Authenticated-encryption with associated-data
Proceedings of the 9th ACM conference on Computer and communications security
The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?)
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Two-pass authenticated encryption faster than generic composition
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Designing secure indexes for encrypted databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Hi-index | 0.00 |
The database encryption scheme of Elovici et al. [3] uses encryption of individual cells in a data base table to preserve the database structure. A suitable index encryption scheme is also given for prevention of information leakage from the index. An updated and improved method for index encryption is described by the same authors in [12]. The security goals of these schemes are privacy and authenticity of the cell data at the given position in the table. Furthermore, the encrypted index data shall not have any correlation to the table column data to avoid information leakage. The index shall be protected against unauthorised modification of the index data. In the present paper we cryptanalyse these schemes with respect to possible instantiations and give counter-examples, i.e. give instantiations of these schemes with usual components that are insecure. These counter-examples highlight that the schemes involve assumptions about cryptographic primitives that do no necessarily hold. Furthermore, we show how to modify the schemes so that the original basic ideas of [3] and [12] lead to secure database and index encryption.