Cryptology ePrint Archive: Report 2013/715
Practical Forward-Secure Range and Sort Queries with Update-Oblivious Linked Lists
Erik-Oliver Blass and Travis Mayberry and Guevara Noubir
Abstract: We revisit the problem of privacy-preserving range search and sort
queries on encrypted data in the face of an untrusted data store.
Our new protocol RASP has several advantages over existing work.
First, RASP strengthens privacy by ensuring forward security:
after a query for range $[a,b]$, any new record added to the data
store is indistinguishable from random, even if the new record falls
within range $[a,b]$. We are able to accomplish this
using only traditional hash and block cipher operations, abstaining
from expensive asymmetric cryptography and bilinear pairings.
Consequently, RASP is highly practical, even for large database
sizes. Additionally, we require only cloud storage and not a
computational cloud like related works, which can reduce monetary
costs significantly. At the heart of RASP, we develop a new
update-oblivious bucket-based data structure. We allow for
data to be added to buckets without leaking into which bucket it has
been added. As long as a bucket is not explicitly queried, the data
store does not learn anything about bucket contents. Furthermore, no
information is leaked about data additions following a
query. Besides formally proving RASP's privacy, we also present a
practical evaluation of RASP on Amazon Dynamo, demonstrating its
efficiency and real world applicability.
Category / Keywords: Applications ; Privacy; Cloud Computing; Update-Oblivious Data Structures
Date: received 1 Nov 2013, last revised 12 May 2014
Contact author: blass at ccs neu edu
Available format(s): PDF | BibTeX Citation
Version: 20140512:213825 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]