research-article

Encrypting Analytical Web Applications

Authors:

Walter Tighzert,

Florian KerschbaumAuthors Info & Claims

CCSW '16: Proceedings of the 2016 ACM on Cloud Computing Security Workshop

Pages 35 - 46

https://doi.org/10.1145/2996429.2996438

Published: 28 October 2016 Publication History

Abstract

The software-as-a-service (SaaS) market is growing very fast, but still many clients are concerned about the confidentiality of their data in the cloud. Motivated hackers or malicious insiders could try to steal the clients' data. Encryption is a potential solution, but supporting the necessary functionality also in existing applications is difficult. In this paper, we examine encrypting analytical web applications that perform extensive number processing operations in the database. Existing solutions for encrypting data in web applications poorly support such encryption. We employ a proxy that adjusts the encryption to the level necessary for the client's usage and also supports additively homomorphic encryption. This proxy is deployed at the client and all encryption keys are stored and managed there, while the application is running in the cloud. Our proxy is stateless and we only need to modify the database driver of the application. We evaluate an instantiation of our architecture on an exemplary application. We only slightly increase page load time on average from 3.1 seconds to 4.7. However, roughly 40% of all data columns remain probabilistic encrypted. The client can set the desired security level for each column using our policy mechanism. Hence our proxy architecture offers a solution to increase the confidentiality of the data at the cloud provider at a moderate performance penalty.

References

[1]

http://www.ciphercloud.com/.

[2]

http://www.eweek.com/c/a/Security/Salesforcecom-Acquires-SaaS-Encryption-Provider-Navajo-Systems-331154.

[3]

http://www.perspecsys.com/.

[4]

http://www.vaultive.com/.

[5]

http://scn.sap.com/servlet/JiveServlet/downloadBody/60270--102--1--222286/HANA_SPS08_NEW_SHINE.pdf.

[6]

Apache JMeter - apache JMeter#8482;.

[7]

G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-Molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu. Two can keep a secret: a distributed architecture for secure database services. 2005.

[8]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2004.

Digital Library

[9]

M. Blaze, G. Bleumer, and M. Strauss. Divertible protocols and atomic proxy cryptography. In Proceedings of the 17th International Conference on Advances in Cryptology, EUROCRYPT, 1998.

[10]

A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In Proceedings of the 28th International Conference on Advances in Cryptology, EUROCRYPT, 2009.

[11]

A. Boldyreva, N. Chenette, and A. O'Neill. Order-preserving encryption revisited: improved security analysis and alternative solutions. In Proceedings of the 31st International Conference on Advances in Cryptology, CRYPTO, 2011.

Digital Library

[12]

D. Cash, J. Jaeger, S. Jarecki, C. Jutla, H. Krawczyk, M. Rosu, and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. In Proceedings of the 21st Network and Distributed System Security Symposium, NDSS, 2014.

[13]

O. Catrina and F. Kerschbaum. Fostering the uptake of secure multiparty computation in e-commerce. In Proceedings of the third International Conference on Availability, Reliability and Security, ARES, pages 693--700, 2008.

Digital Library

[14]

V. Ciriani, S. De Capitani Di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security, 13(3), 2010.

Digital Library

[15]

R. Curtmola, J. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. Journal of Computer Security, 19(5), 2011.

Digital Library

[16]

M. Diallo, B. Hore, E. Chang, S. Mehrotra, and N. Venkatasubramanian. Cloudprotect: managing data privacy in cloud applications. In Proceedings of the 5th IEEE International Conference on Cloud Computing, CLOUD, 2012.

Digital Library

[17]

C. Evans, C. Palmer, and R. Sleevi. Public Key Pinning Extension for HTTP. RFC 7469 (Proposed Standard), Apr. 2015.

[18]

S. Foresti. Preserving privacy in data outsourcing. Springer Verlag, 2010.

Digital Library

[19]

C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the Symposium on Theory of Computing, STOC, 2009.

Digital Library

[20]

H. Hacigümüs, B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2002.

Digital Library

[21]

F. Hahn and F. Kerschbaum. Searchable encryption with secure and efficient updates. In Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS, 2014.

