CloudDBGuard: A framework for encrypted data storage in NoSQL wide column stores

摘要

Nowadays, cloud storage providers are widely used for outsourcing data. These remote cloud servers are not trustworthy when storing sensitive data. In this article we focus on the use case of storing data in a cloud database using a particular sub-category of NoSQL databases — so-called wide column stores. Unfortunately security was not a primary concern of the NoSQL systems designers. Using encryption before outsourcing the data can provide security. Conventional encryption however limits the options for interaction because the encrypted data lacks properties of the plaintext data that the database systems rely on. Various schemes have been proposed for property-preserving encryption in order to overcome these issues, allowing a database to process queries over encrypted data. In this article we comprehensively present details of our framework CloudDBGuard that allows using property-preserving encryption in unmodified wide column stores. It hides the complexity of the encryption and decryption process and allows various adjustments on specific use cases in order to achieve a maximum of security, functionality and performance.