Long White Cloud (LWC): a practical and privacy-preserving outsourced database

Shujie Cui, Ming Zhang, Muhammad Rizwan Asghar, Giovanni Russello

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

To fully benefit from a cloud storage approach, privacy in outsourced databases needs to be preserved in order to protect information about individuals and organisations from malicious cloud providers. As shown in recent studies [1, 2], encryption alone is insufficient to prevent a malicious cloud provider from analysing data access patterns and mounting statistical inference attacks on encrypted databases. In order to thwart such attacks, actions performed on outsourced databases need to be oblivious to cloud service providers. Approaches, such as Fully Homomorphic Encryption (FHE), Oblivious RAM (ORAM), or Secure Multi-Party Computation (SMC) have been proposed but they are still not practical. This paper investigates and proposes a practical privacy-preserving scheme, named Long White Cloud (LWC), for outsourced databases with a focus on providing security against statistical inferences. Performance is a key issue in the search and retrieval of encrypted databases. LWC supports logarithmic-time insert, search and delete queries executed by outsourced databases with minimised information leakage to curious cloud service providers. As a proof-of-concept, we have implemented LWC and compared it with a plaintext MySQL database: even with a database size of 10M records, our approach shows only a 10-time slowdown factor.

Original languageEnglish
Title of host publicationInformation Security Theory and Practice
Subtitle of host publication11th IFIP WG 11.2 International Conference, WISTP 2017 Heraklion, Crete, Greece, September 28–29, 2017 Proceedings
EditorsErnesto Damiani, Gerhard P. Hancke
Place of PublicationCham Switzerland
PublisherSpringer
Pages41-55
Number of pages15
ISBN (Electronic)9783319935249
ISBN (Print)9783319935232
DOIs
Publication statusPublished - 2018
Externally publishedYes
EventWorkshop in Information Security Theory and Practices 2017 - Heraklion, Greece
Duration: 28 Sept 201729 Sept 2017
Conference number: 11th
https://link.springer.com/book/10.1007/978-3-319-93524-9 (Proceedings)

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume10741
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceWorkshop in Information Security Theory and Practices 2017
Abbreviated titleWISTP 2017
Country/TerritoryGreece
CityHeraklion
Period28/09/1729/09/17
Internet address

Cite this