research-article

Supporting complex queries and access policies for multi-user encrypted databases

Authors:

Muhammad Rizwan Asghar,

Giovanni Russello,

Mihaela IonAuthors Info & Claims

CCSW '13: Proceedings of the 2013 ACM workshop on Cloud computing security workshop

Pages 77 - 88

https://doi.org/10.1145/2517488.2517492

Published: 08 November 2013 Publication History

Abstract

Cloud computing is an emerging paradigm offering companies (virtually) unlimited data storage and computation at attractive costs. It is a cost-effective model because it does not require deployment and maintenance of any dedicated IT infrastructure. Despite its benefits, it introduces new challenges for protecting the confidentiality of the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Companies need new mechanisms to control access to the outsourced data and allow users to query the encrypted data without revealing sensitive information to the cloud provider. State-of-the-art schemes do not allow complex encrypted queries over encrypted data in a multi-user setting. Instead, those are limited to keyword searches or conjunctions of keywords. This paper extends work on multi-user encrypted search schemes by supporting SQL-like encrypted queries on encrypted databases. Furthermore, we introduce access control on the data stored in the cloud, where any administrative actions (such as updating access rights or adding/deleting users) do not require re-distributing keys or re-encryption of data. Finally, we implemented our scheme and presented its performance, thus showing feasibility of our approach.

References

[1]

D. X. Song, D. Wagner, and A. Perrig, "Practical techniques for searches on encrypted data," in Security and Privacy, 2000. S P 2000. Proceedings. 2000 IEEE Symposium on, pp. 44--55, 2000.

Digital Library

[2]

H. Hacigümüs, B. R. Iyer, C. Li, and S. Mehrotra, "Executing sql over encrypted data in the database-service-provider model," in Proceedings of the 2002 ACM SIGMOD international conference on Management of data, SIGMOD '02, (New York, NY, USA), pp. 216--227, ACM, 2002.

Digital Library

[3]

E.-J. Goh, "Secure indexes. Cryptology ePrint Archive", Report 2003/216, 2003. http://eprint.iacr.org/.

[4]

P. Golle, J. Staddon, and B. Waters, "Secure conjunctive keyword search over encrypted data," in Applied Cryptography and Network Security (M. Jakobsson, M. Yung, and J. Zhou, eds.), vol. 3089 of Lecture Notes in Computer Science, pp. 31--45, Springer Berlin Heidelberg, 2004.

[5]

Y.-C. Chang and M. Mitzenmacher, "Privacy preserving keyword searches on remote encrypted data," in Applied Cryptography and Network Security (J. Ioannidis, A. Keromytis, and M. Yung, eds.), vol. 3531 of Lecture Notes in Computer Science, pp. 442--455, Springer Berlin Heidelberg, 2005.

Digital Library

[6]

H. Wang and L. V. S. Lakshmanan, "Efficient secure query evaluation over encrypted xml databases," in Proceedings of the 32nd international conference on Very large data bases, VLDB '06, pp. 127--138, VLDB Endowment, 2006.

Digital Library

[7]

C. Bosch, R. Brinkman, P. Hartel, and W. Jonker, "Conjunctive wildcard search over encrypted data," in Secure Data Management (W. Jonker and M. Petkovic, eds.), vol. 6933 of Lecture Notes in Computer Science, pp. 114--127, Springer Berlin Heidelberg, 2011.

Digital Library

[8]

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan, "Cryptdb: protecting confidentiality with encrypted query processing," in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP '11, (New York, NY, USA), pp. 85--100, ACM, 2011.

Digital Library

[9]

D. Boneh, G. Crescenzo, R. Ostrovsky, and G. Persiano, "Public key encryption with keyword search," in Advances in Cryptology - EUROCRYPT 2004 (C. Cachin and J. Camenisch, eds.), vol. 3027 of Lecture Notes in Computer Science, pp. 506--522, Springer Berlin Heidelberg, 2004.

[10]

R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky, "Searchable symmetric encryption: improved definitions and efficient constructions," in Proceedings of the 13th ACM conference on Computer and communications security, CCS '06, (New York, NY, USA), pp. 79--88, ACM, 2006.

