Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Balancing confidentiality and efficiency in untrusted relational DBMSs
Proceedings of the 10th ACM conference on Computer and communications security
Order preserving encryption for numeric data
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Modeling and assessing inference exposure in encrypted databases
ACM Transactions on Information and System Security (TISSEC)
L-diversity: Privacy beyond k-anonymity
ACM Transactions on Knowledge Discovery from Data (TKDD)
Multi-Dimensional Range Query over Encrypted Data
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Predicate Privacy in Encryption Systems
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Order-Preserving Symmetric Encryption
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Controlling data in the cloud: outsourcing computation without outsourcing control
Proceedings of the 2009 ACM workshop on Cloud computing security
Data protection in outsourcing scenarios: issues and directions
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Conjunctive, subset, and range queries on encrypted data
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Predicate encryption supporting disjunctions, polynomial equations, and inner products
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
A secure multi-dimensional partition based index in DAS
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Keep a few: outsourcing data while maintaining confidentiality
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
RASP: efficient multidimensional range query on attack-resilient encrypted databases
Proceedings of the first ACM conference on Data and application security and privacy
Authorized Private Keyword Search over Encrypted Data in Cloud Computing
ICDCS '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems
Efficient and Private Access to Outsourced Data
ICDCS '11 Proceedings of the 2011 31st International Conference on Distributed Computing Systems
Aggregation queries in the database-as-a-service model
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Efficiency and security trade-off in supporting range queries on encrypted databases
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Security issues in querying encrypted data
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Privacy-preserving queries on encrypted data
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Oblivious RAM with o((logn)3) worst-case cost
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Revisiting the computational practicality of private information retrieval
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Secure multidimensional range queries over outsourced data
The VLDB Journal — The International Journal on Very Large Data Bases
Security limitations of using secret sharing for data outsourcing
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Inference attack against encrypted range queries on outsourced databases
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
Privacy and security for outsourced databases are often provided by Precise Query Protocols (PQPs). In a PQP, records are individually encrypted by a client and stored on a server. The client issues encrypted queries, which are run under encryption at the server, and the server returns the exact set of encrypted tuples needed to satisfy the query. We propose a general attack against the privacy of all PQPs that support range queries, using query results to partially order encrypted records. Existing attacks that seek to order etuples are less powerful and depend on weaknesses specific to particular PQPs. Our novel algorithm identifies permissible positions (loci) for encrypted records by organizing range query results using PQ-trees. These results can then be used to infer attribute values of encrypted records. We propose equivocation and permutation entropy as privacy metrics, and give experimental results that show PQP privacy to be easily compromised by our attack.