Lightweight and Secure Two-Party Range Queries over Outsourced Encrypted Databases

TL;DR

This paper introduces a new secure comparison scheme and two range query protocols that enhance security and efficiency for outsourced encrypted data, enabling lightweight and privacy-preserving data analytics in cloud environments.

Contribution

It presents a novel secure comparison scheme and two secure range query protocols that improve security and efficiency for encrypted data in cloud computing.

Findings

The new secure comparison scheme is more practical than existing methods.

The range query protocols protect data confidentiality and user privacy.

The second protocol is lightweight for user devices with limited resources.

Abstract

With the many benefits of cloud computing, an entity may want to outsource its data and their related analytics tasks to a cloud. When data are sensitive, it is in the interest of the entity to outsource encrypted data to the cloud; however, this limits the types of operations that can be performed on the cloud side. Especially, evaluating queries over the encrypted data stored on the cloud without the entity performing any computation and without ever decrypting the data become a very challenging problem. In this paper, we propose solutions to conduct range queries over outsourced encrypted data. The existing methods leak valuable information to the cloud which can violate the security guarantee of the underlying encryption schemes. In general, the main security primitive used to evaluate range queries is secure comparison (SC) of encrypted integers. However, we observe that the existing SC protocols are not very efficient. To this end, we first propose a novel SC scheme that takes encrypted integers and outputs encrypted comparison result. We empirically show its practical advantage over the current state-of-the-art. We then utilize the proposed SC scheme to construct two new secure range query protocols. Our protocols protect data confidentiality, privacy of user's query, and also preserve the semantic security of the encrypted data; therefore, they are more secure than the existing protocols. Furthermore, our second protocol is lightweight at the user end, and it can allow an authorized user to use any device with limited storage and computing capability to perform the range queries over outsourced encrypted data.