Digital Library

[11]

D. Boneh and B. Waters, "Conjunctive, subset, and range queries on encrypted data," in Theory of Cryptography (S. Vadhan, ed.), vol. 4392 of Lecture Notes in Computer Science, pp. 535--554, Springer Berlin Heidelberg, 2007.

Digital Library

[12]

J. Baek, R. Safavi-Naini, and W. Susilo, "Public key encryption with keyword search revisited," in Computational Science and Its Applications - ICCSA 2008 (O. Gervasi, B. Murgante, A. Lagana, D. Taniar, Y. Mun, and M. L. Gavrilova, eds.), vol. 5072 of Lecture Notes in Computer Science, pp. 1249--1259, Springer Berlin Heidelberg, 2008.

Digital Library

[13]

J. Katz, A. Sahai, and B. Waters, "Predicate encryption supporting disjunctions, polynomial equations, and inner products," in Advances in Cryptology - EUROCRYPT 2008 (N. Smart, ed.), vol. 4965 of Lecture Notes in Computer Science, pp. 146--162, Springer Berlin Heidelberg, 2008.

Digital Library

[14]

H. S. Rhee, J. H. Park, W. Susilo, and D. H. Lee, "Trapdoor security in a searchable public-key encryption scheme with a designated tester," Journal of Systems and Software, vol. 83, no. 5, pp. 763--771, 2010.

Digital Library

[15]

Y. Yang, H. Lu, and J. Weng, "Multi-user private keyword search for cloud computing," in Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on, pp. 264--271, 2011.

Digital Library

[16]

M. Li, S. Yu, N. Cao, and W. Lou, "Authorized private keyword search over encrypted data in cloud computing," in Distributed Computing Systems (ICDCS), 2011 31st International Conference on, pp. 383--392, 2011.

Digital Library

[17]

B. Zhu, B. Zhu, and K. Ren, "Peksrand: Providing predicate privacy in public-key encryption with keyword search," in Communications (ICC), 2011 IEEE International Conference on, pp. 1--6, 2011.

[18]

Y. Hwang and P. Lee, "Public key encryption with conjunctive keyword search and its extension to a multi-user system," in Pairing-Based Cryptography - Pairing 2007 (T. Takagi, T. Okamoto, E. Okamoto, and T. Okamoto, eds.), vol. 4575 of Lecture Notes in Computer Science, pp. 2--22, Springer Berlin Heidelberg, 2007.

Digital Library

[19]

C. Dong, G. Russello, and N. Dulay, "Shared and searchable encrypted data for untrusted servers," in Data and Applications Security XXII (V. Atluri, ed.), vol. 5094 of Lecture Notes in Computer Science, pp. 127--143, Springer Berlin Heidelberg, 2008.

Digital Library

[20]

F. Bao, R. Deng, X. Ding, and Y. Yang, "Private query on encrypted data in multi-user settings," in Information Security Practice and Experience (L. Chen, Y. Mu, and W. Susilo, eds.), vol. 4991 of Lecture Notes in Computer Science, pp. 71--85, Springer Berlin Heidelberg, 2008.

Digital Library

[21]

J. Shao, Z. Cao, X. Liang, and H. Lin, "Proxy re-encryption with keyword search," Information Sciences, vol. 180, no. 13, pp. 2576--2587, 2010.

Digital Library

[22]

S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, "Over-encryption: management of access control evolution on outsourced data," in Proceedings of the 33rd international conference on Very large data bases, VLDB '07, pp. 123--134, VLDB Endowment, 2007.

Digital Library

[23]

M. Raykova, H. Zhao, and S. Bellovin, "Privacy enhanced access control for outsourced data sharing," in Financial Cryptography and Data Security (A. Keromytis, ed.), vol. 7397 of Lecture Notes inComputer Science, pp. 223--238, Springer Berlin Heidelberg, 2012.

[24]

B. Hore, S. Mehrotra, and G. Tsudik, "A privacy-preserving index for range queries," in Proceedings of the Thirtieth international conference on Very large data bases - Volume 30, VLDB '04, pp. 720--731, VLDB Endowment, 2004.

Digital Library

[25]

B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu, "Secure multidimensional range queries over outsourced data," The VLDB Journal, vol. 21, no. 3, pp. 333--358, 2012.

Digital Library

[26]

N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, "Privacy-preserving multi-keyword ranked search over encrypted cloud data," in INFOCOM, 2011 Proceedings IEEE, pp. 829--837, 2011.

