Encrypting Databases in the Cloud: Challenges and Solutions

With the growing importance of cloud computing, database encryption has become a critical technology to protect data against honest-but-curious attackers. Our goal is to encrypt the data in such a way that it remains protected against powerful attackers and at the same time achieve good performance by processing queries in the cloud without decrypting the data. Order-Preserving Encryption (OPE) is one of the most attractive techniques for database encryption since it allows the execution of range and rank queries on encrypted data. On the other hand, people are reluctant to use OPE-based techniques in practice because of their vulnerability against attackers with knowledge of the domain and its frequency distribution. This dissertation makes three important contributions. First, it formalizes a set of real-world attacker scenarios on encrypted databases, namely domain attack, frequency attack and query log attack. Query log attack refers to the inference of secrets by observing the (encrypted) queries submitted to the encrypted database. To this end, a number of encryption techniques have been developed and studied in literature. Unfortunately, most of these schemes have ignored an important threat called query log attack. Second, based on this formalization, it shows how these attacks impact the security of an important class of encryption techniques, namely OPE. Third, it explores new encryption techniques called Probabilistic Order-Preserving Encryption (Prob-OPE) and Randomly Partitioned Encryption (RPE) which are proven to be resilient against the attacker scenarios mentioned previously. These encryption techniques address the need to encrypt databases in the cloud and at the same time execute complex SQL queries efficiently. Prob-OPE and RPE can be configured to meet different privacy and performance requirements. Privacy and performance experiments conducted using the TPC-H queries show that Prob-OPE and RPE make it indeed possible to achieve a higher level of privacy compared to the state of the art with low performance overheads.