Abstract
The fact that the data owners outsource their data to external service providers introduces many security and privacy issues. Among them, the most significant research questions relate to data confidentiality and user privacy. Encryption was regarded as a solution for data confidentiality. The privacy of a user is characterized by the query he poses to the server and its result. We explore the techniques to execute the SQL query over the encrypted data without revealing to the server any information about the query such as the query type or the query pattern, and its result. By implementing all the relational operators by using the unique selection operator on the server-side database with a constant number of elements in each time of selection, our proposal can defeat against the statistical attacks of the untrusted server compromising data confidentiality and user privacy. Experimental evaluation demonstrates that our proposal less affects the system’s performance and is applicable in the real world.
Chapter PDF
Similar content being viewed by others
References
Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 4th edn. Addison-Wesley (2004) ISBN 0-321-12226-7
Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD, pp. 216–227 (2002)
Sion, R.: Towards Secure Data Outsourcing. In: Handbook of Database Security, pp. 137–161 (2008)
Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proc. of ACM SIGMOD 2004, France (2004)
Boyens, C., Gunter, O.: Using online services in untrusted environments – a privacy-preserving architecture. In: Proc. of the 11th European Conference on Information Systems (ECIS 2003), Italy (2003)
Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Authenticated Index Structures for Aggregation queries in Outsourced Databases, Technical Report BUCS-TR-2006-011 (2006)
TPC-H. Benchmark Specification, http://www.tpc.org
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Over-encryption: Management of Access Control Evolution on Outsourced Data. In: VLDB, pp. 123–134 (2007)
Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proc. of the ACM CCS, Alexandria, VA, USA (2005)
Hue, T.B.P., Luyen, G.N., Kha, N.D., Wohlgemuth, S., Echizen, I., Thuc, D.N., Thuy, T.B.D.: An Efficient Fine-grained Access Control Mechanism for Database Outsourcing Service. In: Proc. of the Int. Conf. on Information Security and Intelligent Control (ISIC 2012), pp. 67–71. IEEE Computer Society Press, Taiwan (2012) ISBN 978-4673-2586-8
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 International Federation for Information Processing
About this paper
Cite this paper
Hue, T.B.P., Thuc, D.N., Thuy, T.B.D., Echizen, I., Wohlgemuth, S. (2013). A User Privacy Protection Technique for Executing SQL over Encrypted Data in Database Outsourcing Service. In: Douligeris, C., Polemi, N., Karantjias, A., Lamersdorf, W. (eds) Collaborative, Trusted and Privacy-Aware e/m-Services. I3E 2013. IFIP Advances in Information and Communication Technology, vol 399. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37437-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-37437-1_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37436-4
Online ISBN: 978-3-642-37437-1
eBook Packages: Computer ScienceComputer Science (R0)