[27]

Y. Lu and G. Tsudik, "Enhancing data privacy in the cloud," in Trust Management V (I. Wakeman, E. Gudes, C. Jensen, and J. Crampton, eds.), vol. 358 of IFIP Advances in Information and Communication Technology, pp. 117--132, Springer Berlin Heidelberg, 2011.

[28]

S. Kamara, C. Papamanthou, and T. Roeder, "Dynamic searchable symmetric encryption," in Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, (New York, NY, USA), pp. 965--976, ACM, 2012.

Digital Library

[29]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, "Order preserving encryption for numeric data," in Proceedings of the 2004 ACM SIGMOD international conference on Management of data, SIGMOD '04, (New York, NY, USA), pp. 563--574, ACM, 2004.

Digital Library

[30]

A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill, "Order-preserving symmetric encryption," in Advances in Cryptology - EUROCRYPT 2009 (A. Joux, ed.), vol. 5479 of Lecture Notes in Computer Science, pp. 224--241, Springer Berlin Heidelberg, 2009.

Digital Library

[31]

A. Boldyreva, N. Chenette, and A. O'Neill, "Order-preserving encryption revisited: Improved security analysis and alternative solutions," in Advances in Cryptology - CRYPTO 2011 (P. Rogaway, ed.), vol. 6841 of Lecture Notes in Computer Science, pp. 578--595, Springer Berlin Heidelberg, 2011.

Digital Library

[32]

P. Paillier, "Public-key cryptosystems based on composite degree residuosity classes," in Advances in Cryptology - EUROCRYPT 1999 (J. Stern, ed.), vol. 1592 of Lecture Notes in Computer Science, pp. 223--238, Springer Berlin Heidelberg, 1999.

Digital Library

[33]

E. Shen, E. Shi, and B. Waters, "Predicate privacy in encryption systems," in Theory of Cryptography (O. Reingold, ed.), vol. 5444 of Lecture Notes in Computer Science, pp. 457--473, Springer Berlin Heidelberg, 2009.

Digital Library

[34]

V. Goyal, O. Pandey, A. Sahai, and B. Waters, "Attribute-based encryption for fine-grained access control of encrypted data," in Proceedings of the 13th ACM conference on Computer and communications security, CCS '06, (New York, NY, USA), pp. 89--98, ACM, 2006.

Digital Library

[35]

M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham, "Randomizable proofs and delegatable anonymous credentials," in Advances in Cryptology - CRYPTO 2009 (S. Halevi, ed.), vol. 5677 of Lecture Notes in Computer Science, pp. 108--125, Springer Berlin Heidelberg, 2009.

Digital Library

[36]

S. D. C. di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, and P. Samarati, "Enforcing dynamic write privileges in data outsourcing," Elsevier Computers & Security (COSE), 2013.

[37]

J. Bethencourt, A. Sahai, and B. Waters, "Ciphertext-policy attribute-based encryption," in Security and Privacy, 2007. SP '07. IEEE Symposium on, pp. 321--334, 2007.

Digital Library

[38]

R. Ostrovsky, A. Sahai, and B. Waters, "Attribute-based encryption with non-monotonic access structures," in Proceedings of the 14th ACM conference on Computer and communications security, CCS '07, (New York, NY, USA), pp. 195--203, ACM, 2007.

Digital Library

Cited By

Wang YPapadopoulos D(2023)Multi-User Collusion-Resistant Searchable Encryption for Cloud StorageIEEE Transactions on Cloud Computing10.1109/TCC.2023.3249189(1-16)Online publication date: 2023
https://doi.org/10.1109/TCC.2023.3249189
Wang XWu JWang J(2023)One for all: Efficient verifiable dynamic multi-user searchable encryption in the presence of corrupted usersJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.10170335:8(101703)Online publication date: Sep-2023
https://doi.org/10.1016/j.jksuci.2023.101703
Cui SSong XAsghar MGalbraith SRussello G(2021)Privacy-preserving Dynamic Symmetric Searchable Encryption with Controllable LeakageACM Transactions on Privacy and Security10.1145/344692024:3(1-35)Online publication date: 20-Apr-2021
https://dl.acm.org/doi/10.1145/3446920
Show More Cited By

