SoK: Cryptographically Protected Database Search

Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions: 1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms. 2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality. 3) An analysis of attacks against protected search for different base queries. 4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac

A Comparative Study and Analysis of Query in Encrypted Databases

تعد البيانات اليوم هي الموجود الرئيسي للشركات وأعمالها. عادة ما يتم تخزين هذه البيانات في قاعدة البيانات. يجب أن تكون جميع أنظمة قواعد البيانات قادرة على الاستجابة لطلبات الحصول على معلومات من المستخدم وهي استعلامات العمليات. هناك حاجة إلى خوارزميات التشفير التي توفر القدرة على الاستعلام عبر قاعدة البيانات المشفرة وتتيح تحسين تشفير وفك تشفير البيانات. ومع ذلك ، تطبيق خوارزميات التشفير على قاعدة البيانات المشفرة يعتبر التحدي الذي ينشأ هو في  انخفاض اداء النظام الناتج عن نشر خوارزمية التشفير في وقت التشغيل. لذلك ، تعرض هذه الورقة معظم الأعمال الحديثة التي تم إجراؤها على معالجة الاستعلام في  قاعدة البيانات المشفرة وتحليلها لتوضيح تحليل الأداء ، بناءً على مقاييس أداء مختلفة في كل عمل ذي صلةData is the main asset of the modern companies and their businesses. Typically, it is stored in the data-base. Every database system has to be capable of responding to information requests from users, which is queries of the process. Encryption mechanisms are required, which give the capability to the query over the encrypted data-base and permit the optimization of data encryption and decryption. However, applying encryption algorithms on Encrypted database then challenge arises that the efficiency of the system degrades on deploying encryption algorithm on the runtime. Therefore, this paper presents most of the recent works that have been conducted on the query preprocessing of encrypted database and analyzes them to clarify the performance analysis, based on different performance metrics in each related work

ANEW TECHNIQUE BY USING INVERTED TABLES AND 3D BOX FOR EFFICIENT QUERYING OVER AN ENCRYPTED DATABASE

The increase in the amount of data in encrypted databases has caused problems in data processing and retrieval time. In traditional query processing methods, there are many difficulties in execute query over an encrypted database because it is time- consuming. In this paper, proposes technique for querying encrypted databases records, allows authorized users to execute queries without decrypting all the records of the encrypted database. In this technique, inverted tables include the numbers of 3D box cover locations that were created to enhance and speed up the retrieval time of query and improve an approach of data embedding according to the random 3D box. The proposed method has been examined on the Iraqi voter encrypted Database. The retrieval time in (second, millisecond) has been computed for the traditional method of query processing and proposed technique that using inverted tables. The retrieval time of query executing of proposed techniques without retrieval of all the records of the encrypted database is 10.870 (seconds, millisecond) where the retrieval time of query executing of conventional method that’s retrieval of all the records of the encrypted database is 40.682 (seconds, millisecond)

Developing an Efficient Secure Query Processing Algorithm on Encrypted Databases using Data Compression

Distributed computing includes putting aside the data utilizing outsider storage and being able to get to this information from a place at any time. Due to the advancement of distributed computing and databases, high critical data are put in databases. However, the information is saved in outsourced services like Database as a Service (DaaS), security issues are raised from both server and client-side. Also, query processing on the database by different clients through the time-consuming methods and shared resources environment may cause inefficient data processing and retrieval. Secure and efficient data regaining can be obtained with the help of an efficient data processing algorithm among different clients. This method proposes a well-organized through an Efficient Secure Query Processing Algorithm (ESQPA) for query processing efficiently by utilizing the concepts of data compression before sending the encrypted results from the server to clients. We have addressed security issues through securing the data at the server-side by an encrypted database using CryptDB. Encryption techniques have recently been proposed to present clients with confidentiality in terms of cloud storage. This method allows the queries to be processed using encrypted data without decryption. To analyze the performance of ESQPA, it is compared with the current query processing algorithm in CryptDB. Results have proven the efficiency of storage space is less and it saves up to 63% of its space.

