Abstract
The use of traditional encryption techniques in Database Management Systems is limited, as encrypting data within the database can prevent basic functionalities such as ordering and searching. Advanced encryption techniques and trusted hardware, however, can enable standard functionalities to be achieved on encrypted databases, and a number of such schemes have been proposed in the recent literature. In this survey, different approaches towards database security through software/hardware components are explored and compared based on performance and security, and relevant attacks are discussed.
Buvana Ganesh is supported by a PhD scholarship funded by the Science Foundation Ireland Centre for Research Training in Artificial Intelligence under Grant No. 18/CRT/6223.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
PALISADE Lattice Cryptography Library (ver.1.9.2). http://palisade-crypto.org
TPC benchmarks. http://www.tpc.org/information/benchmarks.asp
ARM security technology building a secure system using TrustZone technology (rev. C). Technical report, ARM (2009)
Agrawal, D., El Abbadi, A., Emekçi, F., Metwally, A.: Database management as a service: challenges and opportunities. In: IEEE ICDE, pp. 1709–1716 (2009)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: ACM SIGMOD International Conference on Management of Data, pp. 563–574 (2004)
Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley, Hoboken (2008)
Arasu, A., Eguro, K., Joglekar, M., Kaushik, R., Kossmann, D., Ramamurthy, R.: Transaction processing on confidential data using cipherbase. In: IEEE ICDE, pp. 435–446 (2015)
Bajaj, S., Sion, R.: TrustedDB: a trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng. 26(3), 752–765 (2014)
Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 224–241. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_13
Bost, R.: \(\sum \)o\(\varphi \)o\(\varsigma \): forward secure searchable encryption. In: ACM SIGSAC CCS, pp. 1143–1154. ACM (2016)
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. Electron. Colloquium Comput. Complex 18, 111 (2011)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Foundations of Computer Science, FOCS 2001, pp. 136–145. IEEE (2001)
Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: ACM SIGSAC CCS, pp. 668–679. ACM (2015)
Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for Boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_20
Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409–437. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_15
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016/86 (2016)
Cui, S., Song, X., Asghar, M.R., Galbraith, S.D., Russello, G.: Privacy-preserving searchable databases with controllable leakage. CoRR abs/1909.11624 (2019)
van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 24–43. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_2
Dyer, J., Dyer, M.E., Djemame, K.: Order-preserving encryption using approximate common divisors. Inf. Secur. Appl. 49, 102391 (2019)
Eskandarian, S., Zaharia, M.: ObliDB: oblivious query processing for secure databases. PVLDB 13(2), 169–183 (2019). https://github.com/SabaEskandarian/ObliDB
Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive 2012/144 (2012)
Fuller, B., et al.: SoK: cryptographically protected database search. In: IEEE Security & Privacy, pp. 172–191 (2017)
Garg, S., Mohassel, P., Papamanthou, C.: TWORAM: efficient oblivious RAM in two rounds with applications to searchable encryption. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 563–592. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_20
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game, or a completeness theorem for protocols with honest majority. In: Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pp. 307–328. ACM (2019)
Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37682-5_1
Grubbs, P., Lacharité, M., Minaud, B., Paterson, K.: Pump up the volume: practical database reconstruction from volume leakage on range queries. In: ACM CCS, pp. 315–331 (2018)
Grubbs, P., Lacharite, M.S., Minaud, B., Paterson, K.G.: Learning to reconstruct: statistical learning theory and encrypted database attacks. In: IEEE Security & Privacy, pp. 1067–1083 (2019)
Grubbs, P., Ristenpart, T., Shmatikov, V.: Why your encrypted database is not secure. In: 16th Workshop on Hot Topics in Operating Systems, pp. 162–168 (2017)
Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_31
He, W., Akhawe, D., Jain, S., Shi, E., Song, D.X.: ShadowCrypt: encrypted web applications for everyone. In: ACM SIGSAC, pp. 1028–1039. ACM (2014)
Ishai, Y., Kushilevitz, E., Lu, S., Ostrovsky, R.: Private large-scale databases with distributed searchable symmetric encryption. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 90–107. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_6
Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: NDSS. The Internet Society (2012)
Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M., Steiner, M.: Outsourced symmetric private information retrieval. In: ACM SIGSAC CCS 2013, pp. 875–888. ACM (2013)
Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) the ACM CCS 2012, pp. 965–976. ACM (2012)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. CRC Press, Boca Raton (2014)
