Secure partial encryption with adversarial functional dependency constraints in the database-as-a-service model

Boxiang Dong, Hui (Wendy) Wang

Research output: Contribution to journalArticleResearchpeer-review

Abstract

Cloud computing enables end-users to outsource their dataset and data management needs to a third-party service provider. One of the major security concerns of the outsourcing paradigm is how to protect sensitive information in the outsourced dataset. In some applications, only partial values are considered sensitive. In general, the sensitive information can be protected by encryption. However, data dependency constraints (together with the unencrypted data) in the outsourced data may serve as adversary knowledge and bring security vulnerabilities to the encrypted data. In this paper, we focus on functional dependency (FD), an important type of data dependency constraints, and study the security threats by the adversarial FDs. We design a practical scheme that can defend against the FD attack by encrypting a small amount of non-sensitive data (encryption overhead). We prove that finding the scheme that leads to the optimal encryption overhead is NP-complete, and design efficient heuristic algorithms, under the presence of one or multiple FDs. We design a secure query rewriting scheme that enables the service provider to answer various types of queries on the encrypted data with provable security guarantee. We extend our study to enforce security when there are conditional functional dependencies (CFDs) and data updates. We conduct an extensive set of experiments on two real-world datasets. The experiment results show that our heuristic approach brings small amounts of encryption overhead (at most 1% more than the optimal overhead), and enjoys a 10-time speedup compared with the optimal solution. Besides, our approach can reduce up to 90% of the encryption overhead of state-of-the-art solution.

Original languageEnglish
Pages (from-to)1-20
Number of pages20
JournalData and Knowledge Engineering
Volume116
DOIs
StatePublished - 1 Jul 2018

Fingerprint

Data base
Encryption
Experiment
Service provider
Query
Attack
NP-complete
Heuristic algorithm
End users
Optimal solution
Outsourcing
Data management
Cloud computing
Paradigm
Threat
Vulnerability
Guarantee
Heuristics

Keywords

  • Data outsourcing
  • Database management
  • Database-as-a-service
  • Management of integrity constraints
  • Security, integrity, and protection

Cite this

@article{058477c93fe544bf8cd8ef4a31ee7e88,
title = "Secure partial encryption with adversarial functional dependency constraints in the database-as-a-service model",
abstract = "Cloud computing enables end-users to outsource their dataset and data management needs to a third-party service provider. One of the major security concerns of the outsourcing paradigm is how to protect sensitive information in the outsourced dataset. In some applications, only partial values are considered sensitive. In general, the sensitive information can be protected by encryption. However, data dependency constraints (together with the unencrypted data) in the outsourced data may serve as adversary knowledge and bring security vulnerabilities to the encrypted data. In this paper, we focus on functional dependency (FD), an important type of data dependency constraints, and study the security threats by the adversarial FDs. We design a practical scheme that can defend against the FD attack by encrypting a small amount of non-sensitive data (encryption overhead). We prove that finding the scheme that leads to the optimal encryption overhead is NP-complete, and design efficient heuristic algorithms, under the presence of one or multiple FDs. We design a secure query rewriting scheme that enables the service provider to answer various types of queries on the encrypted data with provable security guarantee. We extend our study to enforce security when there are conditional functional dependencies (CFDs) and data updates. We conduct an extensive set of experiments on two real-world datasets. The experiment results show that our heuristic approach brings small amounts of encryption overhead (at most 1{\%} more than the optimal overhead), and enjoys a 10-time speedup compared with the optimal solution. Besides, our approach can reduce up to 90{\%} of the encryption overhead of state-of-the-art solution.",
keywords = "Data outsourcing, Database management, Database-as-a-service, Management of integrity constraints, Security, integrity, and protection",
author = "Boxiang Dong and Wang, {Hui (Wendy)}",
year = "2018",
month = "7",
day = "1",
doi = "10.1016/j.datak.2018.01.001",
language = "English",
volume = "116",
pages = "1--20",
journal = "Data and Knowledge Engineering",
issn = "0169-023X",
publisher = "Elsevier",

}

Secure partial encryption with adversarial functional dependency constraints in the database-as-a-service model. / Dong, Boxiang; Wang, Hui (Wendy).

In: Data and Knowledge Engineering, Vol. 116, 01.07.2018, p. 1-20.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - Secure partial encryption with adversarial functional dependency constraints in the database-as-a-service model

AU - Dong, Boxiang

AU - Wang, Hui (Wendy)

PY - 2018/7/1

Y1 - 2018/7/1

N2 - Cloud computing enables end-users to outsource their dataset and data management needs to a third-party service provider. One of the major security concerns of the outsourcing paradigm is how to protect sensitive information in the outsourced dataset. In some applications, only partial values are considered sensitive. In general, the sensitive information can be protected by encryption. However, data dependency constraints (together with the unencrypted data) in the outsourced data may serve as adversary knowledge and bring security vulnerabilities to the encrypted data. In this paper, we focus on functional dependency (FD), an important type of data dependency constraints, and study the security threats by the adversarial FDs. We design a practical scheme that can defend against the FD attack by encrypting a small amount of non-sensitive data (encryption overhead). We prove that finding the scheme that leads to the optimal encryption overhead is NP-complete, and design efficient heuristic algorithms, under the presence of one or multiple FDs. We design a secure query rewriting scheme that enables the service provider to answer various types of queries on the encrypted data with provable security guarantee. We extend our study to enforce security when there are conditional functional dependencies (CFDs) and data updates. We conduct an extensive set of experiments on two real-world datasets. The experiment results show that our heuristic approach brings small amounts of encryption overhead (at most 1% more than the optimal overhead), and enjoys a 10-time speedup compared with the optimal solution. Besides, our approach can reduce up to 90% of the encryption overhead of state-of-the-art solution.

AB - Cloud computing enables end-users to outsource their dataset and data management needs to a third-party service provider. One of the major security concerns of the outsourcing paradigm is how to protect sensitive information in the outsourced dataset. In some applications, only partial values are considered sensitive. In general, the sensitive information can be protected by encryption. However, data dependency constraints (together with the unencrypted data) in the outsourced data may serve as adversary knowledge and bring security vulnerabilities to the encrypted data. In this paper, we focus on functional dependency (FD), an important type of data dependency constraints, and study the security threats by the adversarial FDs. We design a practical scheme that can defend against the FD attack by encrypting a small amount of non-sensitive data (encryption overhead). We prove that finding the scheme that leads to the optimal encryption overhead is NP-complete, and design efficient heuristic algorithms, under the presence of one or multiple FDs. We design a secure query rewriting scheme that enables the service provider to answer various types of queries on the encrypted data with provable security guarantee. We extend our study to enforce security when there are conditional functional dependencies (CFDs) and data updates. We conduct an extensive set of experiments on two real-world datasets. The experiment results show that our heuristic approach brings small amounts of encryption overhead (at most 1% more than the optimal overhead), and enjoys a 10-time speedup compared with the optimal solution. Besides, our approach can reduce up to 90% of the encryption overhead of state-of-the-art solution.

KW - Data outsourcing

KW - Database management

KW - Database-as-a-service

KW - Management of integrity constraints

KW - Security, integrity, and protection

UR - http://www.scopus.com/inward/record.url?scp=85041594107&partnerID=8YFLogxK

U2 - 10.1016/j.datak.2018.01.001

DO - 10.1016/j.datak.2018.01.001

M3 - Article

VL - 116

SP - 1

EP - 20

JO - Data and Knowledge Engineering

JF - Data and Knowledge Engineering

SN - 0169-023X

ER -