Outsourced Database Security - The growing power of cloud computing prompts data owners to outsource their databases to the cloud. In order to meet the demand of multi-dimensional data processing in big data era, multi-dimensional range queries, especially over cloud platform, have received extensive attention in recent years. However, since the third-party clouds are not fully trusted, it is popular for the data owners to encrypt sensitive data before outsourcing. It promotes the research of encrypted data retrieval. Nevertheless, most existing works suffer from single-dimensional privacy leakage which would severely put the data at risk. Up to now, although a few existing solutions have been proposed to handle the problem of single-dimensional privacy, they are unsuitable in some practical scenarios due to inefficiency, inaccuracy, and lack of support for diverse data. Aiming at these issues, this paper mainly focuses on the secure range query over encrypted data. We first propose an efficient and private range query scheme for encrypted data based on homomorphic encryption, which can effectively protect data privacy. By using the dualserver model as the framework of the system, we not only achieve multi-dimensional privacy-preserving range query but also innovatively realize similarity search based on MinHash over ciphertext domains. Then we perform formal security analysis and evaluate our scheme on real datasets. The result shows that our proposed scheme is efficient and privacy-preserving. Moreover, we apply our scheme to a shopping website. The low latency demonstrates that our proposed scheme is practical.
Authored by Wentao Wang, Yuxuan Jin, Bin Cao
Personalized Outsourced Privacy-preserving Database Updates for Crowd-sensed Dynamic Spectrum Access
Outsourced Database Security - Dynamic Spectrum Access (DSA) paradigm enabled through Cognitive Radio (CR) appliances is extremely well suited to solve the spectrum shortage problem. Crowd-sensing has been effectively used for dynamic spectrum access sensing by leveraging the power of the masses. Specifically in the DSA context, crowd-sensing allows end users to query a DSA database which is updated through crowd-sensing workers. Despite recent research proposals that address the privacy and confidentiality concerns of the querying user and crowd-sensing workers, personalized privacy-preserving database updates through crowdsensing workers remains an open problem. To this end we propose a personalized privacy-preserving database update scheme for the crowd-sensing model based on lightweight homomorphic encryption. We provide substantial experiments based on reallife mobility data sets which show that the proposed protocol provides realistic efficiency and security.
Authored by Laura Truong, Erald Troja, Nikhil Yadav, Syed Bukhari, Mehrdad Aliasgari
Outsourced Database Security - With the rapid development of information technology, it becomes more and more popular for the use of electronic information systems in medical institutions. To protect the confidentiality of private EHRs, attribute-based encryption (ABE) schemes that can provide one-to-many encryption are often used as a solution. At the same time, blockchain technology makes it possible to build distributed databases without relying on trusted third-party institutions. This paper proposes a secure and efficient attribute-based encryption with outsourced decryption scheme based on blockchain, which can realize flexible and fine-grained access control and further improve the security of blockchain data sharing.
Authored by Fugeng Zeng, Qigang Deng, Dongxiu Wang
Outsourced Database Security - Efficient sequencing methods produce a large amount of genetic data, and make it accessible to researchers. This leads genomics to be considered a legitimate big data field. Hence, outsourcing data to the cloud is necessary as the genomic dataset is large. Data owners encrypt sensitive data before outsourcing to maintain data confidentiality and outsourcing aids data owners in resolving the issue of local storage management. Because genomic data is so enormous, safely and effectively performing researchers’ queries is challenging. In this paper, we propose a method, PRESSGenDB, for securely performing string and substring searches on the encrypted genomic sequences dataset. We leverage searchable symmetric encryption (SSE) and design a new method to handle these queries. In comparison to the state-of-the-art methods, PRESSGenDB supports various types of queries over genomic sequences such as string search and substring searches with and without a given requested start position. Moreover, it supports strings of alphabets as sequences rather than just a binary sequence of 0, 1s. It can search for substrings (patterns) over a whole dataset of genomic sequences rather than just one sequence. Furthermore, by comparing PRESSGenDB’s search complexity analytically with the state-ofthe-art, we show that it outperforms the recent efficient works.
Authored by Sara Jafarbeiki, Amin Sakzad, Shabnam Kermanshahi, Ron Steinfeld, Raj Gaire
Outsourced Database Security - Verifiable Dynamic Searchable Symmetric Encryption (VDSSE) enables users to securely outsource databases (document sets) to cloud servers and perform searches and updates. The verifiability property prevents users from accepting incorrect search results returned by a malicious server. However, we discover that the community currently only focuses on preventing malicious behavior from the server but ignores incorrect updates from the client, which are very likely to happen since there is no record on the client to check. Indeed most existing VDSSE schemes are not sufficient to tolerate incorrect updates from the client. For instance, deleting a nonexistent keyword-identifier pair can break their correctness and soundness.
