Technique for Searching Data in a Cryptographically Protected SQL Database-Reference-Cited by-同舟云学术

Technique for Searching Data in a Cryptographically Protected SQL Database

Published:2023-10-20 Issue:20 Volume:13 Page:11525
ISSN:2076-3417
Container-title:Applied Sciences
language:en
Short-container-title:Applied Sciences

Author:

Yesin Vitalii¹²^ORCID,Karpinski Mikolaj³⁴^ORCID,Yesina Maryna¹²,Vilihura Vladyslav¹,Kozak Ruslan⁴^ORCID,Shevchuk Ruslan⁵⁶^ORCID

Affiliation:

1. Department of Security of Information Systems and Technologies, Faculty of Computer Science, V. Karazin National University of Kharkiv, 61022 Kharkiv, Ukraine

2. Department of Information Technology Security, Institute of Computer Technologies, Automation and Metrology, Lviv Polytechnic National University, 79000 Lviv, Ukraine

3. Department of Computer Science, Faculty of Engineering Sciences, University of Applied Sciences in Nowy Sacz, 33-300 Nowy Sacz, Poland

4. Department of Cyber Security, Faculty of Computer Information Systems and Software Engineering, Ternopil Ivan Puluj National Technical University, 46001 Ternopil, Ukraine

5. Department of Computer Science and Automatics, Faculty of Mechanical Engineering and Computer Science, University of Bielsko-Biala, 43-309 Bielsko-Biala, Poland

6. Department of Computer Science, Faculty of Computer Information Technologies, West Ukrainian National University, 46009 Ternopil, Ukraine

Abstract

The growing popularity of data outsourcing to third-party cloud servers has a downside, related to the serious concerns of data owners about their security due to possible leakage. The desire to reduce the risk of loss of data confidentiality has become a motivating start to developing mechanisms that provide the ability to effectively use encryption to protect data. However, the use of traditional encryption methods faces a problem. Namely, traditional encryption, by making it impossible for insiders and outsiders to access data without knowing the keys, excludes the possibility of searching. This paper presents a solution that provides a strong level of confidentiality when searching, inserting, modifying, and deleting the required sensitive data in a remote database whose data are encrypted. The proposed SQL query processing technique allows the DBMS server to perform search functions over encrypted data in the same way as in an unencrypted database. This is achieved through the organization of automatic decryption by specially developed secure software of the corresponding data required for search, without the possibility of viewing these data itself. At that, we guarantee the integrity of the stored procedures used and special tables that store encrypted modules of special software and decryption keys, the relevance and completeness of the results returned to the application. The results of the analysis of the feasibility and effectiveness of the proposed solution show that the proper privacy of the stored data can be achieved at a reasonable overhead.

Funder

National Centre for Research and Development, Poland

Publisher

MDPI AG

Subject

Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science

Link

https://www.mdpi.com/2076-3417/13/20/11525/pdf

Reference43 articles.

1. The Seattle Report on Database Research;Abadi;ACM Sigmod Rec.,2020

2. Fuller, B., Varia, M., Yerukhimovich, A., Shen, E., Hamlin, A., Gadepally, V., Shay, R., Mitchell, J.D., and Cunningham, R.K. (2017, January 22–26). SoK: Cryptographically protected database search. Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.

3. (2023, August 02). General Data Protection Regulation GDPR. Available online: https://gdpr-info.eu/.

4. (2023, August 02). Payment Card Industry (PCI) Data Security Standard. Requirements and Testing Procedures Version 4.0. Available online: https://www.pcisecuritystandards.org/documents/PCI-DSS-v4_0.pdf.

5. From the field: The politics of the health insurance portability and accountability act;Atchinson;Health Aff.,1997