Index Terms

Supporting complex queries and access policies for multi-user encrypted databases
1. Security and privacy

Recommendations

Enforcing Multi-user Access Policies to Encrypted Cloud Databases
POLICY '11: Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks

Cloud computing has the advantage that it offers companies (virtually) unlimited data storage at attractive costs. However, it also introduces new challenges for protecting the confidentiality of the data, and the access to the data. Sensitive data like ...
Improving security and efficiency of time-bound access to outsourced data
Compute '13: Proceedings of the 6th ACM India Computing Convention

In time-bound access control, access to the system resources by authorized users is limited to specific time periods. In 2012, Vimercati, Foresti, Jajodia and Livraga proposed a scheme for time-bound access control to outsourced data in cloud using ...
Multiuser private queries over encrypted databases

Searchable encryption schemes allow users to perform keyword-based searches on an encrypted database. Almost all existing such schemes only consider the scenario where a single user acts as both the data owner and the querier. However, most databases in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '13: Proceedings of the 2013 ACM workshop on Cloud computing security workshop

November 2013

132 pages

ISBN:9781450324908

DOI:10.1145/2517488

Program Chairs:
Ari Juels
RSA Laboratories, USA
,
Bryan Parno
Microsoft Research, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 8, 2013

Berlin, Germany

Acceptance Rates

CCSW '13 Paper Acceptance Rate 11 of 28 submissions, 39%;

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
515
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Wang YPapadopoulos D(2023)Multi-User Collusion-Resistant Searchable Encryption for Cloud StorageIEEE Transactions on Cloud Computing10.1109/TCC.2023.3249189(1-16)Online publication date: 2023
https://doi.org/10.1109/TCC.2023.3249189
Wang XWu JWang J(2023)One for all: Efficient verifiable dynamic multi-user searchable encryption in the presence of corrupted usersJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.10170335:8(101703)Online publication date: Sep-2023
https://doi.org/10.1016/j.jksuci.2023.101703
Cui SSong XAsghar MGalbraith SRussello G(2021)Privacy-preserving Dynamic Symmetric Searchable Encryption with Controllable LeakageACM Transactions on Privacy and Security10.1145/344692024:3(1-35)Online publication date: 20-Apr-2021
https://dl.acm.org/doi/10.1145/3446920
Wang YPapadopoulos DCao JHo Au MLin ZYung M(2021)Multi-User Collusion-Resistant Searchable Encryption with Optimal Search TimeProceedings of the 2021 ACM Asia Conference on Computer and Communications Security10.1145/3433210.3437535(252-264)Online publication date: 24-May-2021
https://dl.acm.org/doi/10.1145/3433210.3437535
Song QLiu ZCao JSun KLi QWang C(2021)SAP-SSE: Protecting Search Patterns and Access Patterns in Searchable Symmetric EncryptionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.304205816(1795-1809)Online publication date: 2021
https://doi.org/10.1109/TIFS.2020.3042058
Cui SBelguith SDe Alwis PAsghar MRussello G(2021)Collusion Defender: Preserving Subscribers’ Privacy in Publish and Subscribe SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.289882718:3(1051-1064)Online publication date: 1-May-2021
https://doi.org/10.1109/TDSC.2019.2898827
Almakdi SPanda BAlshehri MAlazeb A(2021)An Efficient Secure System for Fetching Data From the Outsourced Encrypted DatabasesIEEE Access10.1109/ACCESS.2021.30821399(78474-78494)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3082139
Dauterman EFeng ELuo EPopa RStoica ILu SHowell J(2020)DORYProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488828(1101-1119)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.5555/3488766.3488828
Sun SZuo CLiu JSakzad ASteinfeld RYuen TYuan XGu D(2020)Non-Interactive Multi-Client Searchable Encryption: Realization and ImplementationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.2973633(1-1)Online publication date: 2020
https://doi.org/10.1109/TDSC.2020.2973633
Almakdi SPanda B(2020)Designing a Bit-Based Model to Accelerate Query Processing Over Encrypted Databases in CloudCloud Computing, Smart Grid and Innovative Frontiers in Telecommunications10.1007/978-3-030-48513-9_40(500-518)Online publication date: 23-May-2020
https://doi.org/10.1007/978-3-030-48513-9_40
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents