Enabling encrypted rich queries in distributed key-value stores

Yu Guo, Xingliang Yuan, Xinyu Wang, Cong Wang, Baochun Li, Xiaohua Jia

Research output: Contribution to journalArticleResearchpeer-review

Abstract

To accommodate massive digital data, distributed data stores have become the main solution for cloud services. Among others, key-value stores are widely adopted due to their superior performance. But with the rapid growth of cloud storage, there are growing concerns about data privacy. In this paper, we design and build EncKV, an encrypted and distributed key-value store with rich query support. First, EncKV partitions data records with secondary attributes into a set of encrypted key-value pairs to hide relations between data values. Second, EncKV uses the latest cryptographic techniques for searching on encrypted data, i.e., searchable symmetric encryption (SSE) and order-revealing encryption (ORE) to support secure exact-match and range-match queries, respectively. It further employs a framework for encrypted and distributed indexes supporting query processing in parallel. To address inference attacks on ORE, EncKV is equipped with an enhanced ORE scheme with reduced leakage. For practical considerations, EncKV also enables secure system scaling in a minimally intrusive way. We complete the prototype implementation and deploy it on Amazon Cloud. Experimental results confirm that EncKV preserves the efficiency and scalability of distributed key-value stores.

Original languageEnglish
Pages (from-to)1283-1297
Number of pages15
JournalIEEE Transactions on Parallel and Distributed Systems
Volume30
Issue number6
DOIs
Publication statusPublished - Jun 2019

Keywords

  • Encrypted Key-value Store
  • Order-revealing Encryption
  • Searchable Encryption

Cite this

Guo, Yu ; Yuan, Xingliang ; Wang, Xinyu ; Wang, Cong ; Li, Baochun ; Jia, Xiaohua. / Enabling encrypted rich queries in distributed key-value stores. In: IEEE Transactions on Parallel and Distributed Systems. 2019 ; Vol. 30, No. 6. pp. 1283-1297.
@article{f27202a055ae43d89117ee873a0c93e0,
title = "Enabling encrypted rich queries in distributed key-value stores",
abstract = "To accommodate massive digital data, distributed data stores have become the main solution for cloud services. Among others, key-value stores are widely adopted due to their superior performance. But with the rapid growth of cloud storage, there are growing concerns about data privacy. In this paper, we design and build EncKV, an encrypted and distributed key-value store with rich query support. First, EncKV partitions data records with secondary attributes into a set of encrypted key-value pairs to hide relations between data values. Second, EncKV uses the latest cryptographic techniques for searching on encrypted data, i.e., searchable symmetric encryption (SSE) and order-revealing encryption (ORE) to support secure exact-match and range-match queries, respectively. It further employs a framework for encrypted and distributed indexes supporting query processing in parallel. To address inference attacks on ORE, EncKV is equipped with an enhanced ORE scheme with reduced leakage. For practical considerations, EncKV also enables secure system scaling in a minimally intrusive way. We complete the prototype implementation and deploy it on Amazon Cloud. Experimental results confirm that EncKV preserves the efficiency and scalability of distributed key-value stores.",
keywords = "Encrypted Key-value Store, Order-revealing Encryption, Searchable Encryption",
author = "Yu Guo and Xingliang Yuan and Xinyu Wang and Cong Wang and Baochun Li and Xiaohua Jia",
year = "2019",
month = "6",
doi = "10.1109/TPDS.2018.2885519",
language = "English",
volume = "30",
pages = "1283--1297",
journal = "IEEE Transactions on Parallel and Distributed Systems",
issn = "1045-9219",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
number = "6",

}

Enabling encrypted rich queries in distributed key-value stores. / Guo, Yu; Yuan, Xingliang; Wang, Xinyu; Wang, Cong; Li, Baochun; Jia, Xiaohua.

In: IEEE Transactions on Parallel and Distributed Systems, Vol. 30, No. 6, 06.2019, p. 1283-1297.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Enabling encrypted rich queries in distributed key-value stores

AU - Guo, Yu

AU - Yuan, Xingliang

AU - Wang, Xinyu

AU - Wang, Cong

AU - Li, Baochun

AU - Jia, Xiaohua

PY - 2019/6

Y1 - 2019/6

N2 - To accommodate massive digital data, distributed data stores have become the main solution for cloud services. Among others, key-value stores are widely adopted due to their superior performance. But with the rapid growth of cloud storage, there are growing concerns about data privacy. In this paper, we design and build EncKV, an encrypted and distributed key-value store with rich query support. First, EncKV partitions data records with secondary attributes into a set of encrypted key-value pairs to hide relations between data values. Second, EncKV uses the latest cryptographic techniques for searching on encrypted data, i.e., searchable symmetric encryption (SSE) and order-revealing encryption (ORE) to support secure exact-match and range-match queries, respectively. It further employs a framework for encrypted and distributed indexes supporting query processing in parallel. To address inference attacks on ORE, EncKV is equipped with an enhanced ORE scheme with reduced leakage. For practical considerations, EncKV also enables secure system scaling in a minimally intrusive way. We complete the prototype implementation and deploy it on Amazon Cloud. Experimental results confirm that EncKV preserves the efficiency and scalability of distributed key-value stores.

AB - To accommodate massive digital data, distributed data stores have become the main solution for cloud services. Among others, key-value stores are widely adopted due to their superior performance. But with the rapid growth of cloud storage, there are growing concerns about data privacy. In this paper, we design and build EncKV, an encrypted and distributed key-value store with rich query support. First, EncKV partitions data records with secondary attributes into a set of encrypted key-value pairs to hide relations between data values. Second, EncKV uses the latest cryptographic techniques for searching on encrypted data, i.e., searchable symmetric encryption (SSE) and order-revealing encryption (ORE) to support secure exact-match and range-match queries, respectively. It further employs a framework for encrypted and distributed indexes supporting query processing in parallel. To address inference attacks on ORE, EncKV is equipped with an enhanced ORE scheme with reduced leakage. For practical considerations, EncKV also enables secure system scaling in a minimally intrusive way. We complete the prototype implementation and deploy it on Amazon Cloud. Experimental results confirm that EncKV preserves the efficiency and scalability of distributed key-value stores.

KW - Encrypted Key-value Store

KW - Order-revealing Encryption

KW - Searchable Encryption

UR - http://www.scopus.com/inward/record.url?scp=85058161892&partnerID=8YFLogxK

U2 - 10.1109/TPDS.2018.2885519

DO - 10.1109/TPDS.2018.2885519

M3 - Article

VL - 30

SP - 1283

EP - 1297

JO - IEEE Transactions on Parallel and Distributed Systems

JF - IEEE Transactions on Parallel and Distributed Systems

SN - 1045-9219

IS - 6

ER -