Executing SQL over Encrypted Data in Database-Service- Provider Model Hakan Hacigumus University of California, Irvine Bala Iyer IBM Silicon Valley Lab. Chen Li University of California, Irvine Sharad Mehrotra University of California, Irvine SIGMOD 2002, Madison, Wisconsin, USA
34
Embed
Executing SQL over Encrypted Data in Database-Service-Provider Model Hakan Hacigumus University of California, Irvine Bala Iyer IBM Silicon Valley Lab.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Executing SQL over Encrypted Data in Database-Service-Provider
Model
Hakan HacigumusUniversity of California, Irvine
Bala IyerIBM Silicon Valley Lab.
Chen LiUniversity of California, Irvine
Sharad MehrotraUniversity of California, Irvine
SIGMOD 2002, Madison, Wisconsin, USA
2
What do we want to do?
We want to store the data on “a server”
User Encrypted User DatabaseServer
User Data
But the problem is we do not trust “the server” for sensitive information!
encrypt the data and store it but still be able to run queries over the encrypted data do most of the work at the server
If the server is trusted, ICDE 2002
Distrusted
3
Why is it important anyway?
Application Service Provider (ASP) Model for Database
DB management transferred to service provider for backup, administration, restoration, space management,
upgrades etc.
use the database “as a service” provided by an ASP use SW, HW, human resources of ASP, instead of your own
User Encrypted User Database
(Distrusted) Application Service Provider
User Data
Distrusted Server
Talk Outline
Service Provider Architecture
How to create Metadata: Relational Encryption and Storage Model
Query Decomposition and Relational Operators
Query Decomposition – Examples
Experimental Results
Conclusion
5
Service Provider Architecture
Encrypted User
Database
Query Translator
Server Site
Temporary Results
Query Executer
MetadataOriginal Query
Server Side Query
Encrypted Results
Actual Results
Service Provider
User
Client Site
Client Side Query ?
? ?
Talk Outline
Service Provider Architecture
How to create Metadata: Relational Encryption and Storage Model
Query Decomposition and Relational Operators
Query Decomposition – Examples
Experimental Results
Conclusion
Talk Outline
Service Provider Architecture
How to create Metadata: Relational Encryption and Storage Model
Query Decomposition and Relational Operators
Query Decomposition – Examples
Experimental Results
Conclusion
8
Relational Encryption
NAME SALARY
PID
John 50000 2
Marry 110000 2
James 95000 3
Lisa 105000 4
etuple N_ID S_ID P_ID
fErf!$Q!!vddf>></|
50 1 10
F%%3w&%gfErf!$ 65 2 10
&%gfsdf$%343v<l
50 2 20
%%33w&%gfs##! 65 2 20Server Site
Store an encrypted string – etuple – for each tuple in the original table
This is called “row level encryption”
Any kind of encryption technique can be used
Blowfish encryption algorithm is used for this work
Create an index for each (or selected) attribute(s) in the original table
9
Building the Index:Partition and Identification Functions
Partition function divides domain values into partitions (buckets)