Abstract
Outsourcing databases, i.e., resorting to Database-as-a-Service (DBaaS), is nowadays a popular choice due to the elasticity, availability, scalability and pay-as-you-go features of cloud computing. However, most data are sensitive to some extent, and data privacy remains one of the top concerns to DBaaS users, for obvious legal and competitive reasons. In this paper, we survey the mechanisms that aim at making databases secure in a cloud environment, and discuss current pitfalls and related research challenges.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aggarwal, C.C., Yu, P.S.: A general survey of privacy-preserving data mining models and algorithms. In: Aggarwal, C.C., Yu, P.S. (eds.) Privacy-Preserving Data Mining: Models and Algorithms, pp. 11–52. Springer, Boston (2008)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Ying, X.: Two can keep a secret: a distributed architecture for secure database services. In: 2nd Biennial Conference on Innovative Data Systems Research (CIDR), Asilomar, CA, USA, pp. 186–199 (2005)
Agrawal, D., El Abbadi, A., Emekçi, F., Metwally, A.: Database management as a service: challenges and opportunities. In: 25th International Conference on Data Engineering (ICDE), Shanghai, China, pp. 1709–1716 (2009)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: ACM SIGMOD International Conference on Management of Data (SIGMOD), Paris, France, pp. 563–574 (2004)
Agrawal, R., Srikant, R., Thomas, D.: Privacy preserving OLAP. In: ACM SIGMOD International Conference on Management of Data (SIGMOD), Baltimore, MD, USA, pp. 251–262 (2005)
Apache Software Foundation. Apache Spark - Lightning-fast cluster computing (2016). https://spark.apache.org
Apache Software Foundation. Hadoop (2016). http://hadoop.apache.org
Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: Orthogonal security with cipherbase. In: 6th Biennial Conference on Innovative Data Systems Research (CIDR), Asilomar, CA, USA (2013)
Arasu, A., Eguro, K., Joglekar, M., Kaushik, R., Kossmann, D., Ramamurthy, R.: Transaction processing on confidential data using Cipherbase. In: 31st IEEE International Conference on Data Engineering (ICDE), Seoul, Korea, pp. 435–446 (2015)
Arnold, T.W., Buscaglia, C.U., Chan, F., Condorelli, V., Dayka, J.C., Santiago-Fernandez, W., Hadzic, N., Hocker, M.D., Jordan, M., Morris, T.E., Werner, K.: IBM 4765 cryptographic coprocessor. IBM J. Res. Dev. 56(1), 10 (2012)
Attasena, V., Harbi, N., Darmont, J.: fVSS: A new secure and cost-efficient scheme for cloud data warehouses. In: 7th International Workshop on Data Warehousing and OLAP (DOLAP), Shanghai, China, pp. 81–90 (2014)
Bajaj, S., Sion, R.: TrustedDB: a trusted hardware based database with privacy and data confidentiality. In: ACM SIGMOD International Conference on Management of Data (SIGMOD), Athens, Greece, pp. 205–216 (2011)
Bellare, M., Boldyreva, A., O’Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535–552. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74143-5_30
Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_13
Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_30
Bösch, C., Hartel, P.H., Jonker, W., Peter, A.: A survey of provably secure searchable encryption. ACM Comput. Surv. 47(2), 18:1–18:51 (2014)
Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402–414. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_28
Chang, Y.-C.: Single database private information retrieval with logarithmic communication. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 50–61. Springer, Heidelberg (2004). doi:10.1007/978-3-540-27800-9_5
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private Information Retrieval. Journal of the ACM 45(6), 965–981 (1998)
Ciriani, V., De Capitani, S., di Vimercati, S., Foresti, S.J., Paraboschi, S., Samarati, P.: Selective data outsourcing for enforcing privacy. J. Comput. Secur. 19(3), 531–566 (2011)
Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: 10th ACM Conference on Computer and Communications Security (CCS), Washington, DC, USA, pp. 93–102 (2003)
Davida, G.I., Wells, D.L., Kam, J.B.: A database encryption system with subkeys. ACM Trans. Database Syst. 6(2), 312–328 (1981)
de Montjoye, Y.-A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Nature Scientific Reports 3, Article number: 1376 (2013). http://www.nature.com/articles/srep01376
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). doi:10.1007/11787006_1
Dwork, C.: Differential privacy. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Encyclopedia of Cryptography and Security, pp. 338–340. Springer, New York (2011)
