Performance-optimized Indexes for Inequality Searches on Encrypted Data in Practice

Jan Lehnhardt, Tobias Rho, Adrian Spalka, Armin B. Cremers

2015

Abstract

For information systems in which the server must operate on encrypted data (which may be necessary because the service provider cannot be trusted) solutions need to be found that enable fast searches on that data. In this paper we present an approach for encrypted database indexes that enable fast inequality, i.e., range searches, such that also prefix searches on lexicographically ordered but encrypted data are possible. Unlike common techniques that address this issue as well, like hardware-based solutions or order-preserving encryption schemes, our indexes do not require specialized, expensive hardware and use only well-accredited software components; they also do not reveal any information about the encrypted data besides their order. Moreover, when implementing the indexing approach in a commercial software product, multiple application-centric optimization opportunities of the index’s performance did emerge, which are also presented in this paper. They include basic performance-increasing measures, pipelined index scans and updates and caching strategies. We further present performance test results proving that our indexing approach shows good performance on substantial amounts of data.

References

  1. Agrawal, R., Kiernan, J., Srikant, R. , Xu, Y., 2004. Order preserving encryption for numeric data. In Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data. ACM.
  2. Agrawal, D., El Abbadi, A., Emekci, F., Metwally, A., 2009. Database management as a service: Challenges and opportunities. In International Conference on Data Engineering. IEEE.
  3. Ang, G. W., Woelfel, J. H., Woloszyn, T. P., 2012. System and method of sort-order preserving tokenization. US Patent Application 13/450,809.
  4. Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R., 2013. Orthogonal Security with Cipherbase. In Conference on Innovative Data Systems Research, www.cidrdb.org.
  5. Bajaj, S., Sion, R., 2011. TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality. In SIGMOD - International Conference on Management of Data. ACM.
  6. Boldyreva, A., Chenette, N., Lee, Y., O'Neill, A., 2009. Order-preserving symmetric encryption. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer LNCS.
  7. Boldyreva, A., Chenette, N., O'Neill, A., 2011. Orderpreserving encryption revisited: Improved security analysis and alternative solutions. In Annual Cryptology Conference. Springer LNCS.
  8. Gentry, C., 2009. Fully Homomorphic Encryption Using ideal Lattices. In STOC 7809 - ACM symposium on Theory of computing, ACM.
  9. Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S., 2002. Executing SQL over Encrypted Data in the DatabaseService-Provider Model. In SIGMOD - International Conference on Management of Data. ACM.
  10. Kadhem, H., Amagasa, T., Kitagawa, H., 2010. MVOPES: Multivalued-order preserving encryption scheme: A novel scheme for encrypting integer value to many different values. In IEICE Transactions on Information and Systems, E93.D.
  11. Kadhem, H., Amagasa, T., Kitagawa, H., 2010. A secure and efficient order preserving encryption scheme for relational databases. In International Conference on Knowledge Management and Information Sharing, Springer CCIS.
  12. Lee, S., Park, T.-J., Lee, D., Nam, T., Kim, S., 2009. Chaotic order preserving encryption for efficient and secure queries on databases. In IEICE Transactions on Information and Systems, E92.D.
  13. Lehnhardt, J. Rho, T., Spalka, A. Cremers, A. B., 2014. Ordered Range Searches on Encrypted Data. In: Technical Report IAI-TR-2014-03, Computer Science Department III, University of Bonn, ISSN 0944-8535.
  14. Liu, D. Wang, S., 2012. Programmable order-preserving secure index for encrypted database query. In International Conference on Cloud Computing, IEEE.
  15. Liu, D., Wang, S., 2013. Nonlinear order preserving index for encrypted database query in service cloud environments. In: Concurrency and Computation: Practice and Experience, John Wiley & Sons, Ltd.
  16. Özsoyoglu, G., Singer, D. A., Chung, S. S., 2003. Antitamper databases: Querying encrypted databases. In IFIP WG 11.3 Working Conference. on Database and Applications Security. Springer LNCS.
  17. Popa, R. A., Redfield, C. M. S., Zeldovich, N., Balakrishnan, H., 2012. CryptDB: Processing queries on an encrypted database. In Communications of the ACM, 55(9).
  18. Popa, R. A., Li, F. H., Zeldovich, N., 2013. An IdealSecurity Protocol for Order-Preserving Encoding. In Symposium on Security and Privacy, IEEE:
  19. Tu, S., Kaashoek, M. F., Madden, S., Zeldovich, N., 2013. Processing Analytical Queries over Encrypted Data. In Proceedings of the VLDB Endowment, Vol. 6 Issue 5, ACM.
  20. Xiao, L., Yen, I.-L., Huynh, D. T., 2012. Extending order preserving encryption for multi-user systems. Cryptology ePrint Archive, Report 2012/192.
  21. Xiao, L., Yen, I.-L., Huynh, D. T., 2012. A note for the ideal order-preserving encryption object and generalized order-preserving encryption. Cryptology ePrint Archive, Report 2012/350, 2012.
  22. Yum, D., Kim, D., Kim, J., Lee, P., Hong, S., 2011. Order-preserving encryption for non-uniformly distributed plaintexts. In: International Workshop on Information Security Applications, Springer LNCS.
Download


Paper Citation


in Harvard Style

Lehnhardt J., Rho T., Spalka A. and Cremers A. (2015). Performance-optimized Indexes for Inequality Searches on Encrypted Data in Practice . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 221-229. DOI: 10.5220/0005231702210229


in Bibtex Style

@conference{icissp15,
author={Jan Lehnhardt and Tobias Rho and Adrian Spalka and Armin B. Cremers},
title={Performance-optimized Indexes for Inequality Searches on Encrypted Data in Practice},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={221-229},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005231702210229},
isbn={978-989-758-081-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Performance-optimized Indexes for Inequality Searches on Encrypted Data in Practice
SN - 978-989-758-081-9
AU - Lehnhardt J.
AU - Rho T.
AU - Spalka A.
AU - Cremers A.
PY - 2015
SP - 221
EP - 229
DO - 10.5220/0005231702210229