In: Proceedings of the 29th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing, p. 335. ACM (2010)Google Scholar
- 3.Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, S&P 2000, pp. 44–55. IEEE (2000)Google Scholar
- 4.Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 79–88. ACM (2006)Google Scholar
- 5.Hahn, F., Kerschbaum, F.: Searchable encryption with secure and efficient updates. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 310–320. ACM (2014)Google Scholar
- 7.Brewer, E.A.: Towards robust distributed systems. In: PODC, vol. 7 (2000)Google Scholar
- 11.Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 965–976. ACM (2012)Google Scholar
- 12.Cash, D., Jaeger, J., Jarecki, S., Jutla, C., Krawczyk, H., Rosu, M.C., Steiner, M.: Dynamic searchable encryption in very large databases: data structures and implementation. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), vol. 14 (2014)Google Scholar
- 14.Wang, B., Yu, S., Lou, W., Hou, Y.T.: Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud. In: 2014 Proceedings of the IEEE INFOCOM, pp. 2112–2120. IEEE (2014)Google Scholar
- 16.Kerschbaum, F., Schröpfer, A.: Optimal average-complexity ideal-security order-preserving encryption. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 275–286. ACM (2014)Google Scholar