Massive data breaches are affecting over 10 million individuals in Australia. In 2019, the Office of the Australia Information Commissioner received more than 960 breach notifications, spanning from cloud to in-house databases. To mitigate growing threats of data breaches, encrypted databases draw much attention in both academia and industry.
They employ client-side encryption, where data is encrypted by the client and always remains in an encrypted form at the server side. This approach can effectively prevent external hackers and unauthorized insiders from stealing the sensitive or proprietary data.
To preserve query functionalities over encrypted data, the first generation encrypted database systems, e.g., CryptDB and Microsoft Azure SQL Always Encryption, are built on fast yet leaky encryption algorithms such as deterministic encryption and order-preserving encryption.
These systems are shown to be vulnerable to classic frequency analysis and inference attacks.
This project develops the next generation encrypted database system. Our system integrates advanced yet scalable cryptographic technology called searchable encryption, which allows the client to provision the server a controlled capability to process encrypted queries directly over the encrypted data without decryption. Without query tokens, the server cannot learn any information from the data ciphertexts. Namely, frequency analysis can no longer work over the breached database. Meanwhile, our technology can raise user awareness on data protection in a way that the data can only be queried with users’ query tokens and can only be decrypted with users’ own private keys.
Demo is available upon request.
Our system is the next generation database software building fundamental infrastructure to promote disruptive technologies such as Cloud Computing and Internet of Things in a secure and trustworthy fashion.
It can reduce an enterprise’s financial and operational burden of preventing and resolving data breaches, and benefit financial and e-Health services directly that require mandatory privacy-assured data processing.
Our system enables an enterprise to meet a growing demand for domestic and international regulatory compliance on data privacy and protection. For example;
- Australia Privacy and Data Protection Act 2014
- Victorian Data Sharing Act 2017
- EU General Data Protection Regulation (GDPR), etc.
It also improves user awareness in data security and presents the end-user a new understanding that data stored at the server is unable to be decrypted without the end-user’s key. Such awareness provides the end-user with a peace of mind when using disruptive technologies, increasing user acceptance and demand for those technologies.
If you would like more information on this project, Xingliang is the project lead and can be contacted on email.
- [SUL+18] Shifeng Sun, Xingliang Yuan, Joseph K. Liu, Ron Steinfeld, Amin Sakzad, Viet Vo, Surya Nepal: Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption. ACM Conference on Computer and Communications Security 2018: 763-780.
Abstract: “Symmetric Searchable Encryption (SSE) has received wide attention due to its practical application in searching on encrypted data. Beyond search, data addition and deletion are also supported in dynamic SSE schemes. Unfortunately, these update operations leak some information of updated data. To address this issue, forward-secure SSE is actively explored to protect the relations of newly updated data and previously searched keywords. On the contrary, little work has been done in backward security, which enforces that search should not reveal information of deleted data. In this paper, we propose the first practical and non-interactive backward-secure SSE scheme. In particular, we introduce a new form of symmetric encryption, named symmetric puncturable encryption (SPE), and construct a generic primitive from simple cryptographic tools. Based on this primitive, we then present a backward-secure SSE scheme that can revoke a server’s searching ability on deleted data. We instantiate our scheme with a practical puncturable pseudorandom function and implement it on a large data-set. The experimental results demonstrate its efficiency and scalability. Compared to the state-of-the-art, our scheme achieves a speedup of almost 50x in search latency, and a saving of 62% in server storage consumption”.
- [SPS+18] Shangqi Lai, Sikhar Patranabis, Amin Sakzad, Joseph K. Liu, Debdeep Mukhopadhyay, Ron Steinfeld, Shifeng Sun, Dongxi Liu, Cong Zuo: Result Pattern Hiding Searchable Encryption for Conjunctive Queries. ACM Conference on Computer and Communications Security 2018: 745-762.
- [SSZ+18] Sui, Zhimei, Shangqi Lai, Cong Zuo, Xingliang Yuan, Joseph K. Liu, and Haifeng Qian. “An encrypted database with enforced access control and blockchain validation.” In International Conference on Information Security and Cryptology, pp. 260-273. Springer, 2018