Authorized Update in Multi-user Homomorphic Encrypted Cloud Database

Abstract

Cloud Computing is a promising solution in distributed internet computing for IT and scientific research. However, data storage and computing in the cloud domain raise added questions in terms of security. Data encrypted with traditional encryption schemes may confirm confidentiality, but computation in cloud domain becomes infeasible. This paper focuses on designing an encrypted database considering homomorphic encryption (HE) as an underlying scheme so that query execution is carried out on encrypted version of the database without any need of intermediate decryption. Existing encrypted databases are either based on partial HE or deterministic HE to achieve practical performance; hence, they are either limited in terms of types of query execution or prone to known attacks. To mitigate these issues, we explore the practical challenges of a fully homomorphic encryption (FHE)-based database design. FHE theoretically promises to perform arbitrary operations on encrypted data. However, realizing any algorithm in homomorphic domain requires a circuit-based representation of that specific algorithm, which is a non-trivial task. In this work, we explore the practical challenges of FHE database design, mostly in the case of multi-user organizational scenarios, and propose a scheme for secure modification or conditional update of the encrypted database. Moreover, when an organization outsources a database to the cloud, a single FHE key is used to encrypt all columns of the database. However, all users(or employees) of the same organization should not have equal read and write access permission to the whole database. In this work, we propose an architecture to apply Attribute-Based Access Control (ABAC) on FHE databases with minimum overhead in terms of performance and storage. We propose required changes in registration, login, and user revocation phases for our scheme to perform conditional SQL query processing on FHE encrypted database (EDB). Our proposed framework is capable of performing end-to-end encrypted conditional UPDATE with suitable access control within 17 minutes on a multi-core processor platform for 769 rows and 9 columns of database size with 16-bit size of data. To the best of our knowledge, our proposed technique is the first one in literature to support arbitrary secure encrypted SQL query execution with suitable access control.