ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Collusion-resistant processing of SQL range predicates

Kesarwani, M and Kaul, A and Singh, G and Deshpande, PM and Haritsa, JR (2018) Collusion-resistant processing of SQL range predicates. In: 23rd International Conference on Database Systems for Advanced Applications, DASFAA 2018, 21 - 24 May 2018, Gold Coast, pp. 211-227.

DASFAA 2018_10828 _211-227_2018.pdf - Published Version

Download (2MB) | Preview
Official URL: https://doi.org/10.1007/978-3-319-91458-9_13


Prior solutions for securely handling SQL range predicates in outsourced cloud-resident databases have primarily focused on passive attacks in the Honest-but-Curious adversarial model, where the server is only permitted to observe the encrypted query processing. We consider here a significantly more powerful adversary, wherein the server can launch an active attack by clandestinely issuing specific range queries via collusion with a few compromised clients. The security requirement in this environment is that data values from a plaintext domain of size N should not be leaked to within an interval of size H. Unfortunately, all prior encryption schemes for range predicate evaluation are easily breached with only O(log2ψ) range queries, where ψ= N/ H. To address this lacuna, we present SPLIT, a new encryption scheme where the adversary requires exponentially more – O(ψ) – range queries to breach the interval constraint, and can therefore be easily detected by standard auditing mechanisms. The novel aspect of SPLIT is that each value appearing in a range-sensitive column is first segmented into two parts. These segmented parts are then independently encrypted using a layered composition of a Secure Block Cipher with the Order-Preserving Encryption and Prefix-Preserving Encryption schemes, and the resulting ciphertexts are stored in separate tables. At query processing time, range predicates are rewritten into an equivalent set of table-specific sub-range predicates, and the disjoint union of their results forms the query answer. A detailed evaluation of SPLIT on benchmark database queries indicates that its execution times are well within a factor of two of the corresponding plaintext times, testifying to its efficiency in resisting active adversaries.

Item Type: Conference Paper
Publication: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher: Springer Verlag
Additional Information: The copyright for this article belongs to the Authors.
Keywords: Petroleum reservoir evaluation; Query languages; Query processing; Routers, Auditing mechanism; Benchmark database; Collusion resistant; Encryption schemes; Interval constraint; Layered composition; Range predicates; Security requirements, Cryptography
Department/Centre: Division of Electrical Sciences > Computer Science & Automation
Division of Interdisciplinary Sciences > Computational and Data Sciences
Date Deposited: 02 Sep 2022 10:26
Last Modified: 02 Sep 2022 10:26
URI: https://eprints.iisc.ac.in/id/eprint/76370

Actions (login required)

View Item View Item