Abstract
To fully benefit from a cloud storage approach, privacy in outsourced databases needs to be preserved in order to protect information about individuals and organisations from malicious cloud providers. As shown in recent studies [1, 2], encryption alone is insufficient to prevent a malicious cloud provider from analysing data access patterns and mounting statistical inference attacks on encrypted databases. In order to thwart such attacks, actions performed on outsourced databases need to be oblivious to cloud service providers. Approaches, such as Fully Homomorphic Encryption (FHE), Oblivious RAM (ORAM), or Secure Multi-Party Computation (SMC) have been proposed but they are still not practical. This paper investigates and proposes a practical privacy-preserving scheme, named Long White Cloud (LWC), for outsourced databases with a focus on providing security against statistical inferences. Performance is a key issue in the search and retrieval of encrypted databases. LWC supports logarithmic-time insert, search and delete queries executed by outsourced databases with minimised information leakage to curious cloud service providers. As a proof-of-concept, we have implemented LWC and compared it with a plaintext MySQL database: even with a database size of 10M records, our approach shows only a 10-time slowdown factor.
Original language | English |
---|---|
Title of host publication | Information Security Theory and Practice |
Subtitle of host publication | 11th IFIP WG 11.2 International Conference, WISTP 2017 Heraklion, Crete, Greece, September 28–29, 2017 Proceedings |
Editors | Ernesto Damiani, Gerhard P. Hancke |
Place of Publication | Cham Switzerland |
Publisher | Springer |
Pages | 41-55 |
Number of pages | 15 |
ISBN (Electronic) | 9783319935249 |
ISBN (Print) | 9783319935232 |
DOIs | |
Publication status | Published - 2018 |
Externally published | Yes |
Event | Workshop in Information Security Theory and Practices 2017 - Heraklion, Greece Duration: 28 Sept 2017 → 29 Sept 2017 Conference number: 11th https://link.springer.com/book/10.1007/978-3-319-93524-9 (Proceedings) |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 10741 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Workshop in Information Security Theory and Practices 2017 |
---|---|
Abbreviated title | WISTP 2017 |
Country/Territory | Greece |
City | Heraklion |
Period | 28/09/17 → 29/09/17 |
Internet address |
|