New attacks on secret sharing-based data outsourcing: toward a resistant scheme

In this paper, two new practical attacks on some secret sharing-based data outsourcing schemes are first introduced, and several other security and performance issues with the existing schemes are also explored. The existing and new attacks exploit the information about the share range boundaries or the correspondences between the secret values and shares. A range expansion technique is then proposed to thwart one of the attacks. It expands the ranges in every range predicate in the submitted queries in order to hide the share range boundaries from any query observer. Next, a mapping method is proposed to thwart the other attacks. It maps each secret value to a mapping value using a secret one-to-many mapping with a finite set of linear mapping rules so that the tuples of shares are generated from the mapping values rather than directly from the secret values. The proposed mapping method works as an additional layer of security and addresses any attack based on the correspondences between the secret values and shares. At the same time, it preserves the homomorphism property of secret sharing. Finally, a new secure data outsourcing scheme is elaborated on secret sharing, the proposed mapping method, and the proposed range expansion technique. The proposed scheme is resistant to various attacks and also some inferences. It supports the fully server-side or a partially server-side query execution of most types of queries. The experimental results confirm that the proposed scheme is quite practical and efficient.