Beyond the ideal object: towards disclosure-resilient order-preserving encryption schemes

  • Authors:

  • Sander Wozniak;Michael Rossberg;Sascha Grau;Ali Alshawish;Guenter Schaefer

  • Affiliations:

  • Technische Universität Ilmenau, Ilmenau, Germany;Technische Universität Ilmenau, Ilmenau, Germany;Technische Universität Ilmenau, Ilmenau, Germany;Technische Universität Ilmenau, Ilmenau, Germany;Technische Universität Ilmenau, Ilmenau, Germany

  • Venue:
  • Proceedings of the 2013 ACM workshop on Cloud computing security workshop
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

With the emergence of affordable cloud services, users are currently moving data to external services providers. Hence, they implicitly trust providers to not abuse or "lose" sensitive data. To protect this data in the context of cloud computing, the use of Order-Preserving Encryption (OPE) has been suggested to encrypt data while still allowing efficient queries. The reference approach builds on Order-Preserving Functions (OPFs) drawn uniformly at random: the so-called "ideal object". However, recent results question the suitability of this construction, as its security properties turn out to be poor. In this article, we investigate possible alternatives. For this, we introduce two descriptive metrics rating one-wayness-related properties of OPF construction schemes, i.e., the ability of an adversary to estimate the plaintext when given a ciphertext and possible extra information. Furthermore, we propose three novel approaches to draw OPFs and apply the introduced metrics to study their security features in relation to the "ideal object". The results visualize the extent of insecurity caused by using the "ideal object" and qualify the suitability of the alternative schemes under different threat scenarios.