Loading...

Encryption Aware Query Processing for Data Outsourcing

Ghareh Chamani, Javad | 2022

172 Viewed
  1. Type of Document: Ph.D. Dissertation
  2. Language: Farsi
  3. Document No: 55196 (19)
  4. University: Sharif University of Technolog
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasool
  7. Abstract:
  8. Data outsourcing provides cost-saving and availability guarantees. However, privacy and confidentiality issues, disappoint owners from outsourcing their data. Although solutions such as CryptDB and SDB tried to provide secure and practical systems, their enforced limitations, made them useless in practice. Inability in search on encrypted data, is one of the most important existing challenges in such systems. Furthermore, the overhead of mechanisms such as FHEs, removes them from considering for any practical system. Indeed, special purpose encryptions would be the only usable mechanisms for such purposes. However, their limited functionality does not support some important required operations in real systems. In this thesis, we will investigate the required encryption schemes for searching on encrypted data and reduce proxy computations to improve the outsourcing system’s performance. Such schemes are based on data types' properties and will be integrated into a unified solution.First, we examine structured data types (e.g. timestamps) and propose a new cryptosystem, called SESOS (searchable outsourcing scheme for ordered structured data), which provides the ability to execute like queries, along with the search for exact matches, as well as comparison. In addition, the extended version, called XSESOS, allows for verifying the integrity of ciphertexts. At its heart, SESOS combines any order-preserving encryption (OPE) scheme with a novel encryption scheme called Multi-map Perfectly Secure Cryptosystem(MuPS). We prove that MuPS is perfectly secure, and hence SESOS enjoys the same security properties as the underlying OPE scheme. The overhead of executing equality and comparison operations is negligible. The performance of like queries is significantly improved by up to 1370X and the performance of result decryption improved by 520X compared to existing solutions on a database with merely 100K records (the improvement is even more significant in larger databases).Then, we introduce three novel constructions that improve previous searchable symmetric encryption schemes in multiple ways. The first scheme achieves Type-II backward privacy and our experimental evaluation shows it has 145-253× faster search computation times than previous constructions with the same leakage. Surprisingly, it is faster even than schemes with Type-III leakage which makes it one of the most efficient implementations of a forward and backward private scheme so far. The second one has search time that is asymptotically within a polylogarithmic multiplicative factor of the theoretical optimal (i.e., the result size of a search), and it achieves the strongest level of backward privacy (Type-I). Our final scheme improves upon the second one by reducing the number of roundtrips for a search at the cost of extra leakage (Type-III).After that, we shift our attention to the problem of multi-user dynamic searchable symmetric encryption (DMUSSE) where a data owner stores its encrypted documents on an untrusted remote server and wishes to selectively allow multiple users to access them by issuing keyword search queries. Specifically, we consider the case where some of the users may be corrupted and colluding with the server to extract additional information about the dataset (beyond what they have access to). We provide the first formal security definition for the dynamic setting as well as forward and backward privacy definitions. We then propose µSE, the first provably secure DMUSSE scheme and instantiate it in two versions, one based on oblivious data structures and one based on update queues, with different performance trade-offs. Furthermore, we extend µSE to support the verifiability of results. To achieve this, users need a secure digest initially computed by the data owner and changed after every update. We efficiently accommodate this, without relying on a trusted third party, by adopting a blockchain-based approach for the digests' dissemination and deploy our schemes over the permissioned Hyperledger Fabric blockchain. We prototype both versions and experimentally evaluate their practical performance, both as stand-alone systems and running on top of Hyperledger Fabric.Finally, we focus on the proxy architecture and propose a unified solution for an efficient data outsourcing system. Our system benefits trusted hardware to evaluate queries more efficiently.Due to the existing side-channel attacks which target access pattern leakages of trusted hardware, we propose some doubly-oblivious primitives that are secure against an adversary who has control of the service provider and can watch the memory access pattern. Our proposed doubly-oblivious data structures outperform existing solutions and allow us to make a unified data outsourcing system such that it can use our previous encryption schemes as modules of this system.
  9. Keywords:
  10. Data Outsourcing ; Database Security ; Cloud Computing ; Searchable Encryption ; Data Security ; Cloud Security

 Digital Object List

 Bookmark

No TOC