Secure Queries on Encrypted Multi-writer Tables

2017 IEEE European Symposium on Security and Privacy (EuroS&P) Pub Date : 2017-04-01 DOI:10.1109/EuroSP.2017.20

A. Perillo, G. Persiano, Alberto Trombetta

{"title":"Secure Queries on Encrypted Multi-writer Tables","authors":"A. Perillo, G. Persiano, Alberto Trombetta","doi":"10.1109/EuroSP.2017.20","DOIUrl":null,"url":null,"abstract":"Performing searches on encrypted data is a verycurrent and active area. Several efficient solutions have beenprovided for the single-writer scenario in which all sensitivedata originates with one party (the Data Owner) that encryptsit and uploads it to a public repository. Subsequently, theData Owner (or authorized clients, the Query Sources) perform queries on the encrypted data through a QueryProcessor which has direct access to the public repository. Motivated by the recent trend in pervasive data, we departfrom this model and consider a multi-writer scenario inwhich data originates with several and mutually untrustedparties. In this new scenario the Data Owner providespublic parameters so that each piece of the generated datastream can be put into an encrypted stream, moreover, the Data Owner keeps some related secret informationneeded to generate tokens so that different subscribers canaccess different subsets of the encrypted stream in clear. Weconsider the case in which each piece of the data streamconsists of a fixed number of cells, organized in columns, and the data owner can authorize subscribers to accessindividual data based on the content of the columns. Currentpublic-key functional encryption schemes provide a directand impractical implementation of this scenario. We thus propose a new public-key primitive, Amortized Or-thogonality Encryption or AOE, derived from Inner-ProductEncryption, that can be used to encrypt each piece ofdata stream so that ciphertexts have size proportional tothe un-encrypted data, moreover, encryption and decryptiontake time proportional to the number of columns. Previousschemes would give quadratic complexity. We provide aconstruction of AOE and prove its selective security understandard assumptions in a bilinear setting with prime ordergroup. Using AOE, we implement all the basic operations inour multi-writer scenario in one round of communication. Wedemonstrate the feasibility and effectiveness of our proposalby providing an implementation of our scenario in C++.","PeriodicalId":233564,"journal":{"name":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","volume":"38 3","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE European Symposium on Security and Privacy (EuroS&P)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSP.2017.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Performing searches on encrypted data is a verycurrent and active area. Several efficient solutions have beenprovided for the single-writer scenario in which all sensitivedata originates with one party (the Data Owner) that encryptsit and uploads it to a public repository. Subsequently, theData Owner (or authorized clients, the Query Sources) perform queries on the encrypted data through a QueryProcessor which has direct access to the public repository. Motivated by the recent trend in pervasive data, we departfrom this model and consider a multi-writer scenario inwhich data originates with several and mutually untrustedparties. In this new scenario the Data Owner providespublic parameters so that each piece of the generated datastream can be put into an encrypted stream, moreover, the Data Owner keeps some related secret informationneeded to generate tokens so that different subscribers canaccess different subsets of the encrypted stream in clear. Weconsider the case in which each piece of the data streamconsists of a fixed number of cells, organized in columns, and the data owner can authorize subscribers to accessindividual data based on the content of the columns. Currentpublic-key functional encryption schemes provide a directand impractical implementation of this scenario. We thus propose a new public-key primitive, Amortized Or-thogonality Encryption or AOE, derived from Inner-ProductEncryption, that can be used to encrypt each piece ofdata stream so that ciphertexts have size proportional tothe un-encrypted data, moreover, encryption and decryptiontake time proportional to the number of columns. Previousschemes would give quadratic complexity. We provide aconstruction of AOE and prove its selective security understandard assumptions in a bilinear setting with prime ordergroup. Using AOE, we implement all the basic operations inour multi-writer scenario in one round of communication. Wedemonstrate the feasibility and effectiveness of our proposalby providing an implementation of our scenario in C++.

查看原文本刊更多论文

加密多写表上的安全查询

对加密数据执行搜索是一个非常流行和活跃的领域。对于单写入器场景，已经提供了几个有效的解决方案，其中所有敏感数据都起源于一方(数据所有者)，该方加密并将其上传到公共存储库。随后，数据所有者(或授权客户端，即查询源)通过QueryProcessor对加密数据执行查询，QueryProcessor可以直接访问公共存储库。受最近普遍数据趋势的影响，我们脱离了这个模型，考虑了一个多作者的场景，其中数据来源于几个相互不信任的方。在这个新场景中，数据所有者提供了公共参数，以便生成的数据流的每个片段都可以放入加密流中，此外，数据所有者保留了生成令牌所需的一些相关秘密信息，以便不同的订阅者可以清楚地访问加密流的不同子集。我们考虑这样一种情况:数据流的每个部分由固定数量的单元格组成，按列组织，数据所有者可以根据列的内容授权订阅者访问单个数据。当前的公钥功能加密方案提供了这种场景的直接且不切实际的实现。因此，我们提出了一种新的公钥原语，Amortized or -thogonality Encryption (AOE)，它源自于内部生产加密，可用于加密每个数据流，使密文的大小与未加密的数据成正比，而且，加密和解密所需的时间与列数成正比。以前的方案会给出二次复杂度。在双线性素数序群环境下，给出了AOE的构造，并证明了它的选择性安全欠标准假设。使用AOE，我们在一轮通信中实现了多写入器场景中的所有基本操作。我们通过在c++中提供我们的场景的实现来证明我们的提议的可行性和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 IEEE European Symposium on Security and Privacy (EuroS&P)

自引率

0.00%

发文量