Cloud service providers adopt pay-per-query pricing models to charge data owners based on the amount of data scanned by each query. In such models, the trustworthiness of the underlying billing system is as important as the privacy preservation for the data and queries. In this paper, we revisit delegatable order-revealing encryption (DORE), a range query algorithm allowing authorized users to retrieve data of specific ranges across multiple databases encrypted under different secret keys. We first investigate which factor in the authorization mechanism of DORE can lead to overprivileged users and let them allow any unauthorized user to query over the database of the victim without risking their credits, such as leaking the secret keys. Unfortunately, such unauthorized queries would incur unexpected financial damage to the victim in practical pay-per-query models. We then propose SEDORE, a secure order-revealing encryption scheme with resilience to unauthorized queries across databases. SEDORE features a novel user authorization mechanism limiting user privileges carefully. Consequently, the authorized users cannot illegally invite any unauthorized user to query unless they entirely leak their credits. We demonstrate that the performance of SEDORE is comparable to that of DORE while achieving a higher security level.
Bibliographical noteFunding Information:
This work was supported in part by the National Research Foundation of Korea(NRF) Grant funded by the Korea government(MSIT) under Grant 2021R1F1A1061420, in part by IITP Grant funded by the MSIT, Korea under Grants 2022-0-00411, IITP-2022-2020-0-01819, and IITP-2022- 2021-0-01810.
© 2008-2012 IEEE.
- Range query
- cross-database query
- encrypted database
- order-revealing encryption
ASJC Scopus subject areas
- Information Systems and Management
- Hardware and Architecture
- Computer Networks and Communications
- Computer Science Applications