SemCrypt - Ensuring Privacy of Electronic Documents through Semantic-based Encrypted Query Processing

Project SemCrypt explores techniques for processing queries and updates over encrypted XML documents stored at an XML document storage provider, without the need to decrypt data at the server but only at the client. Queries and update processing are shared between client and server, where as much as possible of the query/update is processed at the server, with decryption/encryption being performed only at the client. Rather than developing special encryption techniques for XML documents, the chosen approach exploits the structural semantics of XML documents and uses standard encryption techniques. The semantic-based solution is orthogonal to encryption techniques employed and, thus, widely applicable and independent of general technological advances in encryption.

Servers provide special storage and access structures for storing encrypted fragments of XML documents. Clients exploit these special storage and access structures according to the given document’s structural semantics, which is known solely to them, but not to the server. With neither the document structure nor the document content being disclosed at the server, the server need not be trusted with respect to maintaining privacy of data. Query and update statements, written as if against a plain XML document, are mapped by the client to corresponding access primitives against the encrypted XML fragments held at the server. The techniques are demonstrated by a corresponding "proof-of-concept" prototype currently under development.