@inproceedings{92d92db8e6b148c1af29a767040409f1,
title = "Secure Normal Form: Mediation among Cross Cryptographic Leakages in Encrypted Databases",
abstract = "Existing secure data outsourcing systems offer users ways to select from different cryptographic primitives supported by the system to encrypt their data to strike a balance between data confidentiality and query performance. Though prior work have identified the danger of mixing cryptographic primitives, they fall short of providing a systematic approach to guide users to prevent such cross-cryptographic leakages. Inspired by the database design theory, we envision Secure Normal Form, a new approach to normalize encrypted databases such that the leakages of the partitioned databases are limited to the users' specifications. In this work, we propose a new architecture to support secure normal form. This system includes several new components for secure data outsourcing: (i) an inference mechanism that reasons about additional leakages from weaker encryption techniques, based on semantic data properties (e.g., dependence between attribute values); (ii) a normalization mechanism that converts relational data into secure normal forms, so that the information leaked by the representation is limited to that specified by the user; and (iii) a secure query execution approach over encrypted data in secure normal forms. Our initial experimental results validate the performance improvement over na{\"i}ve baseline and show that a careful data representation can be allowed without compromising security. We believe that our paper opens a new direction in secure data management.",
keywords = "Encryption, Holistic Leakage Accounting, Inference Control, Secure Data Management",
author = "Shufan Zhang and Xi He and Ashish Kundu and Sharad Mehrotra and Shantanu Sharma",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 40th IEEE International Conference on Data Engineering, ICDE 2024 ; Conference date: 13-05-2024 Through 17-05-2024",
year = "2024",
doi = "10.1109/ICDE60146.2024.00444",
language = "English (US)",
series = "Proceedings - International Conference on Data Engineering",
publisher = "IEEE Computer Society",
pages = "5560--5573",
booktitle = "Proceedings - 2024 IEEE 40th International Conference on Data Engineering, ICDE 2024",
address = "United States",
}