TY - GEN
T1 - A Practical and Secure Stateless Order Preserving Encryption for Outsourced Databases
AU - Shen, Ning
AU - Yeh, Jyh Haw
AU - Sun, Hung Min
AU - Chen, Chien Ming
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Order-preserving encryption (OPE) plays an important role in securing outsourced databases. OPE schemes can be either Stateless or Stateful. Stateful schemes can achieve the ideal security of order-preserving encryption, i.e., 'reveal no information about the plaintexts besides order.' However, comparing to stateless schemes, stateful schemes require maintaining some state information locally besides encryption keys and the ciphertexts are mutable. On the other hand, stateless schemes only require remembering encryption keys and thus is more efficient. It is a common belief that stateless schemes cannot provide the same level of security as stateful ones because stateless schemes reveal the relative distance among their corresponding plaintext. In real world applications, such security defects may lead to the leakage of statistical and sensitive information, e.g., the data distribution, or even negates the whole encryption. In this paper, we propose a practical and secure stateless order-preserving encryption scheme. With prior knowledge of the data to be encrypted, our scheme can achieve IND-CCPA (INDistinguishability under Committed ordered Chosen Plaintext Attacks) security for static data set. Though the IND-CCPA security can't be met for dynamic data set, our new scheme can still significantly improve the security in real world applications. Along with the encryption scheme, in this paper we also provide methods to eliminate access pattern leakage in communications and thus prevents some common attacks to OPE schemes in practice.
AB - Order-preserving encryption (OPE) plays an important role in securing outsourced databases. OPE schemes can be either Stateless or Stateful. Stateful schemes can achieve the ideal security of order-preserving encryption, i.e., 'reveal no information about the plaintexts besides order.' However, comparing to stateless schemes, stateful schemes require maintaining some state information locally besides encryption keys and the ciphertexts are mutable. On the other hand, stateless schemes only require remembering encryption keys and thus is more efficient. It is a common belief that stateless schemes cannot provide the same level of security as stateful ones because stateless schemes reveal the relative distance among their corresponding plaintext. In real world applications, such security defects may lead to the leakage of statistical and sensitive information, e.g., the data distribution, or even negates the whole encryption. In this paper, we propose a practical and secure stateless order-preserving encryption scheme. With prior knowledge of the data to be encrypted, our scheme can achieve IND-CCPA (INDistinguishability under Committed ordered Chosen Plaintext Attacks) security for static data set. Though the IND-CCPA security can't be met for dynamic data set, our new scheme can still significantly improve the security in real world applications. Along with the encryption scheme, in this paper we also provide methods to eliminate access pattern leakage in communications and thus prevents some common attacks to OPE schemes in practice.
KW - Non-deterministic OPE
KW - Order Preserving Encryption
KW - Range Query over Encrypted Databases
UR - http://www.scopus.com/inward/record.url?scp=85125007036&partnerID=8YFLogxK
U2 - 10.1109/PRDC53464.2021.00025
DO - 10.1109/PRDC53464.2021.00025
M3 - Conference contribution
AN - SCOPUS:85125007036
T3 - Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC
SP - 133
EP - 142
BT - Proceedings - 2021 IEEE 26th Pacific Rim International Symposium on Dependable Computing, PRDC 2021
PB - IEEE Computer Society
T2 - 26th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2021
Y2 - 1 December 2021 through 4 December 2021
ER -