Databases Reference
In-Depth Information
7
Managing and Querying Encrypted Data
Bijit Hore
1
, Sharad Mehrotra
1
, and Hakan Hacıgumus
2
1
Donald Bren School of Computer Science
University of California, Irvine
{
bhore,sharad
}
@ics.uci.edu
2
IBM Almaden Research Center
hakanh@acm.org
Summary.
Encryption is a popular technique for ensuring confidentiality of sensi-
tive data. While data encryption is able to enhance security greatly, it can impose
substantial overhead on the performance of a system in terms of data management.
Management of encrypted data needs to address several new issues like choice of the
appropriate encryption algorithms, deciding the key management architecture and
key distribution protocols, enabling ecient encrypted data storage and retrieval,
developing techniques for querying and searching encrypted data, ensuring integrity
of data etc. In this chapter, we give an overview of the state-of-the-art in some of
these areas using the “Database As a Service” (DAS) as the prototype application.
We especially concentrate on techniques for querying encrypted data and summa-
rize the basic techniques proposed for SQL queries over encrypted relational data,
keyword search over encrypted text data and XPath queries over encrypted XML
data. We also provide brief summaries of works relating to other issues mentioned
above and provide further references to the related literature.
1 Introduction
The proliferation of a new breed of data management applications that store
and process data at remote service-providers' locations leads to a new con-
cern, that of security. Especially when sensitive information is contained in
the data, ensuring its confidentiality is a key concern in such a model. In a
typical setting of the problem, the confidential portions of the data are stored
at the remote location in an encrypted form at all times. For example, in
a DAS setting data encryption becomes important when the client chooses
to hide away certain contents from server-side entities. Two new challenges
emerge: (i) Ecient encryption algorithms for relational data. (ii) Supporting
queries on the encrypted relational data. While supporting a fully functional
RDBMS over encrypted data is a challenge that remains far from being met,
other specialized application domains fitting this model have emerged over the
past few years. An application that has driven a lot of research in the crypto-
graphic community is that of keyword-matching over encrypted text data. For
