TY - GEN
T1 - Restricted queries over an encrypted index with applications to regulatory compliance
AU - Borisov, Nikita
AU - Mitra, Soumyadeb
PY - 2008
Y1 - 2008
N2 - Compliance storage is an increasingly important area for businesses faced with a myriad of new document retention regulations. Today, businesses have turned to Write-One Read Many (WORM) storage technology to achieve compliance. But WORM answers only a part of the compliance puzzle; in addition to guaranteed document retention, businesses also need secure indexing, to ensure auditors can find required documents in a large database, secure deletion to expire documents (and their index entries) from storage once they are past their expiry period, and support for litigation holds, which require that certain documents are retained pending the resolution of active litigation. We build upon previous work in compliance storage and attribute-based encryption to design a system that satisfies all three of these requirements. In particular, we design a new encrypted index, which allows the owner of a database of documents to grant access to only those documents that match a particular query. This enables litigation holds for expired documents, and at the same time restricts auditor access for unexpired documents, greatly limiting the potential for auditor abuse as compared to previous work. We show by way of formal security proofs that our construction is secure and that it prevents reconstruction attacks wherein the index is used to recover the contents of the document. Our experiments show that our scheme can be practical for large databases and moderate sizes of queries.
AB - Compliance storage is an increasingly important area for businesses faced with a myriad of new document retention regulations. Today, businesses have turned to Write-One Read Many (WORM) storage technology to achieve compliance. But WORM answers only a part of the compliance puzzle; in addition to guaranteed document retention, businesses also need secure indexing, to ensure auditors can find required documents in a large database, secure deletion to expire documents (and their index entries) from storage once they are past their expiry period, and support for litigation holds, which require that certain documents are retained pending the resolution of active litigation. We build upon previous work in compliance storage and attribute-based encryption to design a system that satisfies all three of these requirements. In particular, we design a new encrypted index, which allows the owner of a database of documents to grant access to only those documents that match a particular query. This enables litigation holds for expired documents, and at the same time restricts auditor access for unexpired documents, greatly limiting the potential for auditor abuse as compared to previous work. We show by way of formal security proofs that our construction is secure and that it prevents reconstruction attacks wherein the index is used to recover the contents of the document. Our experiments show that our scheme can be practical for large databases and moderate sizes of queries.
UR - http://www.scopus.com/inward/record.url?scp=45749087352&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=45749087352&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-68914-0_23
DO - 10.1007/978-3-540-68914-0_23
M3 - Conference contribution
AN - SCOPUS:45749087352
SN - 3540689133
SN - 9783540689133
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 373
EP - 391
BT - Applied Cryptography and Network Security - 6th International Conference, ACNS 2008, Proceedings
T2 - 6th International Conference on Applied Cryptography and Network Security, ACNS 2008
Y2 - 3 June 2008 through 6 June 2008
ER -