research-article

Database encryption: an overview of contemporary challenges and design considerations

Authors:

Ronen Vaisenberg,

Chanan GlezerAuthors Info & Claims

ACM SIGMOD Record, Volume 38, Issue 3

Pages 29 - 34

https://doi.org/10.1145/1815933.1815940

Published: 15 December 2010 Publication History

Abstract

This article describes the major challenges and design considerations pertaining to database encryption. The article first presents an attack model and the main relevant challenges of data security, encryption overhead, key management, and integration footprint. Next, the article reviews related academic work on alternative encryption configurations pertaining to encryption locus; indexing encrypted data; and key management. Finally, the article concludes with a benchmark using the following design criteria: encryption configuration, encryption granularity and keys storage.

References

[1]

Fernandez EB, Summers RC, Wood C (1980) Database Security and Integrity. Addison-Wesley, Massachusetts.

Digital Library

[2]

Min-Shiang H, Wei-Pang Y (1997) Multilevel Secure Database Encryption with Subkeys. Data and Knowledge Engineering 22, 117--131.

Digital Library

[3]

Bouganim L, Pucheral P (2002) Chip-secured data access: confidential data on untrusted servers. The 28th Int. Conference on Very Large Data Bases, Hong Kong, China, pp. 131--142.

Digital Library

[4]

Elovici Y, Waisenberg R, Shmueli E, Gudes E (2004) A Structure Preserving Database Encryption Scheme. SDM 2004, Workshop on Secure Data Management, Toronto, Canada, August.

[5]

Vingralek R (2002) Gnatdb: A small-footprint, secure database system. The 28th Int'l Conference on Very Large Databases, Hong Kong, China, August, pp. 884--893.

Digital Library

[6]

Bertino E, Ferrari E (2002) Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security, 5(3), 290--331.

Digital Library

[7]

Kamp PH (2003) GBDE -- GEOM based disk encryption Source. BSDCon '03, pp. 57--68.

Digital Library

[8]

Davida GI, Wells DL, Kam JB (1981) A Database Encryption System with subkeys. ACM Trans. Database Syst. 6, 312--328.

Digital Library

[9]

Buehrer D, Chang C (1991) A cryptographic mechanism for sharing databases. The International Conference on Information & Systems. Hangzhou, China, pp. 1039--1045.

[10]

Chang C, Chan CW (2003) A Database Record Encryption Scheme Using RSA Public Key Cryptosystem and Its Master Keys. The international conference on Computer networks and mobile computing.

Digital Library

[11]

Shmueli E, Waisenberg R, Elovici Y, Gudes E (2005) Designing secure indexes for encrypted databases. Proceedings of Data and Applications Security, 19th Annual IFIP WG 11.3 Working Conference, USA.

Digital Library

[12]

Kühn U (2006) Analysis of a Database and Index Encryption Scheme -- Problems and Fixes. Secure Data Management.

Digital Library

[13]

Merhotra S, Gore B (2009) A Middleware approach for managing and of outsourced personal data, NSF Workshop on Data and Application Security, Arlignton, Virginia, February 2009.

[14]

Hacigümüs H, Iyer B, Li C, Mehrotra S (2002) Executing SQL over encrypted data in the database-service-provider model. The ACM SIGMOD'2002, Madison, WI, USA.

Digital Library

[15]

Song DX, Wagner D, Perrig A (2000) Practical Techniques for Searches on Encrypted Data. The 2000 IEEE Security and Privacy Symposium, May.

Digital Library

[16]

Bayer R, Metzger JK (1976) On the Encipherment of Search Trees and Random Access Files. ACM Trans Database Systems, 1, 37--52.

Digital Library

[17]

Damiani E, De Capitani diVimercati S, Jajodia S, Paraboschi S, Samarati P (2003) Balancing Confidentiality and Efficiency in Untrusted Relational DBMSs. CCS03, Washington, pp. 27--31.

Digital Library

[18]

Iyer B, Mehrotra S, Mykletun E, Tsudik G, Wu Y (2004) A Framework for Efficient Storage Security in RDBMS. E. Bertino et al. (Eds.): EDBT 2004, LNCS 2992, pp. 147--164.

[19]

Boneh D, Crescenzo GD, Ostrovsky R, Persiano G (2004) Public Key Encryption with Keyword Search. Encrypt 2004, LNCS 3027. pp. 506--522.

[20]

Agrawal R, Kiernan J, Srikant R, Xu Y (2004) Order Preserving Encryption for Numeric Data. The ACM SIGMOD'2004, Paris, France.

Digital Library

[21]

He J, Wang M (2001) Cryptography and Relational Database Management Systems, Proceedings of IEEE Symposium on the International Database Engineering & Applications, Washington, DC, USA.

Digital Library

[22]

Chen G, Chen K, Dong J (2006) A Database Encryption Scheme for Enhanced Security and Easy Sharing. CSCWD'06, IEEE Proceedings, IEEE Computer Society, Los Alamitos. CA, pp. 1--6.

[23]

The Forrester Wave: Database Encryption Solutions, Q3 2005.

