Computationally secure DBMS based on order-preserving encryption

The paper presents a computationally secure database management system based on order-preserving encryption. The threat model is the following: the DB server is leased to the client thus the DB server is untrusted; the threat is a malicious database administrator who tries to learn private data by snooping on the DB server. To protect data confidentiality against this threat, it is proposed to execute queries over encrypted data on the untrusted server. Namely, to perform order operations on ciphertexts in the same way as on plaintexts, an order-preserving encryption, in particular mOPE scheme, is used. The mOPE scheme achieves IND-OCPA security, where an adversary learns no information about the plaintexts besides order. A MySQL plugin that implements a NoSQL protocol for MySQL server is developed. The NoSQL client/server protocol supports simple operations on private data, in particular it ranges queries over encrypted data. The protocol allows client applications to communicate remotely with MySQL storage engines.