Executing SQL queries over encrypted character strings in the Database-As-Service model

Authors:
Zongda Wu;Guandong Xu;Zong Yu;Xun Yi;Enhong Chen;Yanchun Zhang
Affiliations:
Oujiang College, Wenzhou University, Wenzhou 325035, China and University of Science and Technology of China, Hefei 230016, China;School of Engineering and Science, Victoria University, Melbourne, Australia;West Anhui University, Luan 237012, China and University of Science and Technology of China, Hefei 230016, China;School of Engineering and Science, Victoria University, Melbourne, Australia;University of Science and Technology of China, Hefei 230016, China;School of Engineering and Science, Victoria University, Melbourne, Australia
Venue:
Knowledge-Based Systems
Year:
2012

Citing 22
Cited 1

A new privacy homomorphism and applications

Information Processing Letters
Introduction to algorithms

Introduction to algorithms
Executing SQL over encrypted data in the database-service-provider model

Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Foundations of Secure Computation

Foundations of Secure Computation
Accurate estimation of the number of tuples satisfying a condition

SIGMOD '84 Proceedings of the 1984 ACM SIGMOD international conference on Management of data
A Security Architecture for Mobile Agent Based Applications

World Wide Web
Cryptography and Relational Database Management Systems

IDEAS '01 Proceedings of the International Database Engineering & Applications Symposium
Providing Database as a Service

ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Order preserving encryption for numeric data

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Storage and Query over Encrypted Character and Numerical Data in Database

CIT '05 Proceedings of the The Fifth International Conference on Computer and Information Technology
Ws-AC: A Fine Grained Access Control System for Web Services

World Wide Web
Secure communications with an asymptotic secrecy model

Knowledge-Based Systems
A privacy-preserving index for range queries

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Expressive security policy rules using Layered Conceptual Graphs

Knowledge-Based Systems
Distributed agents model for intrusion detection based on AIS

Knowledge-Based Systems
Secrecy of cryptographic protocols under equational theory

Knowledge-Based Systems
Silog: Speech input logon

Knowledge-Based Systems
Combining fragmentation and encryption to protect privacy in data storage

ACM Transactions on Information and System Security (TISSEC)
Dealing with inconsistent secure messages by weighting majority

Knowledge-Based Systems
Towards Secure and Effective Utilization over Encrypted Cloud Data

ICDCSW '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems Workshops
GMQL: A graphical multimedia query language

Knowledge-Based Systems
Query optimization in encrypted database systems

DASFAA'05 Proceedings of the 10th international conference on Database Systems for Advanced Applications

A Patient Privacy Protection Scheme for Medical Information System

Journal of Medical Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Rapid advances in the networking technologies have prompted the emergence of the ''software as service'' model for enterprise computing, moreover, which is becoming one of the key industries quickly. ''Database as service'' model provides users power to store, modify and retrieve data from anywhere in the world, as long as they have access to the Internet, thus, being increasingly popular in current enterprise data management systems. However, this model introduces several challenges, an essential issue being how to implement SQL queries over encrypted data efficiently. To ensure data security, this model generally encrypts sensitive data at the trusted client's site, before storing them into the non-trusted database service provider's site, which, unfortunately, results in that SQL queries cannot be executed over the encrypted data immediately at the database service provider. In this paper we only focus on how to query encrypted character strings efficiently. Our strategy is that when storing character strings to the database service provider, we not only store the encrypted character strings themselves, but also generate some characteristic index values for these character strings, and store them in an additional field; and when querying the encrypted character strings, we first execute a coarse query over the characteristic index fields at the database service provider, in order to filter out most of tuples not related to the querying conditions, and then, we decrypt the rest tuples and execute a refined query over them again at the client site. In our strategy, we define an n-phase reachability matrix for a character string and use it as the characteristic index values, and based on such a definition, we present some theorems to split a SQL query into its server-side representation and client-side representation for partitioning the computation of a query across the client and the server and thus improving query performance. Finally, experimental results validate the functionality and effectiveness of our strategy.