Cited By

Wu HZhu XHu W(2024)A Blockchain System for Clustered Federated Learning with Peer-to-Peer Knowledge TransferProceedings of the VLDB Endowment10.14778/3641204.364120817:5(966-979)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.14778/3641204.3641208
Lewis TSundaram AAl Rashdan AAbdel-Khalik H(2024)Securing Anomaly Detection for Process-Based Time SeriesNuclear Science and Engineering10.1080/00295639.2024.2360313(1-19)Online publication date: 15-Jul-2024
https://doi.org/10.1080/00295639.2024.2360313
Lin BWang HJin PFang X(2024)HybridHash: An Efficient Hash Index for Encrypted DatabasesAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5609-4_4(43-54)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1007/978-981-97-5609-4_4
Show More Cited By

Index Terms

Database encryption: an overview of contemporary challenges and design considerations
1. Information systems
  1. Data management systems
    1. Database administration

Recommendations

A Generic Scheme of plaintext-checkable database encryption

Database encryption is essential for cloud database systems. For a large database, decryption could take a lot of computational time. Therefore, verifying an encryption that contains a correct plaintext without decryption becomes significant for a large ...
A new public-key encryption scheme

This paper proposes a new public-key encryption scheme which removes one element from the public-key tuple of the original Cramer-Shoup scheme. As a result, a ciphertext is not a quadruple but a triple at the cost of a strong assumption, the third ...
Modular Order-Preserving Encryption, Revisited
SIGMOD '15: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data

Order-preserving encryption (OPE) schemes, whose ciphertexts preserve the natural ordering of the plaintexts, allow efficient range query processing over outsourced encrypted databases without giving the server access to the decryption key. Such schemes ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGMOD Record

ACM SIGMOD Record Volume 38, Issue 3

September 2009

47 pages

ISSN:0163-5808

DOI:10.1145/1815933

Issue’s Table of Contents

Copyright © 2010 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 December 2010

Published in SIGMOD Volume 38, Issue 3

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

41
Total Citations
View Citations
2,433
Total Downloads

Downloads (Last 12 months)117
Downloads (Last 6 weeks)15

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wu HZhu XHu W(2024)A Blockchain System for Clustered Federated Learning with Peer-to-Peer Knowledge TransferProceedings of the VLDB Endowment10.14778/3641204.364120817:5(966-979)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.14778/3641204.3641208
Lewis TSundaram AAl Rashdan AAbdel-Khalik H(2024)Securing Anomaly Detection for Process-Based Time SeriesNuclear Science and Engineering10.1080/00295639.2024.2360313(1-19)Online publication date: 15-Jul-2024
https://doi.org/10.1080/00295639.2024.2360313
Lin BWang HJin PFang X(2024)HybridHash: An Efficient Hash Index for Encrypted DatabasesAdvanced Intelligent Computing Technology and Applications10.1007/978-981-97-5609-4_4(43-54)Online publication date: 5-Aug-2024
https://dl.acm.org/doi/10.1007/978-981-97-5609-4_4
Semantha FAzam SShanmugam BYeo K(2023)PbDinEHR: A Novel Privacy by Design Developed Framework Using Distributed Data Storage and Sharing for Secure and Scalable Electronic Health Records ManagementJournal of Sensor and Actuator Networks10.3390/jsan1202003612:2(36)Online publication date: 13-Apr-2023
https://doi.org/10.3390/jsan12020036
Lin BDu HJin PFang X(2023)PreIndex: A Simple But Efficient Tree Index for Encrypted Databases2023 2nd International Conference on Sensing, Measurement, Communication and Internet of Things Technologies (SMC-IoT)10.1109/SMC-IoT62253.2023.00014(35-39)Online publication date: 29-Dec-2023
https://doi.org/10.1109/SMC-IoT62253.2023.00014
Ryandika DPrabowo W(2023)Two-Stage Encryption for Strengthening Data Security in Web-Based Databases: AES-256 and RSA Integration2023 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT)10.1109/COMNETSAT59769.2023.10420796(486-492)Online publication date: 23-Nov-2023
https://doi.org/10.1109/COMNETSAT59769.2023.10420796
Adak MKose ZAkpinar M(2023)Dynamic Data Masking by Two-Step Encryption2023 Innovations in Intelligent Systems and Applications Conference (ASYU)10.1109/ASYU58738.2023.10296545(1-5)Online publication date: 11-Oct-2023
https://doi.org/10.1109/ASYU58738.2023.10296545
Xiang SRuan GLi HHe J(2022)Robust watermarking of databases in order-preserving encrypted domainFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-020-0112-z16:2Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s11704-020-0112-z
Tewari STewari NJoshi M(2022)Utilizing Technology and Management of Fog ComputingCyber Technologies and Emerging Sciences10.1007/978-981-19-2538-2_49(477-483)Online publication date: 30-Aug-2022
https://doi.org/10.1007/978-981-19-2538-2_49
Sifah EXia QXia HAgyekum KAcheampong KCobblah CGao J(2021)Selective Sharing of Outsourced Encrypted Data in Cloud EnvironmentsIEEE Internet of Things Journal10.1109/JIOT.2021.30682268:18(14141-14155)Online publication date: 15-Sep-2021
https://doi.org/10.1109/JIOT.2021.3068226
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents