On The Security Of Querying Encrypted Data
- Arvind Arasu ,
- Raghav Kaushik ,
- Ravi Ramamurthy
Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns.The intuitive expectation is that an adversary cannot “learn” anything about the encrypted columns, since she does not have access to the encryption key. However, it turns out that the act of query processing over encrypted data can reveal information that in the worst case can undermine the very purpose of encryption. In this paper, we argue that such information disclosure should not be handled in an ad hoc manner; in particular, query processing over encrypted data requires: 1) a precise contract (in the form of a security model) that specifies what information is permitted to be disclosed during query processing and 2) a query engine that is carefully engineered to meet the contract efficiently. We believe these are important building blocks in designing a “secure” database-as-a-service paradigm. In this paper, we develop a security model for query processing over encrypted data and take the first steps in understanding the space of secure query processing.