Security limitations of using secret sharing for data outsourcing

Authors:
Jonathan L. Dautrich;Chinya V. Ravishankar
Affiliations:
University of California, Riverside;University of California, Riverside
Venue:
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Year:
2012

Citing 12
Cited 1

On the worst-case complexity of integer Gaussian elimination

ISSAC '97 Proceedings of the 1997 international symposium on Symbolic and algebraic computation
How to share a secret

Communications of the ACM
Executing SQL over encrypted data in the database-service-provider model

Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Order preserving encryption for numeric data

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Privacy Preserving Query Processing Using Third Parties

ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
Database Management as a Service: Challenges and Opportunities

ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
Testing for the consecutive ones property, interval graphs, and graph planarity using PQ-tree algorithms

Journal of Computer and System Sciences
Keep a few: outsourcing data while maintaining confidentiality

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Privacy preserving query processing on secret share based data storage

DASFAA'11 Proceedings of the 16th international conference on Database systems for advanced applications - Volume Part I
Query processing in private data outsourcing using anonymization

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
Aggregation queries in the database-as-a-service model

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Security issues in querying encrypted data

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security

Compromising privacy in precise query protocols

Proceedings of the 16th International Conference on Extending Database Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Three recently proposed schemes use secret sharing to support privacy-preserving data outsourcing. Each secret in the database is split into n shares, which are distributed to independent data servers. A trusted client can use any k shares to reconstruct the secret. These schemes claim to offer security even when k or more servers collude, as long as certain information such as the finite field prime is known only to the client. We present a concrete attack that refutes this claim by demonstrating that security is lost in all three schemes when k or more servers collude. Our attack runs on commodity hardware and recovers a 8192-bit prime and all secret values in less than an hour for k=8.