"Improving Security of Order-Preserving Encryption and Its Applications" by Ning Shen

Publication Date

12-2023

Date of Final Oral Examination (Defense)

August 2023

Type of Culminating Activity

Dissertation

Degree Title

Doctor of Philosophy in Computing

Department Filter

Computer Science

Department

Computer Science

Supervisory Committee Chair

Jyh-Haw Yeh, Ph.D.

Supervisory Committee Member

Gaby Dagher, Ph.D.

Supervisory Committee Member

Liljana Babinkostova, Ph.D.

Abstract

Encryption is an important tool to protect data confidentiality and privacy. One important practice of computation primitives is encrypting data with Order-Preserving Encryption (OPE). Order-Preserving Encryption is an encryption algorithm that allows the ciphertexts to preserve the same order of plaintext and it is very useful for range queries in databases and other applications. However, OPE has certain security vulnerabilities, such as it may leak sensitive information other than the ordering. Currently, the application of OPE is also limited, which is primarily used in the encryption of outsourced databases.

Due to the OPE’s security concern and limited usage, this dissertation focuses on improving the security of OPE algorithms and extending OPE’s user scenarios to more applications. Chapter one gives an introduction to this research, as well as the research objectives and contribution of the work. Chapter two gives the background of this research. It contains a synthesis of literature on the security of OPE algorithms and the backgrounds of the proposed applications where OPE can be applied. From Chapter three to Chapter five, I describe the three themes of my research in detail. To improve the security of the OPE algorithms, Chapter four presents a new practical and secure OPE algorithm. The new algorithm compensates for the security weakness while it remains efficient. To apply OPE to more applications, I propose two schemes which utilize OPE algorithms to solve real word problems in Chapter three and five. One scheme uses OPE to protect the completeness of outsourced databases, while the other one makes use of OPE to implement a privacy-preserving Location-Based Service (LBS) protocol which allows the clients to query the nearby Points of Interest (POIs). Both of these schemes outperform existing approaches in different key metrics, highlighting their contributions. In Chapter six, a summary of the three studies is presented, outlining their practical implications and identifying areas that warrant further research.

DOI

https://doi.org/10.18122/td.2196.boisestate

Share

COinS