Untrusted Database Research Articles

Fully homomorphic encryption: a general framework and implementations

ABSTRACT Two data items a and b are stored on an untrusted database in their encrypted forms and , respectively. It is required that the encryption function be fully homomorphic, that is, E must satisfy the conditions and . This would allow the owner of the data, as well as an untrusted party operating the database on behalf of the owner, to perform operations directly on the encrypted data without the need for decryption. We propose a general framework that allows the derivation of such fully homomorphic functions. Two implementations of the general framework are then described that, in addition to being secure, enjoy the property of being efficient to compute.

DualAcE: fine‐grained dual access control enforcement with multi‐privacy guarantee in DaaS

AbstractDatabase as a service (DaaS), a new paradigm of software as a service based on cloud computing, is attracting more and more enterprises (data owners) to delegate their database management to a professional third party (database service provider) such as Amazon Web Services and Rackspace. Data owners in DaaS lose control of their sensitive data, which are stored in the delegated database and managed by the untrusted database service provider. Therefore, many encryption‐based approaches including attribute‐based encryption were proposed to implement fine‐grained access control in DaaS scenarios. However, most of the proposed access control enforcement approaches only support one or two of the following privacy guarantees: data privacy, policy privacy and key privacy. In this paper, we first propose a novel concept of DualAcE: a flexible fine‐grained dual access control enforcement mechanism in DaaS by efficiently combining the ciphertext‐policy attribute‐set‐based encryption with database service provider re‐encryption into a DaaS paradigm. The proposed mechanism has implemented dual access control enforcement with multi‐privacy guarantee: data privacy in delegated database, policy privacy in delegated authorization table and key privacy in key distribution process.We describe the security and efficiency analysis through cryptography theory and experimental results. Copyright © 2014 John Wiley & Sons, Ltd.

Researches on Data Privacy in Cloud Computing Based on Game Theory

Existing proposals for data privacy in cloud computing have typically been founded on encryption and are not well-balanced on dealing with the contradiction between data privacy and efficient queries. This paper discusses the data privacy in cloud computing based on the perspective of game theory. It built a complete information static game theory frame between a trusted data center and many un-trusted database service providers to avoid the coalition among un-trusted database service providers, and gave Nash equilibrium of mixed strategy. Some influence factors of Nash equilibrium are also analyzed.

Researches on Data Correctness and Completeness in Cloud Computing Based on Game Theory

Ensuring data correctness and data completeness in cloud computing, in addition to security technologies, many other factors need also be considered, such as the behaviors of participants of cloud computing. This paper discusses the data correctness and completeness in cloud computing based on the perspective of game theory. It built a complete information static game theory frame between a trusted data center and an un-trusted database service provider, and gave the mixed strategy Nash equilibrium. It also proposed some countermeasures and suggestions to improve the data security in cloud computing.

Processing analytical queries over encrypted data

MONOMI is a system for securely executing analytical workloads over sensitive data on an untrusted database server. MONOMI works by encrypting the entire database and running queries over the encrypted data. MONOMI introduces split client/server query execution, which can execute arbitrarily complex queries over encrypted data, as well as several techniques that improve performance for such workloads, including per-row precomputation, space-efficient encryption, grouped homomorphic addition, and pre-filtering. Since these optimizations are good for some queries but not others, MONOMI introduces a designer for choosing an efficient physical design at the server for a given workload, and a planner to choose an efficient execution plan for a given query at runtime. A prototype of MONOMI running on top of Postgres can execute most of the queries from the TPC-H benchmark with a median overhead of only 1.24× (ranging from 1.03×to 2.33×) compared to an un-encrypted Postgres database where a compromised server would reveal all data.

Efficient Hidden Vector Encryption for Conjunctive Queries on Encrypted Data

Predicate encryption has received considerable attention in applications where private and sensitive data about users can be stored in untrusted database (DB) servers. It allows users to store encrypted data at DB servers, and yet retain the ability to search those databases without revealing anything else about the encrypted data. Hidden Vector Encryption (HVE) is a type of predicate encryption that supports the fine-grained conjunctive combination of equality queries, comparison queries, and subset queries on encrypted data. The currently known HVE schemes, which are all pairing-based, either work in composite-order groups or require a token size of O(l) and O(l) pairing computations for one search query with l conjuncts. In this paper, we present a new HVE scheme that not only works in prime-order groups but also requires a token size of O(1) and only O(1) pairing computations regardless of l. Our HVE construction also yields a more efficient, anonymous, identity-based encryption scheme than existing schemes, which is secure in the standard model. To achieve our goal, we introduce novel techniques for both hiding attributes in prime-order groups and reducing the number of pairing computations to O(1). Our techniques are quite general so that they can be applied to both symmetric and asymmetric bilinear maps.