Authors:
Hasan Kadhem
;
Toshiyuki Amagasa
and
Hiroyuki Kitagawa
Affiliation:
University of Tsukuba, Japan
Keyword(s):
Order preserving encryption, Known plaintext attack, Statistical attack.
Related
Ontology
Subjects/Areas/Topics:
Artificial Intelligence
;
Information Security
;
Knowledge Management and Information Sharing
;
Knowledge-Based Systems
;
Symbolic Systems
Abstract:
Encryption is a well-studied technique for protecting the confidentiality of sensitive data. However, encrypting relational databases affects the performance during query processing. Preserving the order of the encrypted values is a useful technique to perform queries over the encrypted database with a reasonable overhead. Unfortunately, the existing order preserving encryption schemes are not secure against known plaintext attacks and statistical attacks. In those attacks, it is assumed that the attacker has prior knowledge about plaintext values or statistical information on the plaintext domain.
This paper presents a novel database encryption scheme called MV-POPES (Multivalued - Partial Order Preserving Encryption Scheme), which allows privacy-preserving queries over encrypted databases with an improved security level. Our idea is to divide the plaintext domain into many partitions and randomize them in the encrypted domain. Then, one integer value is encrypted to different multi
ple values to prevent statistical attacks. At the same time, MV-POPES preserves the order of the integer values within the partitions to allow comparison operations to be directly applied on encrypted data. Our scheme is robust against known plaintext attacks and statistical attacks. MV-POPES experiments show that security for sensitive data can be achieved with reasonable overhead, establishing the practicability of the scheme.
(More)