A Secure Method against Frequency Attack for Pattern Query on Encrypted String Data

Using database encryption to protect data in some situations where access control is not solely enough is inevitable. Database encryption provides an additional layer of protection to conventional access control techniques. It prevents unauthorized users, including intruders breaking into a network, from viewing the sensitive data. As a result data remains protected even in the event that database is successfully attacked or stolen. However, encryption and decryption of data result in database performance degradation. In the situation where all the information is stored in encrypted form, one cannot make the selection on the database content any more. Data should be decrypted first, so an unwilling tradeoff between the security and the performance is normally forced. The appropriate approaches to increase the performance are methods to deal directly with the encrypted data without firstly decrypting them. This paper introduces a secure scheme against frequency attack for pattern query on encrypted string data. Proposed scheme provides searching of arbitrary patterns in the fields´ content and supposes that the database management server is untrusted and must be prevented from viewing the sensitive data.