TY - GEN
T1 - Private large-scale databases with distributed Searchable symmetric encryption
AU - Ishai, Yuval
AU - Kushilevitz, Eyal
AU - Lu, Steve
AU - Ostrovsky, Rafail
N1 - Publisher Copyright: © Springer International Publishing Switzerland 2016.
PY - 2016
Y1 - 2016
N2 - With the growing popularity of remote storage, the ability to outsource a large private database yet be able to search on this encrypted data is critical. Searchable symmetric encryption (SSE) is a practical method of encrypting data so that natural operations such as searching can be performed on this data. It can be viewed as an efficient private-key alternative to powerful tools such as fully homomorphic encryption, oblivious RAM, or secure multiparty computation. The main drawbacks of existing SSE schemes are the limited types of search available to them and their leakage. In this paper, we present a construction of a private outsourced database in the two-server model (e.g. two cloud services) which can be thought of as an SSE scheme on a B-tree that allows for a wide variety of search features such as range queries, substring queries, and more. Our solution can hide all leakage due to access patterns (“metadata”) between queries and features a tunable parameter that provides a smooth tradeoff between privacy and efficiency. This allows us to implement a solution that supports databases which are terabytes in size and contain millions of records with only a 5× slowdown compared to MySQL when the query result size is around 10% of the database, though the fixed costs dominate smaller queries resulting in over 100× relative slowdown (under 1 s actual). In addition, our solution also provides a mechanism for allowing data owners to set filters that prevent prohibited queries from returning any results, without revealing the filtering terms. Finally, we also present the benchmarks of our prototype implementation.
AB - With the growing popularity of remote storage, the ability to outsource a large private database yet be able to search on this encrypted data is critical. Searchable symmetric encryption (SSE) is a practical method of encrypting data so that natural operations such as searching can be performed on this data. It can be viewed as an efficient private-key alternative to powerful tools such as fully homomorphic encryption, oblivious RAM, or secure multiparty computation. The main drawbacks of existing SSE schemes are the limited types of search available to them and their leakage. In this paper, we present a construction of a private outsourced database in the two-server model (e.g. two cloud services) which can be thought of as an SSE scheme on a B-tree that allows for a wide variety of search features such as range queries, substring queries, and more. Our solution can hide all leakage due to access patterns (“metadata”) between queries and features a tunable parameter that provides a smooth tradeoff between privacy and efficiency. This allows us to implement a solution that supports databases which are terabytes in size and contain millions of records with only a 5× slowdown compared to MySQL when the query result size is around 10% of the database, though the fixed costs dominate smaller queries resulting in over 100× relative slowdown (under 1 s actual). In addition, our solution also provides a mechanism for allowing data owners to set filters that prevent prohibited queries from returning any results, without revealing the filtering terms. Finally, we also present the benchmarks of our prototype implementation.
KW - Private cloud computing
KW - Searchable symmetric encryption
KW - Secure databases
UR - http://www.scopus.com/inward/record.url?scp=84958981535&partnerID=8YFLogxK
U2 - https://doi.org/10.1007/978-3-319-29485-8_6
DO - https://doi.org/10.1007/978-3-319-29485-8_6
M3 - منشور من مؤتمر
SN - 9783319294841
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 90
EP - 107
BT - Topics in Cryptology - The Cryptographers Track at the RSA Conference, CT-RSA 2016
A2 - Sako, Kazue
T2 - International Conference on Topics in Cryptology, CT-RSA 2016
Y2 - 29 February 2016 through 4 March 2016
ER -