SQL-Based Fuzzy Query Mechanism Over Encrypted Database

SQL-Based Fuzzy Query Mechanism Over Encrypted Database

Zheli Liu, Jingwei Li, Jin Li, Chunfu Jia, Jun Yang, Ke Yuan
Copyright: © 2014 |Pages: 17
DOI: 10.4018/ijdwm.2014100104
(Individual Articles)
No Current Special Offers


With the development of cloud computing and big data, data privacy protection has become an urgent problem to solve. Data encryption is the most effective way to protect privacy; however, it will change the data format and result in: 1. database structure and application software will be changed; 2. structured query language (SQL) operations cannot work properly, especially in SQL-based fuzzy query. As a result, it is necessary to provide an SQL-based fuzzy query mechanism over encrypted databases, including traditional databases and cloud outsourced databases. This paper establishes a secure database system using format-preserving encryption (FPE) as the underlying primitive to protect the data privacy while not change the database structure. It further proposes a new SQL-based fuzzy query mechanism supporting directly query over encrypted data, which is constructed by FPE and universal hash function (UHF). The security of the proposed mechanism is analyzed as well. In the end, it makes extensive experiments on the system to demonstrate its practical performance.
Article Preview

1. Introduction

Recently, privacy of outsourced database has attracted more and more attentions. Encryption is the most effective way for data privacy protection, but it raises at least two challenges: 1. data encryption may change the data type and length, resulting in that it is hard to impose encryption mechanism over existing database. For example, a phone number, encrypted using the AES encryption algorithm, not only does not resemble a phone number but will even not contain any numbers at all. A database field typically defined to hold an eleven-character phone number would not be able to store the AES-encrypted version of data; 2. data encryption may lead to hardly performing structured query language (SQL) operations over encrypted data.

For the first challenge, a novel primitive namely format-preserving encryption (FPE) making sure that ciphertext has the same format as plaintext was proposed. In other words, using this technique, the data encryption will not change the data type and length, so ciphertext can be stored in the original database. Since it was proposed, several solutions to FPE have been investigated. In 2002, Black (2002) formalized the FPE problem and proposed three basic methods to implement such cipher. After 2008, some FPE schemes (Morris, 2009; Bellare, 2010; Liu, 2010; Li, 2012) were proposed to provide format-preserving encryption for different domains like integer, datetime, etc.

For the second challenge, several cryptographic tools were developed to provide solutions for operating directly on encrypted data, such as order-preserving encryption (Agrawal, 2004; Boldyreva, 2009; Popa 2013) for encryption while preserving orders of ciphertext, homomorphic encryption (Van Dijk, 2010) for allowing function computations directly imposed on ciphertexts, searchable encryption for searching keywords over encrypted data (Song, 2000; Curtmola, 2006; Li, 2010) and query processing over encrypted databases (Kwok 2002; Wang, 2005; Yang, 2006; Ashrafi, 2007; Amanatidis, 2007; Evdokimov, 2007; Taniar, 2008). Although these techniques have been developed, fuzzy query over encrypted data is still a challenge.

Complete Article List

Search this Journal:
Volume 20: 1 Issue (2024): Forthcoming, Available for Pre-Order
Volume 19: 6 Issues (2023)
Volume 18: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 17: 4 Issues (2021)
Volume 16: 4 Issues (2020)
Volume 15: 4 Issues (2019)
Volume 14: 4 Issues (2018)
Volume 13: 4 Issues (2017)
Volume 12: 4 Issues (2016)
Volume 11: 4 Issues (2015)
Volume 10: 4 Issues (2014)
Volume 9: 4 Issues (2013)
Volume 8: 4 Issues (2012)
Volume 7: 4 Issues (2011)
Volume 6: 4 Issues (2010)
Volume 5: 4 Issues (2009)
Volume 4: 4 Issues (2008)
Volume 3: 4 Issues (2007)
Volume 2: 4 Issues (2006)
Volume 1: 4 Issues (2005)
View Complete Journal Contents Listing