Abstract
Data outsourcing and cloud computing have been emerging at an ever-growing rate as successful approaches for allowing users and companies to rely on external services for storing and managing data. As data and access to them are not under the control of the data owner, there is a clear need to provide proper confidentiality protection. Such requirements concern the confidentiality not only of the stored data (content) but also of the specific accesses (or patterns of them) that users make on such data.
In this article, we address these issues and propose an approach for guaranteeing content, access, and pattern confidentiality in a data outsourcing scenario. The proposed solution is based on the definition of a shuffle index structure, which adapts traditional B +-trees and, by applying a combination of techniques (covers, caches, and shuffling), ensures confidentiality of the data and of queries over them, protecting each single access as well as sequences thereof. The proposed solution also supports update operations over the data, while making reads and writes not recognizable as such by the server. We show that the shuffle index exhibits a limited performance cost, thus resulting effectively usable in practice.
- D. Agrawal, A. El Abbadi, and S. Wang. 2013. Secure and privacy-preserving database services in the cloud. In Proc. of the 29th International Conference on Data Engineering (ICDE’13). Google Scholar
Digital Library
- R. Agrawal, J. Kierman, R. Srikant, and Y. Xu. 2004. Order preserving encryption for numeric data. In Proc. of the 30th ACM International Conference on Management of Data (SIGMOD’04). Google Scholar
Digital Library
- V. Atluri, B. Shafiq, S. Ae Chun, G. Nabi, and J. Vaidya. 2011. UICDS-based information sharing among emergency response application systems. In Proc. of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging Times (DG.O’11). Google Scholar
Digital Library
- M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. 1997. A concrete security treatment of symmetric encryption. In Proc. of the 38th Annual Symposium on Foundations of Computer Science (FOCS’97). Google Scholar
Digital Library
- M. Bellare and C. Namprempre. 2008. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology 21, 4 (2008), 469--491. Google Scholar
Digital Library
- A. Bessani, M. Correia, B. Quaresma, F. André, and P. Sousa. 2011. DepSky: dependable and secure storage in a cloud-of-clouds. In Proc. of the 6th Conference on Computer Systems (EuroSys’11). Google Scholar
Digital Library
- K. D. Bowers, A. Juels, and A. Oprea. 2009. HAIL: A high-availability and integrity layer for cloud storage. In Proc. of the 16th ACM Conference on Computer and Communications Security (CCS’09). Google Scholar
Digital Library
- A. Ceselli, E. Damiani, S. De Capitani di Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. 2005. Modeling and assessing inference exposure in encrypted databases. ACM Transactions on Information and System Security 8, 1 (2005), 119--152. Google Scholar
Digital Library
- Y. C. Chang and M. Mitzenmacher. 2005. Privacy preserving keyword searches on remote encrypted data. In Proc. of the 3rd International Conference on Applied Cryptography and Network Security (ACNS’05). Google Scholar
Digital Library
- R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. 2006. Searchable symmetric encryption: Improved definitions and efficient constructions. In Proc. of the 13th ACM Conference on Computer and Communications Security (CCS’06). Google Scholar
Digital Library
- E. Damiani, S. De Capitani Vimercati, S. Jajodia, S. Paraboschi, and P. Samarati. 2003. Balancing confidentiality and efficiency in untrusted relational DBMSs. In Proc. of the 10th ACM Conference on Computer and Communications Security (CCS’03). Google Scholar
Digital Library
- S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, G. Pelosi, and P. Samarati. 2008. Preserving confidentiality of security policies in data outsourcing. In Proc. of the Workshop on Privacy in the Electronic Society (WPES'08). Google Scholar
Digital Library
- S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, and P. Samarati. 2011a. Efficient and private access to outsourced data. In Proc. of the 31st International Conference on Distributed Computing Systems (ICDCS’11). Google Scholar
Digital Library