Eguro, K., Venkatesan, R.: FPGAs for trusted cloud computing. In: 22nd International Conference on Field Programmable Logic and Applications (FPL), Oslo, Norway, pp. 63–70 (2012)
El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)
Elovici, Y., Waisenberg, R., Shmueli, E., Gudes, E.: A structure preserving database encryption scheme. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 28–40. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30073-1_3
Furukawa, J.: Short comparable encryption. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 337–352. Springer, Cham (2014). doi:10.1007/978-3-319-12280-9_22
Ge, T., Zdonik, S.B.: Answering aggregation queries in a secure system model. In: 33rd International Conference on Very Large Data Bases (VLDB), Vienna, Austria, pp. 519–530 (2007)
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM 43(3), 431–473 (1996)
Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: ACM SIGMOD International Conference on Management of Data (SIGMOD), Madison, WI, USA, pp. 216–227 (2002)
Hacıgümüş, H., Iyer, B.R., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y.J., Li, J., Whang, K.-Y., Lee, D. (eds.) DASFAA 2004. LNCS, vol. 2973, pp. 125–136. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24571-1_10
Hadavi, M.A., Damiani, E., Jalili, R., Cimato, S., Ganjei, Z.: AS5: a secure searchable secret sharing scheme for privacy preserving database outsourcing. In: Pietro, R., Herranz, J., Damiani, E., State, R. (eds.) DPM/SETOP -2012. LNCS, vol. 7731, pp. 201–216. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35890-6_15
Hadavi, M.A., Jalili, R.: Secure data outsourcing based on threshold secret sharing; towards a more practical solution. In: 36th International Conference on Very Large Data Bases (VLDB) PhD Workshop, Singapore, pp. 54–59 (2010)
Hadavi, M.A., Noferesti, M., Jalili, R., Damiani, E.: Database as a service: towards a unified solution for security requirements. In: 36th Annual IEEE Computer Software and Applications Conference (COMPSAC) Workshops, Izmir, Turkey, pp. 415–420 (2012)
Hore, B., Mehrotra, S., Canim, M., Kantarcioglu, M.: Secure multidimensional range queries over outsourced data. VLDB J. 21(3), 333–358 (2012)
Hore, B., Mehrotra, S., Hacigümüç, H.: Managing and querying encrypted data. In: Gertz, M., Jajodia, S. (eds.) Handbook of Database Security, pp. 163–190. Springer, Boston (2008)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: 30th International Conference on Very Large Data Bases (VLDB), Toronto, Canada, pp. 720–731 (2004)
Kadhem, H., Amagasa, T., Hiroyuki Kitagawa, M.-O.: Multivalued-order preserving encryption scheme: a novel scheme for encrypting integer value to many different values. IEICE Trans. Inf. Syst. 93–D(9), 2520–2533 (2010)
Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Generic attacks on secure outsourced databases. In: 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, pp. 1329–1340 (2016)
Kerschbaum, F., Grofig, P., Hang, I., Härterich, M., Kohler, M., Schaad, A., Schröpfer, A., Tighzert, W.: Adjustably encrypted in-memory column-store. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), Berlin, Germany, pp. 1325–1328 (2013)
Krawczyk, H.: Secret sharing made short. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 136–146. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_12
Liu, Z., Chen, X., Yang, J., Jia, C., You, I.: New order preserving encryption model for outsourced databases in cloud environments. J. Netw. Comput. Appl. 59, 198–207 (2016)
Lopes, C.C., Times, V.C., Matwin, S., Ciferri, R.R., Ciferri, C.D.A.: Processing OLAP queries over an encrypted data warehouse stored in the cloud. In: Bellatreche, L., Mohania, M.K. (eds.) DaWaK 2014. LNCS, vol. 8646, pp. 195–207. Springer, Cham (2014). doi:10.1007/978-3-319-10160-6_18
Lueks, W., Goldberg, I.: Sublinear scaling for multi-client private information retrieval. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 168–186. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_10
Mavroforakis, C., Chenette, N., O’Neill, A., Kollios, G., Canetti, R.: Modular order-preserving encryption, Revisited. In: ACM SIGMOD International Conference on Management of Data, Melbourne, Australia, pp. 763–777 (2015)
Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 89–103. Springer, Heidelberg (2006). doi:10.1007/11805588_7
Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS), Denver, CO, USA, pp. 644–655 (2015)
Oracle Corporation. Data Masking Best Practices. White paper (2013)
Özsoyoglu, G., Singer, D.A., Chung, S.S.: Anti-tamper databases: querying encrypted databases. In: 17th Annual IFIP WG 11.3 Working Conference on Data and Application Security (DBSec), Estes Park, CO, USA, pp. 133–146 (2003)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). doi:10.1007/3-540-48910-X_16
Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted query processing. In: 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, pp. 85–100 (2011)
Popa, R.A.: Building practical systems that compute on encrypted data. Ph.D. thesis, Massachusetts Institute of Technology (2014)
Ricci, S., Domingo-Ferrer, J., Sánchez, D.: Privacy-preserving cloud-based statistical analyses on sensitive categorical data. In: Torra, V., Narukawa, Y., Navarro-Arribas, G., Yañez, C. (eds.) MDAI 2016. LNCS (LNAI), vol. 9880, pp. 227–238. Springer, Cham (2016). doi:10.1007/978-3-319-45656-0_19
Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. Found. Secure Comput. 4(11), 169–180 (1978)
Saleh, E., Alsa’deh, A., Kayed, A., Meinel, C.: Processing over encrypted data: between theory and practice. SIGMOD Rec. 45(3), 5–16 (2016)
Samarati, P., De Capitani di Vimercati, S.: Data protection in outsourcing scenarios: issues and directions. In: 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing, China, pp. 1–14 (2010)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Shmueli, E., Waisenberg, R., Elovici, Y., Gudes, E.: Designing secure indexes for encrypted databases. In: Jajodia, S., Wijesekera, D. (eds.) DBSec 2005. LNCS, vol. 3654, pp. 54–68. Springer, Heidelberg (2005). doi:10.1007/11535706_5
Sion, R.: Towards secure data outsourcing. In: Gertz, M., Jajodia, S. (eds.) Handbook of Database Security - Applications and Trends, pp. 137–161. Springer, Boston (2008)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy (SP), Berkeley, CA, USA, pp. 44–55 (2000)
Stefanov, E., van Dijk, M., Shi, E., Fletcher, C.W., Ren, L., Xiangyao, Y., Devadas, S.: Path ORAM: an extremely simple oblivious RAM protocol. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), Berlin, Germany, pp. 299–310 (2013)
Sun, W., Lou, W., Hou, Y.T., Li, H.: Privacy-preserving keyword search over encrypted data in cloud computing. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds.) Secure Cloud Computing, pp. 189–212. Springer, New York (2014). doi:10.1007/978-1-4614-9278-8_9
Sung, S.Y., Liu, Y., Xiong, H., Ng, P.A.: Privacy preservation for data cubes. Knowl. Inf. Syst. 9(1), 38–61 (2006)
Sweeney, L.: k-Anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. Based Syst. 10(5), 557–570 (2002)
Thompson, B., Haber, S., Horne, W.G., Sander, T., Yao, D.: Privacy-preserving computation and verification of aggregate queries on outsourced databases. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 185–201. Springer, Heidelberg (2009). doi:10.1007/978-3-642-03168-7_11
Transaction Performance Processing Council. TPC Benchmark H (Decision Support) Standard Specification Revision 2.1 (2014). http://www.tpc.org
Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. Proc. VLDB Endowment 6(5), 289–300 (2013)
Wang, S., Agrawal, D., El Abbadi, A.: A comprehensive framework for secure query processing on relational data in the cloud. In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 52–69. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23556-6_4
Wang, W.H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: 32nd International Conference on Very Large Data Bases, Seoul, Korea, pp. 127–138 (2006)
Williams, P., Sion, R.: Access privacy and correctness on untrusted storage. ACM Trans. Inf. Syst. Secur. 16(3), 12 (2013)
Xiao, X., Bender, G., Hay, M., Gehrke, J.: iReduct: differential privacy with reduced relative errors. In: ACM SIGMOD International Conference on Management of Data (SIGMOD), Athens, Greece, pp. 229–240 (2011)
Xiong, L., Chitti, S., Liu, L.: Preserving data privacy in outsourcing data aggregation services. ACM Trans. Internet Technol. 7(3), 17 (2007)
Yang, Y., Zhang, Z., Miklau, G., Winslett, M., Xiao, X.: Differential privacy in data publication and analysis. In: ACM SIGMOD International Conference on Management of Data, Scottsdale, AZ, USA, pp. 601–606 (2012)
Yuhanna, N., Gilpin, M., Knoll, A.: Your Enterprise Database Security Strategy 2010 (2009). Forrester - http://www.oracle.com/us/ciocentral/forrester-database-security-396253.pdf
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Sobati Moghadam, S., Darmont, J., Gavin, G. (2017). Enforcing Privacy in Cloud Databases. In: Bellatreche, L., Chakravarthy, S. (eds) Big Data Analytics and Knowledge Discovery. DaWaK 2017. Lecture Notes in Computer Science(), vol 10440. Springer, Cham. https://doi.org/10.1007/978-3-319-64283-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-64283-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64282-6
Online ISBN: 978-3-319-64283-3
eBook Packages: Computer ScienceComputer Science (R0)