Strongly Secure and Efficient Range Queries in Cloud Databases under Multiple Keys

Abstract

Cloud database provides an advantageous platform for outsourcing of database service. To protect data confidentiality from an untrusted cloud, the original database is often encrypted and then uploaded to the cloud. However, in order to support functional queries, existing secure databases require users to encrypt their data under the same public/symmetric key, which restricts the usage scenarios since users do not really trust each other in practice. Imagine a scenario where a user uploaded his/her own encrypted data to the cloud database and another user wants to execute private range queries on this data. This scenario occurs in many cases of collaborative statistical analysis where the data provider and analyst are different entities. Then either the data provider must reveal its encryption key or the analyst must reveal the private queries. In this paper, we overcome this restriction for secure range queries by enabling query executions on the multi-key encryption data. We propose a secure cloud database supporting range queries under multiple keys, in which all users could preserve the confidentiality of their own different keys, and do not have to share them with each other. At a higher level, our system is constructed on a two-cloud architecture and a novel distributed two-trapdoor public key cryptosystem. We prove that the proposed scheme achieves the goal of a secure query without leaking data privacy, query privacy, and data access patterns. Finally, we use extensive experiments over a real-world dataset on a commercial cloud platform to verify the efficacy of our proposed scheme.