- S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, and P. Samarati. 2011b. Supporting concurrency in private data outsourcing. In Proc. of the 16th European Symposium On Research In Computer Security (ESORICS’11). Google Scholar
Digital Library
- S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, and P. Samarati. 2013a. Distributed shuffling for preserving access confidentiality. In Proc. of the 18th European Symposium On Research In Computer Security (ESORICS’13).Google Scholar
- S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, G. Pelosi, and P. Samarati. 2013b. Supporting concurrency and multiple indexes in private access to outsourced data. Journal of Computer Security (JCS) 21, 3 (2013), 425--461. Google Scholar
Digital Library
- S. De Capitani di Vimercati, S. Foresti, and P. Samarati. 2012. Managing and accessing data in the cloud: Privacy risks and approaches. In Proc. of the 7th International Conference on Risks and Security of Internet and Systems (CRiSIS’12). Google Scholar
Digital Library
- X. Ding, Y. Yang, and R. H. Deng. 2011. Database access pattern protection without full-shuffles. IEEE Transactions on Information Forensics and Security 6, 1 (2011), 189--201. Google Scholar
Digital Library
- S. Foresti. 2011. Preserving Privacy in Data Outsourcing. Springer. Google Scholar
Digital Library
- O. Goldreich and R. Ostrovsky. 1996. Software protection and simulation on oblivious RAMs. Journal of the ACM 43, 3 (1996), 431--473. Google Scholar
Digital Library
- J. Gray, P. Sundaresan, S. Englert, K. Baclawski, and P. J. Weinberger. 1994. Quickly generating billion-record synthetic databases. In Proc. of the 20th ACM International Conference on Management of Data (SIGMOD’94). Google Scholar
Digital Library
- H. Hacigümüs, B. Iyer, and S. Mehrotra. 2002a. Providing database as a service. In Proc. of the 18th International Conference on Data Engineering (ICDE’02). Google Scholar
Digital Library
- H. Hacigümüs, B. Iyer, and S. Mehrotra. 2004. Efficient execution of aggregation queries over encrypted relational databases. In Proc. of the 9th International Conference on Database Systems for Advances Applications (DASFAA’04).Google Scholar
- H. Hacigümüs, B. Iyer, S. Mehrotra, and C. Li. 2002b. Executing SQL over encrypted data in the database-service-provider model. In Proc. of the ACM International Conference on Management of Data (SIGMOD’02). Google Scholar
Digital Library
- B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu. 2012. Secure multidimensional range queries over outsourced data. The VLDB Journal 21, 3 (2012), 333--358. Google Scholar
Digital Library
- M. S. Islam, M. Kuzu, and M. Kantarcioglu. 2014. Inference attack against encrypted range queries on outsourced databases. In Proc. of the 4th ACM Conference on Data and Application Security and Privacy (CODASPY’14). Google Scholar
Digital Library
- R. Jhawar, V. Piuri, and P. Samarati. 2012. Supporting security requirements for resource management in cloud computing. In Proc. of the 2012 IEEE International Conference on Computational Science and Engineering (CSE’12). Google Scholar
Digital Library
- M. Kandias, N. Virvilis, and D. Gritzalis. 2011. The insider threat in cloud computing. In Proc. of the 6th Conference on Critical Information Infrastructures Security (CRITIS’11).Google Scholar
- P. Lin and K. S. Candan. 2004a. Hiding traversal of tree structured data from untrusted data stores. In Proc. of the 2nd International Workshop on Security in Information Systems (WOSIS’04).Google Scholar
- P. Lin and K. S. Candan. 2004b. Secure and privacy preserving outsourcing of tree structured data. In Proc. of the 1st International Conference on Secure Data Management (SDM’04).Google Scholar
- R. Ostrovsky and W. E. Skeith, III. 2007. A survey of single-database private information retrieval: Techniques and applications. In Proc. of the 10th International Conference on Practice and Theory in Public-Key Cryptography (PKC’07). Google Scholar
Digital Library
- H. Pang, J. Zhang, and K. Mouratidis. 2013. Enhancing access privacy of range retrievals over B+-trees. IEEE Transactions on Knowledge and Data Engineering 25, 7 (2013), 1533--1547. Google Scholar
Digital Library
- K. Ren, C. Wang, and Q. Wang. 2012. Security challenges for the public cloud. IEEE Internet Computing 16, 1 (2012), 69--73. Google Scholar
Digital Library
- E. Shmueli, R. Waisenberg, Y. Elovici, and E. Gudes. 2005. Designing secure indexes for encrypted databases. In Proc. of the 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec’05). Google Scholar
