Title | A Practical and Secure Stateless Order Preserving Encryption for Outsourced Databases |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Shen, Ning, Yeh, Jyh-Haw, Sun, Hung-Min, Chen, Chien-Ming |
Conference Name | 2021 IEEE 26th Pacific Rim International Symposium on Dependable Computing (PRDC) |
Keywords | Databases, Encryption, Estimation, Human Behavior, Metrics, Non-deterministic OPE, Order Preserving Encryption, outsourced database security, pubcrawl, Range Query over Encrypted Databases, resilience, Resiliency, Scalability, Sorting |
Abstract | Order-preserving encryption (OPE) plays an important role in securing outsourced databases. OPE schemes can be either Stateless or Stateful. Stateful schemes can achieve the ideal security of order-preserving encryption, i.e., "reveal no information about the plaintexts besides order." However, comparing to stateless schemes, stateful schemes require maintaining some state information locally besides encryption keys and the ciphertexts are mutable. On the other hand, stateless schemes only require remembering encryption keys and thus is more efficient. It is a common belief that stateless schemes cannot provide the same level of security as stateful ones because stateless schemes reveal the relative distance among their corresponding plaintext. In real world applications, such security defects may lead to the leakage of statistical and sensitive information, e.g., the data distribution, or even negates the whole encryption. In this paper, we propose a practical and secure stateless order-preserving encryption scheme. With prior knowledge of the data to be encrypted, our scheme can achieve IND-CCPA (INDistinguishability under Committed ordered Chosen Plaintext Attacks) security for static data set. Though the IND-CCPA security can't be met for dynamic data set, our new scheme can still significantly improve the security in real world applications. Along with the encryption scheme, in this paper we also provide methods to eliminate access pattern leakage in communications and thus prevents some common attacks to OPE schemes in practice. |
DOI | 10.1109/PRDC53464.2021.00025 |
Citation Key | shen_practical_2021 |