Researching basic searchable encryption schemes in databases that support SQL
DOI:
https://doi.org/10.30837/rt.2022.3.210.04Keywords:
database, data warehouse, confidentiality, encryption, searchable encryptionAbstract
Currently, many users prefer to outsource data to third-party cloud servers in order to mitigate the load of local storage. However, storing sensitive data on remote servers creates security challenges and is a source of concern for data owners. With ever-growing security and privacy concerns, it is becoming increasingly important to encrypt data stored remotely. However, the use of traditional encryption prevents the search operation in the encrypted data. One approach to solving this problem is searchable encryption. Solutions for search in secure databases cover a wide range of cryptographic techniques, although there is still no dominant solution. Designing secure search systems is a balance between security, functionality, performance, and usability. Therefore, this paper provides an overview of some of the important current secure search solutions. The main searchable encryption systems of databases that support SQL are considered. The strengths and weaknesses of the analyzed systems and the techniques implemented in them are highlighted. A comparative analysis of some characteristics of the compared systems is given. Attention is drawn to the fact that the ability to perform search operations in encrypted data leads to a complication of systems, an increase in the amount of required memory and query execution time. All this indicates the openness of the protected search problem and the need for further research in this direction to ensure secure work with remote databases and data warehouses.
References
Abadi D., Ailamaki A., Andersen D., Bailis P., Balazinska M., Bernstein P., Boncz P., Chaudhuri S., et al. The Seattle Report on Database Research // ACM SIGMOD Record. 2019. 48. P. 44–53.
Fuller B., Varia M., Yerukhimovich A., Shen E., Hamlin A., Gadepally V., Shay R., Mitchell J. D., Cunningham R. K. Sok: Cryptographically protected database search // 2017 IEEE Symposium on Security and Privacy (SP), 2017. P. 172–191. https://doi.org/10.1109/SP.2017.10.
General Data Protection Regulation GDPR. URL: https://gdpr-info.eu/ (дата звернення: 12.06.2022).
Payment Card Industry (PCI) Data Security Standard. Requirements and Testing Procedures Version 4.0. 2022. URL: https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf (дата звернення: 12.06.2022).
Atchinson B. K., Fox D. M. From the field: the politics of the health insurance portability and accountability act. Health affairs. 1997. 16(3). P. 146-150.
Scholl M., Stine K., Hash J., Bowen P., Johnson A., et al. NIST Special Publication 800-66 Revision 1. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. 2008. URL: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-66r1.pdf (дата звернення: 12.06.2022).
Bösch, C., Hartel, P., Jonker, W., Peter, A. A survey of provably secure searchable encryption. ACM Computing Surveys (CSUR). 2014. 47(2). P. 1–51.
Єсін В. І., Вілігура В. В. Дослідження основних методів і схем шифрування з можливістю пошуку // Радіотехніка. 2022. № 209. С. 138–155.
Azraoui M., Önen M., Molva R. Framework for Searchable Encryption with SQL Databases. CLOSER. 2018. P. 57–67.
Pilyankevich E., Kornieiev D., Storozhuk A. Proxy-Mediated Searchable Encryption in SQL Databases Using Blind Indexes. Cryptology ePrint Archive. 2019.
Hacigümüş H., Iyer B., Li C., Mehrotra S. Executing SQL over encrypted data in the database-service-provider model // Proceedings of the 2002 ACM SIGMOD international conference on Management of data. 2002. P. 216–227. https://doi.org/10.1145/564691.564717.
Popa R. A., Redfield C. M., Zeldovich N., Balakrishnan H. CryptDB: protecting confidentiality with encrypted query processing // Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. SOSP '11. 2011. P. 85–100. https://doi.org/10.1145/2043556.2043566.
Paillier P. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes // Stern, J. (eds) Advances in Cryptology - EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, 1999. Vol 1592. P. 223–238. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_16.
Song D. X., Wagner D., Perrig A. Practical techniques for searches on encrypted data // Proceeding 2000 IEEE symposium on security and privacy. S&P 2000. IEEE, 2000. P. 44–55. https://doi.org/10.1109/SECPRI.2000.848445.
Tu S. L., Kaashoek M. F., Madden S. R., Zeldovich N. Processing analytical queries over encrypted data // Proceedings of the VLDB Endowment. 2013. 6(5). P. 289–300. https://doi.org/10.14778/2535573.2488336.
Halevi S., Rogaway P. A Tweakable Enciphering Mode // Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, 2003. Vol 2729. P. 482–499. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_28.