Lacharité, M., Minaud, B., Paterson, K.G.: Improved reconstruction attacks on encrypted data using range query leakage. In: 2018 IEEE Security & Privacy, pp. 297–314 (2018)
Lai, S., Yuan, X., Sun, S., Liu, J.K., Liu, Y., Liu, D.: GraphSE\({^2}\): an encrypted graph database for privacy-preserving social search. In: ACM Security Asia CCS, pp. 41–54. ACM (2019)
Lau, B., Chung, S.P., Song, C., Jang, Y., Lee, W., Boldyreva, A.: Mimesis aegis: a mimicry privacy shield-a system’s approach to data privacy on public cloud. In: 23rd USENIX Security Symposium. pp. 33–48. USENIX Association (2014)
Lewi, K., Wu, D.J.: Order-revealing encryption: new constructions, applications, and lower bounds. In: ACM SIGSAC- CCS 2016. ACM Press (2016)
Liu, G., Yang, G., Wang, H., Xiang, Y., Dai, H.: A novel secure scheme for supporting complex SQL queries over encrypted databases in cloud computing. Secur. Commun. Netw. 2018(2), 1–15 (2018)
Meng, X., Kamara, S., Nissim, K., Kollios, G.: GRECS: graph encryption for approximate shortest distance queries. In: 22nd ACM SIGSAC. ACM (2015)
Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: an efficient oblivious search index. In: 2018 IEEE Symposium on Security and Privacy, pp. 279–296 (2018)
Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property preserving encrypted databases. In: 22nd ACM SIGSAC-CCS 2015. ACM Press (2015)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16
Papadimitriou, A., et al.: Big data analytics over encrypted datasets with seabed. In: 12th USENIX Symposium on OS Design and Implementation. USENIX Association (2016)
Pappas, V., et al.: Blind seer: a scalable private DBMS. In: 2014 IEEE Security & Privacy, pp. 359–374. IEEE (2014)
Poddar, R., Boelter, T., Popa, R.A.: Arx: an encrypted database using semantically secure encryption. Proc. VLDB Endow. 12(11), 1664–1678 (2019)
Popa, R.A., Li, F.H., Zeldovich, N.: An ideal-security protocol for order-preserving encoding. In: 2013 IEEE Symposium on Security and Privacy, pp. 463–477 (2013)
Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: processing queries on an encrypted database. Commun. ACM 55(9), 103–111 (2012). https://github.com/CryptDB/cryptdb
Pouliot, D., Wright, C.V.: The shadow nemesis: inference attacks on efficiently deployable, efficiently searchable encryption. In: ACM SIGSAC, pp. 1341–1352. ACM (2016)
Priebe, C., Vaswani, K., Costa, M.: EnclaveDB: a secure database using SGX. In: 2018 IEEE Symposium on Security and Privacy, pp. 264–278 (2018)
Saha, T.K., Rathee, M., Koshiba, T.: Efficient private database queries using ring-LWE somewhat homomorphic encryption. J. Inf. Secur. Appl. 49, 102406 (2019)
Sarfraz, M.I., Nabeel, M., Cao, J., Bertino, E.: DBMask: fine-grained access control on encrypted relational databases. Trans. Data Priv. 9(3), 187–214 (2016)
Microsoft SEAL: Microsoft Research (release 3.5), Redmond, WA (2020). https://github.com/Microsoft/SEAL
Shay, R., Blumenthal, U., Gadepally, V., Hamlin, A., Mitchell, J., Cunningham, R.: Don’t even ask: database access control through query control. SIGMOD Rec. 47(3), 17–22 (2018)
Song, D.X., Wagner, D.A., Perrig, A.: Practical techniques for searches on encrypted data. In: 2000 IEEE Symposium on Security and Privacy, pp. 44–55 (2000)
Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. J. ACM 65(4), 18:1–18:26 (2018)
Tex, C., Schäler, M., Böhm, K.: Towards meaningful distance-preserving encryption. In: 30th International Conference on Scientific and Statistical Database Management, SSDBM, pp. 2:1–2:12 (2018)
Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. Proc. VLDB Endow. 6, 289–300 (2013). https://github.com/stephentu/monomi-optimizer/
Vinayagamurthy, D., Gribov, A., Gorbunov, S.: StealthDB: a scalable encrypted database with full SQL query support. PoPETs 2019(3), 370–388 (2019)
Wiese, L., Waage, T., Brenner, M.: CloudDBGuard: a framework for encrypted data storage in NoSQL wide column stores. Data Knowl. Eng. 126, 101732 (2020)
Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN computation on encrypted databases. In: ACM SIGMOD 2009, pp. 139–152 (2009)
Yao, A.C.: Protocols for secure computations (extended abstract). In: 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. IEEE Computer Society (1982)
Yuan, X., Guo, Y., Wang, X., Wang, C., Li, B., Jia, X.: EncKV: an encrypted key-value store with rich queries. In: ACM Asia CCS, pp. 423–435 (2017)
Zhou, Y., Li, N., Tian, Y., An, D., Wang, L.: Public key encryption with keyword search in cloud: a survey. Entropy 22(4), 421 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ganesh, B., Palmieri, P. (2021). A Survey of Advanced Encryption for Database Security: Primitives, Schemes, and Attacks. In: Nicolescu, G., Tria, A., Fernandez, J.M., Marion, JY., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2020. Lecture Notes in Computer Science(), vol 12637. Springer, Cham. https://doi.org/10.1007/978-3-030-70881-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-70881-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-70880-1
Online ISBN: 978-3-030-70881-8
eBook Packages: Computer ScienceComputer Science (R0)