EncDB

Cloud database services are attracting more companies to outsource their databases, delegating the responsibility to maintain their own database management systems. With such services, a company is able to deploy databases quickly without much concern about system management, maintenance and upgrade. However, companies lose the physical control to their databases and may have a raised concern with regard to the privacy of their outsourced data. To protect databases in the cloud from improper access, data is encrypted before being stored. In this way, service providers can only access meaningless ciphertexts without gaining access to the privileged databases. The problem is that the encrypted databases may not be meaningfully queried, and it is not realistic to decrypt the entire database before querying.

DSS has developed the EncDB techniques that allow companies to encrypt their databases before outsourcing, and to execute standard SQL queries directly over encrypted databases. These new homomorphic encryption and order-preserving indexing schemes succeeds in protecting databases outsourced to the cloud, removing the ability of untrusted cloud administrators to access and understand the data. The schemes further allow direct SQL queries over the encrypted databases where only the query results need to be decrypted by the database owners. This is facilitated by a query proxy that translates SQL queries issued from database applications into queries suitable for the encrypted databases. The translation of SQL queries is needed since the schemas of encrypted databases are usually different from the schemas of the corresponding plain databases. Compared with other methods of querying encrypted databases, our method has the following three main features:

  • Our method can be applied to any existing Database Management Systems without any change or extension – a rich set of SQL queries can be supported, such as the aggregate queries with SUM and AVG, and range queries.
  • Our scheme is suitable for long-standing dynamic databases and does not bound query results over encrypted data. Other homomorphic encryption schemes might not be correct if the results are bigger than the modulus used in encryption.
  • Our method can encrypt real numbers and negative numeric values directly – no need to do encoding and decoding when databases have real numbers and negative numeric values.

 

  • This project brought the group’s work to the attention of the international security community, including Prof Elisa Bertino and her subsequent close collaboration with DSS.
  • The background knowledge is applicable to many security and privacy projects within Data61.
  • For example, the background knowledge is used to develop an approximate division protocol over encrypted data in the secure two-party fuzzy record linkage project for DFAT led by Stephen Hardy (Confidential computing).
  • Dongxi Liu and Shenlu Wang. “DEMO: Query encrypted databases practically”. Proc 19th ACM Conference on Computer and Communication Security (CCS 2012), Raleigh, NC, USA. http://150.229.2.229/familySys/home.
  • Dongxi Liu. “Homomorphic encryption for encrypted databases querying”, International Patent Application No.: PCT/AU2013/000674, 2013.
  • Dongxi Liu, Shenlu Wang. “Nonlinear order preserving index for encrypted database query in service cloud environments”, Concurrency and Computation: Practice and Experience, 25(13): 1967-1984, 2013.
  • Dongxi Liu, Elisa Bertino and Xun Yi. “Privacy of outsourced k-means clustering”, Proc. 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan, 2014.
  • Dongxi Liu. “Efficient processing of encrypted data in honest-but-curious clouds”, Proc. 9th IEEE International Conference on Cloud Computing (IEEE Cloud 2016), San Francisco, USA, 2016.