Results 1 - 10
of
30
CryptDB: Protecting confidentiality with encrypted query processing
- In SOSP
, 2011
"... Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in th ..."
Abstract
-
Cited by 124 (8 self)
- Add to MetaCart
(Show Context)
Online applications are vulnerable to theft of sensitive information because adversaries can exploit software bugs to gain access to private data, and because curious or malicious administrators may capture and leak data. CryptDB is a system that provides practical and provable confidentiality in the face of these attacks for applications backed by SQL databases. It works by executing SQL queries over encrypted data using a collection of efficient SQL-aware encryption schemes. CryptDB can also chain encryption keys to user passwords, so that a data item can be decrypted only by using the password of one of the users with access to that data. As a result, a database administrator never gets access to decrypted data, and even if all servers are compromised, an adversary cannot decrypt the data of any user who is not logged in. An analysis of a trace of 126 million SQL queries from a production MySQL server shows that CryptDB can support operations over encrypted data for 99.5% of the 128,840 columns seen in the trace. Our evaluation shows that CryptDB has low overhead, reducing throughput by 14.5 % for phpBB, a web forum application, and by 26 % for queries from TPC-C, compared to unmodified MySQL. Chaining encryption keys to user passwords requires 11–13 unique schema annotations to secure more than 20 sensitive fields and 2–7 lines of source code changes for three multi-user web applications.
Authorized private keyword search over encrypted data in cloud computing
, 2011
"... Abstract—In cloud computing, clients usually outsource their data to the cloud storage servers to reduce the management costs. While those data may contain sensitive personal information, the cloud servers cannot be fully trusted in protecting them. Encryption is a promising way to protect the confi ..."
Abstract
-
Cited by 55 (5 self)
- Add to MetaCart
(Show Context)
Abstract—In cloud computing, clients usually outsource their data to the cloud storage servers to reduce the management costs. While those data may contain sensitive personal information, the cloud servers cannot be fully trusted in protecting them. Encryption is a promising way to protect the confidentiality of the outsourced data, but it also introduces much difficulty to performing effective searches over encrypted information. Most existing works do not support efficient searches with complex query conditions, and care needs to be taken when using them because of the potential privacy leakages about the data owners to the data users or the cloud server. In this paper, using online Personal Health Record (PHR) as a case study, we first show the necessity of search capability authorization that reduces the privacy exposure resulting from the search results, and establish a scalable framework for Authorized Private Keyword Search (APKS) over encrypted cloud data. We then propose two novel solutions for APKS based on a recent cryptographic primitive, Hierarchical Predicate Encryption (HPE). Our solutions enable efficient multi-dimensional keyword searches with range query, allow delegation and revocation of search capabilities. Moreover, we enhance the query privacy which hides users ’ query keywords against the server. We implement our scheme on a modern workstation, and experimental results demonstrate its suitability for practical usage. I.
Shared and searchable encrypted data for untrusted servers
- in DBSec, ser. Lecture Notes in Computer Science
, 2008
"... Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the ..."
Abstract
-
Cited by 51 (6 self)
- Add to MetaCart
(Show Context)
Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data. But they all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide a concrete construction of the scheme and give formal proofs of its security. We also report on the results of our implementation. 1
Privacy Protection for Social Networking Platforms,” Web 2.0 Security and Privacy
, 2008
"... Social networking platforms integrate third-party content into social networking sites and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy ri ..."
Abstract
-
Cited by 43 (0 self)
- Add to MetaCart
(Show Context)
Social networking platforms integrate third-party content into social networking sites and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy risks associated with social networking APIs by presenting a privacy-by-proxy design for a privacy-preserving API. Our design is motivated by an analysis of the data needs and uses of Facebook applications. We studied 150 popular Facebook applications and found that nearly all applications could maintain their functionality using a limited interface that only provides access to an anonymized social graph and placeholders for user data. Since the platform host can control the third party applications’ output, privacy-by-proxy can be accomplished by using new tags and data transformations without major changes to either the platform architecture or applications.
Privacy Protection for Social Networking APIs
, 2008
"... Social networking APIs integrate third-party content into the site and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy risks associated with ..."
Abstract
-
Cited by 38 (0 self)
- Add to MetaCart
(Show Context)
Social networking APIs integrate third-party content into the site and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy risks associated with social networking APIs by presenting a privacy-by-proxy design for a privacypreserving API that is motivated by an analysis of the data needs and uses of Facebook applications. Our study of 150 popular Facebook applications reveals that nearly all applications could maintain their functionality using a limited interface that only provides access to an anonymized social graph and placeholders for user data. Since the platform host can control the third party applications ’ output, privacy-by-proxy can be accomplished without major changes to the platform architecture or applications by using new tags and data transformations.
CryptDB: A Practical Encrypted Relational DBMS
"... CryptDB is a DBMS that provides provable and practical privacy in the face of a compromised database server or curious database administrators. CryptDB works by executing SQL queries over encrypted data. At its core are three novel ideas: an SQL-aware encryption strategy that maps SQL operations to ..."
