Distributed Key Management in Dynamic Outsourced Databases: a Trie-Based Approach V. El-khoury, N.Bennani Lyon University, CNRS INSA-Lyon, LIRIS, UMR5205, F-69621, France {vanessa.el-khoury, nadia.bennani}@insa-lyon.fr A. M. Ouksel The University of Illinois Dept. of Information and Decision Sciences Chicago, IL, USA aris@uic.edu Abstract The decision to outsource databases is strategic in many organizations due to the increasing costs of internally man- aging large volumes of information. The sensitive nature of this information raises the need for powerful mechanisms to protect it against unauthorized disclosure. Centralized encryption to access control at the data owner level has been proposed as one way of handling this issue. However, its prohibitive costs renders it impractical and inflexible. A distributed cryptographic approach has been suggested as a promising alternative, where keys are distributed to users on the basis of their assigned privileges. But in this case, key management becomes problematic in the face of frequent database updates and remains an open issue. In this paper, we present a novel approach based on Bi- nary Tries 1 . By exploiting the intrinsic properties of these data structures, key management complexity, and thus its cost, is significantly reduced. Changes to the Binary Trie structure remain limited in the face of frequent updates. Preliminary experimental analysis demonstrates the valid- ity and the effectiveness of our approach. 1. Introduction Outsourcing databases is becoming very popular due to the dramatic increase in the size of the databases and the costs incurred by their management. The databases are hosted by a third party [9], who then provides a "service" to clients to seamless access them. Data owners can now concentrate on their core competencies while expecting the outsourced databases to be managed by the best experts us- ing the latest innovative solutions at lower costs. This ap- 1 The Trie structure was introduced and implemented by Fredkin in 1960. The etymology of “trie” is the middle part of the term “Retrieval” and we pronounced it “try” in order to distinguish it from the word “tree”. proach, it is hoped, leads to an increase in productivity as well as cost savings. Nonetheless, outsourcing databases is beset with new challenges. Foremost is the issue of data privacy in the pres- ence of sensitive information. Most corporations view their data as very valuable assets. Therefore, it is paramount to protect these data against unauthorized access, including by the provider. Database encryption was seen as a solution to prevent exposure of sensitive information even in situa- tions where the database server is compromised. The data will be encrypted at the server side allowing only the autho- rized persons to access the plaintext form of the databases. This solution however is not satisfactory as it does not al- low access the database through ad-hoc queries. More flex- ible techniques have been proposed [2, 10, 9] based on storing additional indexing information with the encrypted database. These indexes are employed by the DBMS to enable posing queries over the encrypted data without re- vealing either the query or the data results. Figure 1 de- scribes this mechanism. First, the user sends the query to the owner who maintains the metadata needed to translate it to the appropriate representation on the server (1). Then, the transformed query is executed on the encrypted database at the server side (2). Once executed, the results are sent en- crypted to the owner who decrypts them and filters out those tuples not satisfying the user’s assigned rights (3). Finally, the results are sent to the user in plaintext (4). Figure 1: The service-provider architecture 2009 First International Conference on Advances in Databases, Knowledge, and Data Applications 978-0-7695-3550-0/09 $25.00 © 2009 IEEE DOI 10.1109/DBKDA.2009.31 56