Managing and querying encrypted data Trần Mỹ Giao Huỳnh Mai Thúy
Outline Introduction 1 DAS - Storing and querying encrypted data Trust, Encryption Key- Management, Integrity & Data confidentiality References 2 3 4
Introduction Two new challenges emerge: o Efficient encryption algorithms for relational data o Supporting query on the encrypted relational data. Example: secure server.
Outline Introduction 1 DAS - Storing and querying encrypted data Trust, Encryption Key- Management, Integrity & Data confidentiality References 2 3 4
What is DAS ? It is a paradigm wherein data owned by a client is hosted on a third-party server There is significant interest in secure query evaluation over encrypted databases.
DAS - Storing and querying encrypted data DAS set up and security model Querying encrypted relational data Relational encryption and storage model Keyword search on encrypted text data Search over encrypted XML data
DAS setup and security Data-owner, clients, server Data must be encrypted on the server and only decrypted on the client-side.
Querying encrypted relational data EMP(eid, ename, salary, addr, did) DEPARTMENT(did, dname, mgr) The goal in DAS is to process the query directly at the server without the need to decrypt the data.
Querying encrypted relational data Requires mechanism to support the following basic operator over encrypted data Comparison operators Arithmetic operators
2 categories Approaches based on new encyption techniques Information-hiding based Approaches
Approaches based on new encryption techniques Support either arthrimetic and/or comparison operators – PH supports basic arithmetic operations,and doesn’t allow comparison. – Order-preserving encryption: support comparison, join, selection, sorting, grouping, not support aggregation. The limitation: – Only safe under limited situations where the adversary knowledge is limited.
Information-hiding based Approaches Store additional auxiliary information along with encrypted data Secure indices are designed carefully exploiting information hiding mechanism.
Information-hiding based Approaches 3 basic techniques: – Pertubation :Add a random value to the true value (numeric attribute) – Generalization : Replace a numeric or categorical value by a more general value – Swapping : swap the values of a specific attribute of two records
Information-hiding based Approaches Support comparison, select – project - join, sorting,grouping. Cannot support aggregation at the server.
Query processing architecture for DAS
Relational encryption and storage model R(A1, A2,.., An) Emp(etuple, eid, ename, salary, addr, did)
Relational encryption and storage model Partition functions: – Patition(emp.eid) = {[0,200], [200, 400],[400,600],[600, 800], [800, 1000]} Identification functions: E.g. : Ident(emp.eid)([0,200]) =2
Relational encryption and storage model Mapping functions – Map(emp.eid)(395) = 7 Storing encrypted data
Relational encryption and storage model Decyption functions – D(Rs) = R Mapping condition – To translate query conditions to corresponding conditions over the server-side, Map (cond) is called.
Translating Realtional Operator The Selection Operator: E.g. :C = eid < 395 & did = 140 (emp)
Query Execution Give an example:
Query Execution Give an example:
Query Execution Give an example:
Query Execution Give an example:
Keyword search on encrypted text data Answer is
Private key based search scheme on encrypted text data Secure index: reveals no imformation about its content to the adversary However, allows the adversary to tests the presence or absence of the keyword using a trapdoor A user search for documents containing word w, generates a trapdoor, which can be used by adversary to retieve documents.
Secure index’s creation Alice generates a sequence of pseudo-random values s1...sn, using a stream cipher. For each string si, Alice using pseudo-random function Fk(si) to generate a random m-bit sequence Then computes n-bit sequence ti= Ciphertext ci = wi XOR ti Secure index is a set of ci.
Secure index’s creation To prevent adversary from knowing what keyword is, pre- encrypt each word w using algorithm Ek Instead of using w below, we using xi = Ek(wi) to replace xi.
Search over encrypted XML data There has been little work in the area of encrypted XML data management. Two kinds of information the client may consider as sensitive: Individual node with its content Association between data values.
Search over encrypted XML data The notion of security constraints (SCs) that support both types of security requirements above. Such constraints can be specified in the form of Xpath expressions and may be classified as either node-type constraints or association-type constraints.
Search over encrypted XML data Hiding individual node with its content by encrypting their content Hiding Association between data values by encrypting any one of the nodes can enforce the SC
Search over encrypted XML data Query processing follows the typical DAS approach that we mentioned earlier Using two indexes( is call discontinuous structural interval index(DSI)) – One is the structural index to enable tree traversal – The second one is a value index for enabling attribute value based queries like range queries.
Search over encrypted XML data Use an “order-preserving encryption” scheme to transform the values from their original domain to a new domain Use B-trees to implement range-queries This scheme is unsafe under known plaintext attack
Outline Introduction 1 DAS - Storing and querying encrypted data Trust, Encryption Key- Management, Integrity & Data confidentiality References 2 3 4
Trust, Key- management, Integrity & Data confidentiality 3 basic models of trust that are widely studied in literature: Complete trust : the data management issues are similar to those arising in standard DBMS systems Partial trust : ensure the confidentiality of sensitive data Un-trusted model:ensure authenticity of data and correctness of query results
Trust, Key- management, Integrity & Data confidentiality Encrypting relational data Authentication and integrity issues Key management in DAS
Encrypting relational data Three important issues to keep in mind 1) Encryption algorithms 2) Encryption granularity 3) Efficient storage for encrypted data
1) Encryption algorithms Symmetric key DES : the effective key length is 56 bits, the block size is 64 bits AES : Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits Blowfish : 64-bit block size and a variable key length from 32 up to 448 bits
DES AES
Blowfish
1) Encryption algorithms
Public-key encryption: Avoids the problem of secure key distribution E.g. : RSA
2) Encryption granularity Field level The smallest achievable granularity Each attribute value of a tuple is encrypted separately
2) Encryption granularity Record / row level Each row is encrypted separately Does not differentiate between sensitive and non-sensitive data
2) Encryption granularity Attribute / column level: Only sensitive attributes are encrypted
2) Encryption granularity Page / block level : Whenever a page/block of sensitive data is stored, the entire block is encrypted
3) Efficient storage for encrypted data The performance issues associated with storage of encrypted data on the disk “ Partitioned Plaintext and Cipher text” (PPC) : – Cluster the non-sensitive and sensitive data minimize the number of encryption operations
3) Efficient storage for encrypted data – Use NSM requires only modifications to the page layout.
Authentication and integrity issues Data integrity and authentication can be provided at difference levels of granularity: the level of a table, a column, a row, an individual attribute value. Three flavor of database model: U nified client model
Multiple clients- single owner Multiple clients-multiple owners
Authentication and integrity issues One natural and intuitive solution for record-level integrity is to use message authentication codes (MAC) MAC is a keyed hash of record ‘s content, tend to be small and of constant length The MAC-s are attractive for the unified client model In multi owner and multi querier models, potentially many queriers for each client. In these settings, MAC-s are not useful (repudiation)
Key management in DAS The data owner first decides the key- assignment granularity: Database level : generate a single key for the whole database Table level : tables in database may be grouped one key generate for each group Row level : records in table be grouped each group is encrypted with a separate key
Key management in DAS In DAS key generation can be carried out at the client-side or at a third-party trusted server. The key generation process is classified into two classes: Pre computation : Key is generated ahead of time After that, be stored in the key registry(key-Id, key correspondence information, key mode, key material…) of the system Re computation The key generating information is stored
Outline Introduction 1 DAS - Storing and querying encrypted data Trust, Encryption Key- Management, Integrity & Data confidentiality References 2 3 4
Handbook of Database Security Applications and Trends
THANK YOU FOR LISTENING