Preserving privacy in edge computing

Edge computing or fog computing enables realtime services to smart application users by storing data and services at the edge of the networks. Edge devices in the edge computing handle data storage and service provisioning. Therefore, edge computing has become a  new norm for several delay-sensitive smart applications such as automated vehicles, ambient-assisted living, emergency response services, precision agriculture, and smart electricity grids. Despite having great potential, privacy threats are the main barriers to the success of edge computing. Attackers can leak private or sensitive information of data owners and modify service-related data for hampering service provisioning in edge computing-based smart applications. This research takes privacy issues of heterogeneous smart application data into account that are stored in edge data centers. From there, this study focuses on the development of privacy-preserving models for user-generated smart application data in edge computing and edge service-related data, such as Quality-of-Service (QoS) data, for ensuring unbiased service provisioning. We begin with developing privacy-preserving techniques for user data generated by smart applications using steganography that is one of the data hiding techniques. In steganography, user sensitive information is hidden within nonsensitive information of data before outsourcing smart application data, and stego data are produced for storing in the edge data center. A steganography approach must be reversible or lossless to be useful in privacy-preserving techniques. In this research, we focus on numerical (sensor data) and textual (DNA sequence and text) data steganography. Existing steganography approaches for numerical data are irreversible. Hence, we introduce a lossless or reversible numerical data steganography approach using Error Correcting Codes (ECC). Modern lossless steganography approaches for text data steganography are mainly application-specific and lacks imperceptibility, and DNA steganography requires reference DNA sequence for the reconstruction of the original DNA sequence. Therefore, we present the first blind and lossless DNA sequence steganography approach based on the nucleotide substitution method in this study. In addition, a text steganography method is proposed that using invisible character and compression based encoding for ensuring reversibility and higher imperceptibility.  Different experiments are conducted to demonstrate the justification of our proposed methods in these studies. The searching capability of the stored stego data is challenged in the edge data center without disclosing sensitive information. We present a privacy-preserving search framework for stego data on the edge data center that includes two methods. In the first method, we present a keyword-based privacy-preserving search method that allows a user to send a search query as a hash string. However, this method does not support the range query. Therefore, we develop a range search method on stego data using an order-preserving encryption (OPE) scheme. In both cases, the search service provider retrieves corresponding stego data without revealing any sensitive information. Several experiments are conducted for evaluating the performance of the framework. Finally, we present a privacy-preserving service computation framework using Fully Homomorphic Encryption (FHE) based cryptosystem for ensuring the service provider's privacy during service selection and composition. Our contributions are two folds. First, we introduce a privacy-preserving service selection model based on encrypted Quality-of-Service (QoS) values of edge services for ensuring privacy. QoS values are encrypted using FHE. A distributed computation model for service selection using MapReduce is designed for improving efficiency. Second, we develop a composition model for edge services based on the functional relationship among edge services for optimizing the service selection process. Various experiments are performed in both centralized and distributed computing environments to evaluate the performance of the proposed framework using a synthetic QoS dataset

DRSIG: Domain and Range Specific Index Generation for encrypted Cloud data

One of the most fundamental services of cloud computing is Cloud storage service. Huge amount of sensitive data is stored in the cloud for easy remote access and to reduce the cost of storage. The confidential data is encrypt before uploading to the cloud server in order to maintain privacy and security. All conventional searchable symmetric encryption(SSE) schemes enable the users to search on the entire index file. In this paper, we propose the Domain and Range Specific Index Generation(DRSIG) scheme that minimizes the Index Generation time. This scheme adopts collection sort technique to split the index file into D Domains and R Ranges. The Domain is based on the length of the keyword; the Range splits within the domain based on the first letter of the keyword. A mathematical model is used to encrypt the indexed keyword that eliminates the information leakage. The time complexity of the index generation is O(NT × 3) where NT - Number of rows in index document and 3 is Number of columns in index document. Experiments have been conducted on real world dataset to validate proposed DRSIG scheme. It is observed that DRSIG scheme is efficient and provide more secure data than Ranked Searchable Symmetric Encryption(RSSE) Scheme