Digital Library

[22]

W. He, D. Akhawe, S. Jain, E. Shi, and D. Song. ShadowCrypt: encrypted web applications for everyone. In Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS, 2014.

Digital Library

[23]

S. Kamara, C. Papamanthou, and T. Roeder. Dynamic searchable symmetric encryption. In Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS, 2012.

Digital Library

[24]

F. Kerschbaum. Building a privacy-preserving benchmarking enterprise system. Enterprise Information Systems, 2(4):421--441, 2008.

Digital Library

[25]

F. Kerschbaum. Practical privacy-preserving benchmarking. In Proceedings of the IFIP International Information Security Conference, SEC, pages 17--31, 2008.

[26]

F. Kerschbaum. A verifiable, centralized, coercion-free reputation system. In Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, WPES, pages 61--70, 2009.

Digital Library

[27]

F. Kerschbaum. Frequency-hiding order-preserving encryption. In Proceedings of the 22nd ACM Conference on Computer and Communications Security, CCS, 2015.

Digital Library

[28]

F. Kerschbaum, D. Dahlmeier, A. Schröpfer, and D. Biswas. On the practical importance of communication complexity for secure multi-party computation protocols. In Proceedings of the 2009 ACM Symposium on Applied Computing, SAC, pages 2008--2015, 2009.

Digital Library

[29]

F. Kerschbaum, M. Härterich, P. Grofig, M. Kohler, A. Schaad, A. Schröpfer, and W. Tighzert. Optimal re-encryption strategy for joins in encrypted databases. In Proceedings of the 27th IFIP Conference on Data and Applications Security and Privacy, DBSEC, 2013.

[30]

F. Kerschbaum and N. Oertel. Privacy-preserving pattern matching for anomaly detection in rfid anti-counterfeiting. In International Workshop on Radio Frequency Identification: Security and Privacy Issues, RFIDSec, pages 124--137, 2010.

Digital Library

[31]

F. Kerschbaum and A. Schröpfer. Optimal average-complexity ideal-security order-preserving encryption. In Proceedings of the 21st ACM Conference on Computer and Communications Security, CCS, 2014.

Digital Library

[32]

F. Kerschbaum and O. Terzidis. Filtering for private collaborative benchmarking. Emerging Trends in Information and Communication Security, pages 409--422, 2006.

Digital Library

[33]

J. Köhler and K. Jünemann. Securus: from confidentiality and access requirements to data outsourcing solutions. In Proceedings of the 8th IFIP International Summer School on Privacy and Identity Management for Emerging Services and Technologies, 2013.

[34]

M. Naveed, S. Kamara, and C. V. Wright. Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 644--655. ACM.

Digital Library

[35]

P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 18th International Conference on Advances in Cryptology, EUROCRYPT, 1999.

Digital Library

[36]

M. Pizzo, R. Handl, and M. Zurmuehl. Odata version 4.0 part 1: protocol. Technical report, OASIS, http://docs.oasis-open.org/odata/odata/v4.0/odata-v4.0-part1-protocol.pdf, 2014.

[37]

S. C. Pohlig and M. E. Hellman. An improved algorithm for computing logarithms over gf(p) and its cryptographic significance. IEEE Transactions on Information Theory, 24(1):106--110, 1978.

Digital Library

[38]

R. A. Popa, F. H. Li, and N. Zeldovich. An ideal-security protocol for order-preserving encoding. In Proceedings of the 34th IEEE Symposium on Security and Privacy, S&P, 2013.

Digital Library

[39]

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP, 2011.

Digital Library

[40]

R. A. Popa, E. Stark, J. Helfer, S. Valdez, N. Zeldovich, M. F. Kaashoek, and H. Balakrishnan. Building web applications on top of encrypted data using mylar. In Proceedings of the 11th Symposium on Networked Systems Design and Implementation, NSDI, 2014.

Digital Library

[41]

D. Roche, D. Apon, S. G. Choi, and A. Yerukhimovich. Sql on structurally-encrypted databases. Technical Report 1106, IACR Cryptology ePrint Archive, 2015.

[42]

E. Saleh and C. Meinel. Hpisecure: towards data confidentiality in cloud applications. In Proceedings of the 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID, 2013.

Digital Library

[43]

D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Proceedings of the 21st IEEE Symposium on Security and Privacy, S&P, 2000.

Digital Library

Cited By

Al Khaldy MIshtaiwi AAl-Qerem AAldweesh AAlmomani AAlkasassbeh M(2024)Cryptography in Business Intelligence and Data AnalyticsInnovations in Modern Cryptography10.4018/979-8-3693-5330-1.ch015(352-375)Online publication date: 12-Jul-2024
https://doi.org/10.4018/979-8-3693-5330-1.ch015
Johns MDirksen AZhang YSion R(2020)Towards Enabling Secure Web-Based Cloud Services using Client-Side EncryptionProceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop10.1145/3411495.3421364(67-76)Online publication date: 9-Nov-2020
https://dl.acm.org/doi/10.1145/3411495.3421364
Freyberger MHe WAkhawe DMazurek MMittal P(2018)Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet BrowsersProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00122018:2(47-63)Online publication date: 20-Feb-2018
https://doi.org/10.1515/popets-2018-0012

Index Terms

Encrypting Analytical Web Applications

Recommendations

Toward Efficient Homomorphic Encryption for Outsourced Databases through Parallel Caching
PACMMOD

Many applications deployed to public clouds are concerned about the confidentiality of their outsourced data, such as financial services and electronic patient records. A plausible solution to this problem is homomorphic encryption (HE), which supports ...
Chosen ciphertext secure keyed-homomorphic public-key cryptosystems

In homomorphic encryption schemes, anyone can perform homomorphic operations, and therefore, it is difficult to manage when, where and by whom they are performed. In addition, the property that anyone can "freely" perform the operation inevitably means ...
Delegatable homomorphic encryption with applications to secure outsourcing of computation
CT-RSA'12: Proceedings of the 12th conference on Topics in Cryptology

We propose a new cryptographic primitive called Delegatable Homomorphic Encryption (DHE). This allows a Trusted Authority to control/delegate the evaluation of circuits over encrypted data to untrusted workers/evaluators by issuing tokens. This ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCSW '16: Proceedings of the 2016 ACM on Cloud Computing Security Workshop

October 2016

116 pages

ISBN:9781450345729

DOI:10.1145/2996429

Conference Chairs:
Mathias Payer
Purdue University, USA
,
Stefan Mangard
IAIK TU Graz, Austria
,
General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
Technische Universität Darmstadt, Germany
,
Program Chairs:
Elli Androulaki
IBM Research-Zurich, Switzerland
,
Michael K. Reiter
University of North Carolina at Chapel Hill, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 28, 2016

Vienna, Austria

Acceptance Rates

CCSW '16 Paper Acceptance Rate 8 of 23 submissions, 35%;

Overall Acceptance Rate 37 of 108 submissions, 34%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
380
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al Khaldy MIshtaiwi AAl-Qerem AAldweesh AAlmomani AAlkasassbeh M(2024)Cryptography in Business Intelligence and Data AnalyticsInnovations in Modern Cryptography10.4018/979-8-3693-5330-1.ch015(352-375)Online publication date: 12-Jul-2024
https://doi.org/10.4018/979-8-3693-5330-1.ch015
Johns MDirksen AZhang YSion R(2020)Towards Enabling Secure Web-Based Cloud Services using Client-Side EncryptionProceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop10.1145/3411495.3421364(67-76)Online publication date: 9-Nov-2020
https://dl.acm.org/doi/10.1145/3411495.3421364
Freyberger MHe WAkhawe DMazurek MMittal P(2018)Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet BrowsersProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00122018:2(47-63)Online publication date: 20-Feb-2018
https://doi.org/10.1515/popets-2018-0012
Kerschbaum FHärterich M(2017)Searchable Encryption to Reduce Encryption Degradation in Adjustably Encrypted DatabasesData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_18(325-336)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_18

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents