Abstract: Secure substring searching on encrypted data may involve a first preprocessing comprising fragmenting a plaintext string slated for remote secure storage, in a plurality of overlapping plaintext substrings. A second preprocessing encrypts these substrings into ciphertexts (e.g., utilizing Frequency-Hiding Order Preserving Encryption) further including position information of the substring. A search index and a secret state result from the first and second preprocessing. The ciphertexts and search index are outsourced to a database within an unsecure server. An engine within the server determines candidate ciphertexts matching a query request received from a secure client. The engine returns ciphertexts to the client for decryption according to the secret state. Preprocessing may be delegated to a third party for outsourcing search index/ciphertexts to the server, and the secret state to the client.

Abstract: Embodiments allow join operations to be performed upon encrypted database tables stored on an unsecure server (e.g., as part of a DBaaS offering), with reduced information leakage. Such secure join operations may be implemented through the combination of two cryptographic techniques: non-deterministic (randomized) searchable encryption; and attribute based encryption. The searchable encryption (e.g., Symmetric Searchable Encryption: SSE) allows join values to be revealed only for rows fulfilling additional predicate attributes that the client has filtered for, thereby offering fine granular security. The attribute based encryption (e.g., Key-Policy Attribute-Based Encryption: KP-ABE) avoids the unmanageable consumption of memory that would otherwise result from the creation of intermediate constructions on the server. Embodiments offer a solution reducing information leakage of join values not contained in the result of the actual database query.

Abstract: Embodiments allow join operations to be performed upon encrypted database tables stored on an unsecure server (e.g., as part of a DBaaS offering), with reduced information leakage. Such secure join operations may be implemented through the combination of two cryptographic techniques: non-deterministic (randomized) searchable encryption; and attribute based encryption. The searchable encryption (e.g., Symmetric Searchable Encryption: SSE) allows join values to be revealed only for rows fulfilling additional predicate attributes that the client has filtered for, thereby offering fine granular security. The attribute based encryption (e.g., Key-Policy Attribute-Based Encryption: KP-ABE) avoids the unmanageable consumption of memory that would otherwise result from the creation of intermediate constructions on the server. Embodiments offer a solution reducing information leakage of join values not contained in the result of the actual database query.

Abstract: Secure substring searching on encrypted data may involve a first preprocessing comprising fragmenting a plaintext string slated for remote secure storage, in a plurality of overlapping plaintext substrings. A second preprocessing encrypts these substrings into ciphertexts (e.g., utilizing Frequency-Hiding Order Preserving Encryption) further including position information of the substring. A search index and a secret state result from the first and second preprocessing. The ciphertexts and search index are outsourced to a database within an unsecure server. An engine within the server determines candidate ciphertexts matching a query request received from a secure client. The engine returns ciphertexts to the client for decryption according to the secret state. Preprocessing may be delegated to a third party for outsourcing search index/ciphertexts to the server, and the secret state to the client.