Digital Library
- B. W. Silverman. 1986. Density Estimation for Statistics and Data Analysis (1st ed.). Chapman & Hall Monographs on Statistics & Applied Probability.Google Scholar
- R. Sion and B. Carbunar. 2007. On the computational practicality of private information retrieval. In Proc. of the 14th Annual Network & Distributed System Security Conference (NDSS’’07).Google Scholar
- D. X. Song, D. Wagner, and A. Perrig. 2000. Practical techniques for searches on encrypted data. In Proc. of the 21st IEEE Symposium on Security and Privacy (S&P’’00). Google Scholar
Digital Library
- E. Stefanov and E. Shi. 2013. ObliviStore: High performance oblivious cloud storage. In Proc. of the 34th IEEE Symposium on Security and Privacy (S&P’’13). Google Scholar
Digital Library
- E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. 2013. Path ORAM: An extremely simple Oblivious RAM protocol. In Proc. of the 20th ACM Conference on Computer and Communications Security (CCS’13). Google Scholar
Digital Library
- W. Sun, B. Wang, N. Cao, M. Li, W. Lou, Y. T. Hou, and H. Li. 2013. Privacy-preserving multi-keyword text search in the cloud supporting similarity-based ranking. In Proc. of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS’13). Google Scholar
Digital Library
- C. Wang, N. Cao, J. Li, K. Ren, and W. Lou. 2010. Secure ranked keyword search over encrypted cloud data. In Proc. of the 30th International Conference on Distributed Computing Systems (ICDCS’10). Google Scholar
Digital Library
- C. Wang, N. Cao, K. Ren, and W. Lou. 2012. Enabling secure and efficient ranked keyword search over outsourced cloud data. IEEE Transactions on Parallel and Distributed Systems 23, 8 (2012), 1467--1479. Google Scholar
Digital Library
- H. Wang and L. V. S. Lakshmanan. 2006. Efficient secure query evaluation over encrypted XML databases. In Proc. of the 32nd International Conference on Very Large Data Bases (VLDB’06). Google Scholar
Digital Library
- S. Wang, D. Agrawal, and A. El Abbadi. 2011. A comprehensive framework for secure query processing on relational data in the cloud. In Proc. of the 8th International Conference on Secure Data Management (SDM’11). Google Scholar
Digital Library
- Z. F. Wang, W. Wang, and B. L. Shi. 2005. Storage and query over encrypted character and numerical data in database. In Proc. of the 5th International Conference on Computer and Information Technology (CIT’05). Google Scholar
Digital Library
- P. Williams, R. Sion, and B. Carbunar. 2008. Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In Proc. of the 15th ACM Conference on Computer and Communications Security (CCS’08). Google Scholar
Digital Library
- P. Williams, R. Sion, and A. Tomescu. 2012. PrivateFS: A parallel oblivious file system. In Proc. of the ACM Conference on Computer and Communications Security (CCS’12). Google Scholar
Digital Library
- K. Yang, J. Zhang, W. Zhang, and D. Qiao. 2011. A light-weight solution to preservation of access pattern privacy in un-trusted clouds. In Proc. of the 16th European Symposium on Research in Computer Security (ESORICS’11). Google Scholar
Digital Library
Index Terms
Shuffle Index: Efficient and Private Access to Outsourced Data
Recommendations
Practical Access Pattern Privacy by Combining PIR and Oblivious Shuffle
CIKM '19: Proceedings of the 28th ACM International Conference on Information and Knowledge ManagementWe consider the following secure data retrieval problem: a client outsources encrypted data blocks to a semi-trusted cloud server and later retrieves blocks without disclosing access patterns. Existing PIR and ORAM solutions suffer from serious ...
Efficient and Private Access to Outsourced Data
ICDCS '11: Proceedings of the 2011 31st International Conference on Distributed Computing SystemsAs the use of external storage and data processing services for storing and managing sensitive data becomes more and more common, there is an increasing need for novel techniques that support not only data confidentiality, but also confidentiality of ...
Enforcing authorizations while protecting access confidentiality1
Cloud computing is the reference paradigm to provide data storage and management in a convenient and scalable manner. However, moving data to the cloud raises several issues, including the confidentiality of data and of accesses that are no more under the ...








Comments