The Strength of Weak Randomization: Easily Deployable, Efficiently Searchable Encryption with Minimal Leakage
Title | The Strength of Weak Randomization: Easily Deployable, Efficiently Searchable Encryption with Minimal Leakage |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Pouliot, David, Griffy, Scott, Wright, Charles V. |
Conference Name | 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
Date Published | jun |
Keywords | cloud computing, composability, computer security, cryptography, data privacy, deployable database encryption scheme, document handling, document management systems, encrypted data, Encryption, Entropy, Human Behavior, inference attacks, legacy service, Metrics, outsourcing, probability, pubcrawl, relational database engine, relational database security, relational databases, resilience, Resiliency, searchable database encryption scheme, Searchable encryption, Servers, Standards, untrusted service, weak randomization |
Abstract | Efficiently searchable and easily deployable encryption schemes enable an untrusted, legacy service such as a relational database engine to perform searches over encrypted data. The ease with which such schemes can be deployed on top of existing services makes them especially appealing in operational environments where encryption is needed but it is not feasible to replace large infrastructure components like databases or document management systems. Unfortunately all previously known approaches for efficiently searchable and easily deployable encryption are vulnerable to inference attacks where an adversary can use knowledge of the distribution of the data to recover the plaintext with high probability. We present a new efficiently searchable, easily deployable database encryption scheme that is provably secure against inference attacks even when used with real, low-entropy data. We implemented our constructions in Haskell and tested databases up to 10 million records showing our construction properly balances security, deployability and performance. |
DOI | 10.1109/DSN.2019.00059 |
Citation Key | pouliot_strength_2019 |
- Metrics
- weak randomization
- untrusted service
- standards
- Servers
- searchable encryption
- searchable database encryption scheme
- Resiliency
- resilience
- relational databases
- relational database security
- relational database engine
- pubcrawl
- probability
- outsourcing
- Cloud Computing
- legacy service
- inference attacks
- Human behavior
- Entropy
- encryption
- encrypted data
- document management systems
- document handling
- deployable database encryption scheme
- data privacy
- Cryptography
- computer security
- composability