Abstract
Property preserving encryption mechanisms have repeatedly been proposed for ensuring confidentiality against cloud providers. However, the performance overhead introduced by such mechanisms has so far only been estimated theoretically or in overly simple settings. In this paper, we present results of first experiments corresponding to realistic scenarios. The results are noteworthy: The Boldyreva scheme for order preserving encryption generates an overhead of approx. 400% for write operations and a 480-fold overhead for substantial range queries. Partial order preserving encoding introduces a 300% overhead for inserts and fast-growing query times of approx. 9 s for queries over just 30.000 items. With Fully Homomorphic Encryption, in turn, we observed a runtime of 4,5 h for just one simplified payroll calculation. These results allow for a more deliberate application of respective schemes in real-world business scenarios.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Respective experiments indicated a performance overhead of approximately 0.5 ms per call as compared to a native implementation. For the tested encryption schemes, this results in a maximum relative overhead of 2% (in most cases, it was significantly below that), which we deemed acceptable.
- 2.
The whole sourcecode employed for our experiments is available at https://github.com/martingrambow/ppe.
- 3.
- 4.
For reasons of simplicity, we explicitly decided against more complex character encodings here.
- 5.
Again, conversions between text and integers within the decryption service were negligible, accounting for less than 0,2% of the overall service runtime.
- 6.
- 7.
A critical evaluation of the ECB mode in this scenario was not part of our focus.
- 8.
Client-side en- and decryption of values itself, however, took less than 100 \(\upmu \text {s}\) per value and can thus be considered rather irrelevant for the overall runtimes observed.
- 9.
References
Moghadam, S.S., Gavint, G., Darmonti, J.: A secure order-preserving indexing scheme for outsourced data. In: IEEE International Carnahan Conference on Security Technology (ICCST 2016), pp. 1–7. IEEE (2016)
Gentry, C., Halevi, S.: Implementing gentry’s fully-homomorphic encryption scheme. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 129–148. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_9
Spindler, G., Schmechel, P.: Personal data and encryption in the European general data protection regulation. JIPITEC 7(2), 163–177 (2016)
Bonfanti, M.E.: Let’s go for new or emerging security technologies!... what about their impact on individuals and the society? In: Democrazia e Sicurezza-Democracy and Security Review, no. 2 (2017)
Schulz, W., van Hoboken, J.: Human Rights and Encryption. UNESCO, Paris (2016)
Acquisto, G.D., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y.A., Bourka, A.: Privacy by design in big data - an overview of privacy enhancing technologies in the era of big data analytics. ENISA (2015)
Danezis, G., et al.: Privacy and data protection by design - from policy to engineering. ENISA (2014)
Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13
Damgård, I., Jurik, M.: A generalisation, a simplification and some applications of paillier’s probabilistic public-key system. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 119–136. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44586-2_9
Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 113–124. ACM, New York (2011)
Halevi, S., Shoup, V.: Bootstrapping for HElib. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 641–670. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_25
Roche, D.S., Apon, D., Choi, S.G., Yerukhimovich, A.: POPE: partial order preserving encoding. In: Proceedings of the 2016 SIGSAC Conference on Computer and Communications Security, pp. 1131–1142. ACM (2016)
Waage, T., Wiese, L.: Property preserving encryption in NoSQL wide column stores. In: Panetto, H., et al. (eds.) OTM 2017. LNCS, vol. 10574, pp. 3–21. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69459-7_1
Pallas, F., Günther, J., Bermbach, D.: Pick your choice in HBase: security or performance. In: IEEE International Conference on Big Data, pp. 548–554 (2016)
Müller, S., Bermbach, D., Tai, S., Pallas, F.: Benchmarking the performance impact of transport layer security in cloud database systems. In: IEEE International Conference on Cloud Engineering (IC2E), pp. 27–36 (2014)
Waage, T., Wiese, L.: Benchmarking encrypted data storage in HBase and Cassandra with YCSB. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 311–325. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_20
Bermbach, D., Wittern, E., Tai, S.: Cloud Service Benchmarking: Measuring Quality of Cloud Services from a Client Perspective. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-319-55483-9
Pallas, F., Bermbach, D., Müller, S., Tai, S.: Evidence-based security configurations for cloud datastores. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 424–430. ACM (2017)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pp. 563–574. ACM (2004)
Kerschbaum, F.: Frequency-hiding order-preserving encryption. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 656–667. ACM (2015)
Malkin, T., Teranishi, I., Yung, M.: Order-preserving encryption secure beyond one-wayness. IACR Cryptology ePrint Archive (2013)
Armknecht, F., et al.: A guide to fully homomorphic encryption. IACR Cryptology ePrint Archive, p. 1192 (2015)
Tonyali, S., Saputro, N., Akkaya, K.: Assessing the feasibility of fully homomorphic encryption for smart grid AMI networks. In: International Conference on Ubiquitous and Future Networks, pp. 591–596 (2015)
Deng, P., Yang, L.: A secure and privacy-preserving communication scheme for advanced metering infrastructure. In: IEEE PES Innovative Smart Grid Technologies (ISGT), pp. 1–5 (2012)
Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_24
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 309–325. ACM (2012)
Acknowledgments
Parts of the work presented herein have been supported by the European Commission through the Horizon 2020 Research and Innovation program under contract 731945 (DITAS project).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Pallas, F., Grambow, M. (2018). Three Tales of Disillusion: Benchmarking Property Preserving Encryption Schemes. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-98385-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98384-4
Online ISBN: 978-3-319-98385-1
eBook Packages: Computer ScienceComputer Science (R0)