Abstract
-
Cited by 8 (1 self)
- Add to MetaCart
(Show Context)
CryptDB is a DBMS that provides provable and practical privacy in the face of a compromised database server or curious database administrators. CryptDB works by executing SQL queries over encrypted data. At its core are three novel ideas: an SQL-aware encryption strategy that maps SQL operations to encryption schemes, adjustable query-based encryption which allows CryptDB to adjust the encryption level of each data item based on user queries, and onion encryption to efficiently change data encryption levels. CryptDB only empowers the server to execute queries that the users requested, and achieves maximum privacy given the mix of queries issued by the users. The database server fully evaluates queries on encrypted data and sends the result back to the client for final decryption; client machines do not perform any query processing and client-side applications run unchanged. Our evaluation shows that CryptDB has modest overhead: on the TPC-C benchmark on Postgres, CryptDB reduces throughput by 27 % compared to regular Postgres. Importantly, CryptDB does not change the innards of existing DBMSs: we realized the implementation of CryptDB using client-side query rewriting/encrypting, user-defined functions, and server-side tables for public key information. As such, CryptDB is portable; porting CryptDB to MySQL required changing 86 lines of code, mostly at the connectivity layer. 1.
Privacy-Preserving Data Analytics as an Outsourced Service
- Proceedings of the ACM Secure Web Services Workshop
, 2008
"... Two sets of privacy requirements need to be fulfilled when a company’s accounting data is audited by an external party: the company needs to safeguard its data, while the audi-tors do not want to reveal their investigation methods. This problem is usually addressed by physically isolating data and a ..."
Abstract
-
Cited by 5 (2 self)
- Add to MetaCart
(Show Context)
Two sets of privacy requirements need to be fulfilled when a company’s accounting data is audited by an external party: the company needs to safeguard its data, while the audi-tors do not want to reveal their investigation methods. This problem is usually addressed by physically isolating data and auditors during the course of an audit. This approach how-ever no longer works when auditing is performed remotely. We present a searchable encryption scheme for outsourc-ing data analytics. In our scheme the data owner needs to encrypt his data only once and ship it in encrypted form to the data analyst. The data analyst can then perform a series of queries for which he must ask the data owner for help in translating the constants in the queries. Our searchable encryption schemes allows keyword searches and range queries. Furthermore it allows queries to reuse the results of previous queries as tokens and thereby make dependent queries without interaction. Nevertheless our scheme is provably secure.
Enhancing secured service interoperability with decentralized orchestration
- In Proceedings of the 23 nd International Conference on Data Engineering Workshops, ICDE Workshops (to appear). IEEE Computer Society, 2007. INRIA DPE in Decentralized Process Executions 31
"... Several current research efforts in business process modeling are investigating XML-based executable formal specification languages. The availability of the latter allows modeled processes to be exchanged between different organizations and executed without major architectural constraints. With the ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Several current research efforts in business process modeling are investigating XML-based executable formal specification languages. The availability of the latter allows modeled processes to be exchanged between different organizations and executed without major architectural constraints. With the existence of services that are invokable with processes rather than their regular input, it is very inexpensive to provide decentralized execution settings where services can establish direct interconnections following the logic of their processes. This paper describes and exemplifies our initial ideas about a method that derives such processes. We are interested to satisfy different information flow policies of involved services and privacy requirements of process designers that run counter to default decentralizations. We show how decentralized executions can be effective for service oriented processes that cannot be realized with centralized executions. 1
Inference attacks on property-preserving encrypted databases
, 2015
"... ABSTRACT Many encrypted database (EDB) systems have been proposed in the last few years as cloud computing has grown in popularity and data breaches have increased. The stateof-the-art EDB systems for relational databases can handle SQL queries over encrypted data and are competitive with commercia ..."
Abstract
-
Cited by 4 (0 self)
- Add to MetaCart
(Show Context)
ABSTRACT Many encrypted database (EDB) systems have been proposed in the last few years as cloud computing has grown in popularity and data breaches have increased. The stateof-the-art EDB systems for relational databases can handle SQL queries over encrypted data and are competitive with commercial database systems. These systems, most of which are based on the design of CryptDB (SOSP 2011 ), achieve these properties by making use of property-preserving encryption schemes such as deterministic (DTE) and orderpreserving encryption (OPE). In this paper, we study the concrete security provided by such systems. We present a series of attacks that recover the plaintext from DTE-and OPE-encrypted database columns using only the encrypted column and publicly-available auxiliary information. We consider well-known attacks, including frequency analysis and sorting, as well as new attacks based on combinatorial optimization. We evaluate these attacks empirically in an electronic medical records (EMR) scenario using real patient data from 200 U.S. hospitals. When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered. In particular, our attacks correctly recovered certain OPE-encrypted attributes (e.g., age and disease severity) for more than 80% of the patient records from 95% of the hospitals; and certain DTEencrypted attributes (e.g., sex, race, and mortality risk) for more than 60% of the patient records from more than 60% of the hospitals.
Enhancing data privacy in the cloud
- In 5th IFIP WG 11.11 International Conference on Trust Management (IFIPTM
, 2011
"... Abstract. Due to its low cost, robustness, flexibility and ubiquitous nature, cloud computing is changing the way entities manage their data. However, various privacy concerns arise whenever potentially sensitive data is outsourced to the cloud. This paper presents a novel approach for coping with ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Due to its low cost, robustness, flexibility and ubiquitous nature, cloud computing is changing the way entities manage their data. However, various privacy concerns arise whenever potentially sensitive data is outsourced to the cloud. This paper presents a novel approach for coping with such privacy concerns. The proposed scheme prevents the cloud server from learning any possibly sensitive plaintext in the outsourced databases. It also allows the database owner to delegate users to conducting content-level fine-grained private search and decryption. Moreover, our scheme supports private querying whereby neither the database owner nor the cloud server learns query details. Additional requirement that user's input be authorized by CA can also be supported.
