Get access

On The Limits of Privacy Provided by Order-Preserving Encryption



Much of the value of cloud services lies in leveraging client data, which often conflicts with the client's desire to keep that data private. Reconciling these contradictory requirements is an important research and engineering problem, whose efficient solution would have a far-reaching business impact. Generic theoretical approaches, such as fully-homomorphic encryption, are inefficient. Ad hoc approaches, such as order-preserving encryption (OPE), provide solutions to a limited class of problems (e.g., evaluating encrypted range queries). Security achieved in real systems, even if an “ideal OPE” is employed, is hard to evaluate, and is often only illusory, since the ability to order ciphertexts may reveal a lot about the underlying plaintexts. We concentrate on a typical application of OPE, encrypted searchable webmail service. We describe how the use of OPE in this setting may divulge information and discuss approaches to minimize its impact. The main avenue to improve privacy is to appropriately limit the type of interactions that should be allowed with a webmail server. © 2012 Alcatel-Lucent.

Get access to the full text of this article