Authored by Dandan Yuan, Shujie Cui, Giovanni Russello
Outsourced Database Security - Applications today rely on cloud databases for storing and querying time-series data. While outsourcing storage is convenient, this data is often sensitive, making data breaches a serious concern. We present Waldo, a time-series database with rich functionality and strong security guarantees: Waldo supports multi-predicate filtering, protects data contents as well as query filter values and search access patterns, and provides malicious security in the 3-party honest-majority setting. In contrast, prior systems such as Timecrypt and Zeph have limited functionality and security: (1) these systems can only filter on time, and (2) they reveal the queried time interval to the server. Oblivious RAM (ORAM) and generic multiparty computation (MPC) are natural choices for eliminating leakage from prior work, but both of these are prohibitively expensive in our setting due to the number of roundtrips and bandwidth overhead, respectively. To minimize both, Waldo builds on top of function secret sharing, enabling Waldo to evaluate predicates non-interactively. We develop new techniques for applying function secret sharing to the encrypted database setting where there are malicious servers, secret inputs, and chained predicates. With 32-core machines, Waldo runs a query with 8 range predicates over 218 records in 3.03s, compared to 12.88s for an MPC baseline and 16.56s for an ORAM baseline. Compared to Waldo, the MPC baseline uses 9 − 82× more bandwidth between servers (for different numbers of records), while the ORAM baseline uses 20 − 152× more bandwidth between the client and server(s) (for different numbers of predicates).
Authored by Emma Dauterman, Mayank Rathee, Raluca Popa, Ion Stoica
Outsourced Database Security - The outsourced data inside the data dispersion middle server are calm and unsecure when compared with the current methods and security measures. Lost in Client get to benefits control tends to unsecure data sharing inside the stockroom. Existing Login affirmation is executed by utilizing extraordinary username and mystery word as substance organize. But this system faces colossal challenges from software engineers; organize interlopers or irregular works out where people can get the user’s mystery word easily by a number of hacking techniques. In this way, this paper proposes the system for multilevel secured login confirmation system utilizing OTP, picture hotspot security and capture methodologies. The building for picture hot spot is utilized to avoid the unauthorized client looking over the system and it as well avoid from hacking the watchword and unusual works out inside the stockroom So that we propose a Methodology based on guidelines such as Multilevel secured confirmation system to secure from harmful clients Secured Client control benefits for data scrutinized and sort in and Taking after the client conduct plan based on development log and Within the occasion that any unordinary activity is done by the individuals who are getting to data stockroom, the admin will be educated and this irregular development will be captured by keeping up a log record of all the clients. Cutting edge shows up has been proposed utilizing four level security techniques by checking the Picture Hotspot Security. AES Calculation is utilized to scramble and translate the login inconspicuous components in database for more information security to administer information proprietorship and security. For blended information capacity in information stockroom framework utilizing progressed record security and Information advantage Official.
Authored by Gunasekar M, Vishva C
Outsourced Database Security - Inference attacks on statistical databases represent a complex issue in institutions and corporates since it is hard to detect and prevent, especially when it is committed by an internal adversary. The issue has been manifested further with the widespread of data analytics techniques in industry and academia, besides outsourced services. Even when the released statistical data has been anonymized and the identifying attributes are removed, targeted individuals can be spotted in such data. Therefore, preventing sensitive statistical data leakage is crucial for protecting the privacy of individuals or events, but such measures should not form utilization obstacles or degrade the data utility. This paper proposes an antiinference technique for preserving the privacy of sensitive data in statistical databases. Unlike existing solutions, which either require considerable computing resources or trade-off between statistical data accuracy and its privacy, our solution is designed to maintain the accuracy while privacy is ensured.
Authored by Amer Aljaedi
Outsourced Database Security - Cyber attacks are causing tremendous damage around the world. To protect against attacks, many organizations have established or outsourced Security Operation Centers (SOCs) to check a large number of logs daily. Since there is no perfect countermeasure against cyber attacks, it is necessary to detect signs of intrusion quickly to mitigate damage caused by them. However, it is challenging to analyze a lot of logs obtained from PCs and servers inside an organization. Therefore, there is a need for a method of efficiently analyzing logs. In this paper, we propose a recommendation system using the ATT\&CK technique, which predicts and visualizes attackers’ behaviors using collaborative filtering so that security analysts can analyze logs efficiently.
Authored by Masaki Kuwano, Momoka Okuma, Satoshi Okada, Takuho Mitsunaga
Outsourced Database Security - The outsourcing of databases is very popular among IT companies and industries. It acts as a solution for businesses to ensure availability of the data for their users. The solution of outsourcing the database is to encrypt the data in a form where the database service provider can perform relational operations over the encrypted database. At the same time, the associated security risk of data leakage prevents many potential industries from deploying it. In this paper, we present a secure outsourcing database search scheme (BASDB) with the use of a smart contract for search operation over index of encrypted database and storing encrypted relational database in the cloud. Our proposed scheme BASDB is a simple and practical solution for effective search on encrypted relations and is well resistant to information leakage against attacks like search and access pattern leakage.
Authored by Partha Chakraborty, Puspesh Kumar, Mangesh Chandrawanshi, Somanath Tripathy
The outsourcing of databases is very popular among IT companies and industries. It acts as a solution for businesses to ensure availability of the data for their users. The solution of outsourcing the database is to encrypt the data in a form where the database service provider can perform relational operations over the encrypted database. At the same time, the associated security risk of data leakage prevents many potential industries from deploying it. In this paper, we present a secure outsourcing database search scheme (BASDB) with the use of a smart contract for search operation over index of encrypted database and storing encrypted relational database in the cloud. Our proposed scheme BASDB is a simple and practical solution for effective search on encrypted relations and is well resistant to information leakage against attacks like search and access pattern leakage.
Authored by Partha Chakraborty, Puspesh Kumar, Mangesh Chandrawanshi, Somanath Tripathy