Data outsourcing is emerging today as a successful solution for organizations looking for a cost-effective way to make their data available for on-line querying. To protect outsourced data from unauthorized accesses, even from the (honest but curious) host server, data are encrypted and indexes associated with them enable the server to execute queries without the need of accessing cleartext. Current solutions consider the whole database as encrypted with a single key known only to the data owner, which therefore has to be kept involved in the query execution process. In this paper, we propose different multi-key data encryption strategies for enforcing access privileges. Our strategies exploit different keys, which are distributed to the users, corresponding to the different authorizations. We then present some experiments evaluating the quality of the proposed strategies with respect to the amount of cryptographic information to be produced and maintained.
An experimental evaluation of multi-key strategies for data outsourcing / E. Damiani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati (IFIP INTERNATIONAL FEDERATION FOR INFORMATION PROCESSING). - In: New approaches for security, privacy and trust in complex environments / [a cura di] H. Venter, M. Eloff, L. Labuschagne,J. Eloff, R. von Solms. - New York : Springer, 2007. - ISBN 9780387723662. - pp. 385-396 (( Intervento presentato al 22. convegno International Information Security Conference tenutosi a Sandton nel 2007 [10.1007/978-0-387-72367-9_33].
An experimental evaluation of multi-key strategies for data outsourcing
E. DamianiPrimo
;S. De Capitani di VimercatiSecondo
;S. Foresti;P. SamaratiUltimo
2007
Abstract
Data outsourcing is emerging today as a successful solution for organizations looking for a cost-effective way to make their data available for on-line querying. To protect outsourced data from unauthorized accesses, even from the (honest but curious) host server, data are encrypted and indexes associated with them enable the server to execute queries without the need of accessing cleartext. Current solutions consider the whole database as encrypted with a single key known only to the data owner, which therefore has to be kept involved in the query execution process. In this paper, we propose different multi-key data encryption strategies for enforcing access privileges. Our strategies exploit different keys, which are distributed to the users, corresponding to the different authorizations. We then present some experiments evaluating the quality of the proposed strategies with respect to the amount of cryptographic information to be produced and maintained.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
