Paper 2006/380

On Security of Sovereign Joins

Einar Mykletun and Gene Tsudik

Abstract

The goal of a sovereign join operation is to compute a query across independent database relations such that nothing beyond the join results is revealed. Each relation involved in a sovereign join is owned by a distinct entity and the party posing the query is distinct from the relation owners; it is not permitted to access the original relations. One notable recent research result proposed a secure technique for executing sovereign joins. It entails data owners sending their relations to an independent database service provider which executes a sovereign join with the aid of a tamper-resistant secure coprocessor. This achieves the goal of preventing information leakage during query execution. However, as we show in this paper, the proposed technique is actually insecure as it fails to prevent an attacker from learning the query results. We also suggest some measures to remedy the security problems.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
applicationsinformation hiding
Contact author(s)
gts @ ics uci edu
History
2006-11-03: received
Short URL
https://ia.cr/2006/380
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2006/380,
      author = {Einar Mykletun and Gene Tsudik},
      title = {On Security of Sovereign Joins},
      howpublished = {Cryptology {ePrint} Archive, Paper 2006/380},
      year = {2006},
      url = {https://eprint.iacr.org/2006/380}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.