Bellare M., Rogaway P., Spies T. Addendum . The FFX mode of operation for format-preserving encryption // A parameter collection for enciphering strings of arbitrary radix and length, Draft 1.0, NIST. 2010. URL: https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/proposed-modes/ffx/ffx-spec2.pdf.
Boldyreva A., Chenette N., Lee Y., O’Neill A. Order-Preserving Symmetric Encryption // Joux, A. (eds) Advances in Cryptology - EUROCRYPT 2009. EUROCRYPT 2009. Lecture Notes in Computer Science, 2009. Vol 5479. P. 224–241. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01001-9_13.
Boldyreva, A., Chenette, N., O’Neill, A. Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions. In: Rogaway, P. (eds) // Advances in Cryptology – CRYPTO 2011. CRYPTO 2011. Lecture Notes in Computer Science. Springer, Berlin, Heidelberg. 2011. Vol. 6841. P. 578–595. https://doi.org/10.1007/978-3-642-22792-9_33.
Papadimitriou A., Bhagwan R., Chandran N., Ramjee R., Haeberlen A., Singh H., Modi A., Badrinarayanan S. Big data analytics over encrypted datasets with seabed // 12th USENIX symposium on operating systems design and implementation (OSDI 16). 2016. P. 587–602.
Poddar R., Boelter T., Popa R. A. Arx: an encrypted database using semantically secure encryption // Proceedings of the VLDB Endowment. 12(11). 2019. P. 1664–1678. https://doi.org/10.14778/3342263.3342641.
CipherSweet. URL: https://ciphersweet.paragonie.com/ (дата звернення: 12.06.2022).
Tarkoma S., Rothenberg C. E., Lagerspetz E. Theory and practice of bloom filters for distributed systems // IEEE Communications Surveys & Tutorials. 2011. 14(1). P. 131–155.
Blind Index Planning. URL: https://ciphersweet.paragonie.com/node.js/blind-index-planning. (дата звернення: 12.06.2022).
Cossack Labs Knowledge Base. Acra in a nutshell. URL: https://docs.cossacklabs.com/acra/ (дата звернення: 12.06.2022).
Bellare M., Canetti R., Krawczyk H. Keying Hash Functions for Message Authentication. In: Koblitz, N. (eds) // Advances in Cryptology - CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science. Springer, Berlin, Heidelberg. 1996. Vol 1109. P. 1–15. https://doi.org/10.1007/3-540-68697-5_1.
Turner J. M. The keyed-hash message authentication code (HMAC) // Federal Information Processing Standards Publication. 2008. 198(1). P. 1–13.
Pappas V., Krell F., Vo B., Kolesnikov V., Malkin T., Choi S. G., Bellovin S. Blind seer: A scalable private DBMS // 2014 IEEE Symposium on Security and Privacy. IEEE, 2014. P. 359-374.
Fisch B. A., Vo B., Krell F., Kumarasubramanian A., Kolesnikov V., Malkin T., Bellovin S. M. Malicious-client security in blind seer: a scalable private DBMS // 2015 IEEE Symposium on Security and Privacy. 2015. P. 395–410.
Cash D., Jarecki S., Jutla C., Krawczyk H., Roşu MC., Steiner M. Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries. In: Canetti, R., Garay, J.A. (eds) // Advances in Cryptology – CRYPTO 2013. CRYPTO 2013. Lecture Notes in Computer Science. 2013. Vol. 8042. P. 353–373. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40041-4_20.
Jarecki S., Jutla C., Krawczyk H., Rosu M., Steiner M. Outsourced symmetric private information retrieval // Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 2013. P. 875–888.
Faber S., Jarecki S., Krawczyk H., Nguyen Q., Rosu M., Steiner M. Rich Queries on Encrypted Data: Beyond Exact Matches. In: Pernul, G., Y A Ryan, P., Weippl, E. (eds) Computer Security – ESORICS 2015. ESORICS 2015. Lecture Notes in Computer Science. 2015. Vol 9327. P. 123–145. Springer, Cham. https://doi.org/10.1007/978-3-319-24177-7_7.
Ishai Y., Kushilevitz E., Lu S., Ostrovsky R. Private Large-Scale Databases with Distributed Searchable Symmetric Encryption // Sako, K. (eds) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. Lecture Notes in Computer Science. 2016. Vol. 9610. P. 90–107. Springer, Cham. https://doi.org/10.1007/978-3-319-29485-8_6.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
