Privacy Preserving Query Processing in Cloud Computing

Privacy Preserving Query Processing in Cloud Computing WenJie 2011-5-27

Outline • Background • Privacy Preserving Query Processing • Method Based on Privacy Homomorphism • Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011) • Method Based on Secret Share: • Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011) • Comparison • Conclusion

Background Background • Development of cloud computing applications • Amazon: EC2 S3 • Google: appEngine • Development of DaaS in cloud computing • Expensive hardware, software and expertise Encryption Method Secret Share Method Comparison Conclusion

Background Background • Security • Query privacy • Disclose to Cloud • Disclose to DO • Data privacy • Disclose to Cloud • Disclose to User Encryption Method Secret Share Method Query privacy Data privacy Comparison Conclusion

Background Background • Generalization Principal • Relational data: quasi-identifier • Spatial data: location cloaking • Encrypt or transform • Hashing • Space filling curves • Distributed environment • Based on Secure Multiparty Computation Encryption Method Secret Share Method Comparison Conclusion

Background Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011) Encryption Method Secret Share Method Comparison Conclusion

Preliminary • Processing Private Queries over Untrusted Data Cloud • through Privacy Homomorphism (ICDE 2011) Background • Privacy Homomorphism • Encryption transformations which map a set of operations on cleartext to another set of operations on ciphertext • Modified ASM-PH Encryption Scheme • E(e1) + E(e2) = E(e1 + e2) • E(e1) - E(e2) = E(e1 - e2) • E(e1) * E(e2) = E(e1 * e2) Encryption Method Secret Share Method Comparison Conclusion

Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 0: initialization Secret Share Method Dist(E(e1), E(e2)) = E(dist(e1, e2)) Comparison Conclusion

Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 1: local distance computation Secret Share Method Comparison Conclusion E(q) in the query Scrambling Dist(E(p), E(e1)) Dist(E(q), E(e1)) = E(dist(q, e1))

Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 2: distance decryption and recoding Secret Share Method Comparison Conclusion Decrypt to distance Recoding the distance Scrambled E(dist( p, e1))

Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 3: find next node to traverse Secret Share Method Comparison Conclusion Recoded distance

Local Distance Computation of Minimum Square Distance Background • Distance between query point q and an index entry [l, u] Encryption Method Secret Share Method Comparison Conclusion

Scrambling Background • Notice: • Real distances • Monotonic: distance compare • Two scrambling functions • Sign computation • E(s)*E(ξ) = E (s*ξ) • Receive sign(s*ξ) • Recoding • E(s1)*E(ξ) + E(s2) = E(s1*ξ+s2) • Receive recoded(s1*ξ+s2) Encryption Method Secret Share Method Comparison Depend on sign(s) Conclusion Depend on sign(s1)

Distance Decryption and Recoding Background • Decryption with E-1 (· ) • Recoding properties • Strictly monotonic • Key idea: record all existing recoded value pairs (real valued, recoded value) at cloud side • Immune to chosen ciphertext attack • Key idea: recoded values are random Encryption Method Secret Share Method Comparison Conclusion

Processing Distance Range Queries Background • Query: find all records whose distances are within r from point q Encryption Method Secret Share Method Comparison Conclusion Recoding Recoded 4r2 s1*4r2 + s2

Processing Distance Range Queries Background • Query: find all records whose distances are within r from point q Encryption Method Secret Share Method E(s1)*dist(E(e1), E(q)) + E(s2) Comparison Conclusion Recoded 4r2 Decryption Recoding

Processing Distance Range Queries Background • Query: find all records whose distances are within r from point q Encryption Method Secret Share Method Comparison Conclusion Recoded dist(e1, q) Recoded 4r2

Performance Analysis Background • Distance Range Query Performance Encryption Method Secret Share Method Comparison distance threshold Conclusion

Background Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011) Encryption Method Secret Share Method Comparison Conclusion

Preliminary • Privacy Preserving Query Processing on Secret • Share Based Data Storage (DASFAA 2011) Background • Secret share scheme • protect sensitive information by dividing the value into n shares • The scheme is called (k, n) threshold scheme if it satisfies: • k or more shares reconstruct the value • k-1 or less shares make the value completely undetermined Encryption Method Secret Share Method Comparison Conclusion

Architecture Background • Three parties • Data Owner (DO) • Database Service Provider (DSP) • Data Requestor (DR) • How it works • Delegate data (DO) • Build an index (DO) • Process a query (DR) Encryption Method Secret Share Method Comparison Conclusion Privacy preserving index

Secret Share Scheme Background • A share is the result value y • Given known x1 x2 … xn , n shares are y1 y2 … yn . • Any k pairs of (x1, y1), (x2, y2)… (xk, yk) can reconstruct the above polynomial Real value Encryption Method Secret Share Method Comparison Conclusion

Data Division Background • Data Division at DO with (3, 5) threshold scheme • Randomly choose a polynomial on finite domain F103 • Choose a minimum generator = 5 X = {5, 25, 22, 7, 35} • Share(20, 1) = 82; Share(20, 2) = 79; Share(20, 3) = 14; Share(20, 4) = 87; Share(20, 5) = 102 Encryption Method Secret Share Method Comparison Conclusion

Data Division Background Encryption Method Secret Share Method DSP1 DSP5 Comparison Conclusion DSP4 DSP2 DSP3

Data Reconstruction Background • Private Data Reconstruction at DR • DR needs at least k shares of the value • Lagrange interpolation to reconstruct the polynomial Encryption Method Secret Share Method Comparison Conclusion

Storage Model Background • All relations like R(A1, A2, … ,Am) are stored into n DSPs in the form of following relation: Encryption Method Secret Share Method Source attribute Comparison Conclusion key attribute

Key Generation Function Background • Key value = bucket_id || encrypted_sal • Bucket_id makes sure that values are in order • Use a symmetric algorithm DES and the random key to encrypt salary value Encryption Method Secret Share Method Comparison Conclusion

Index Creation Function Background • B+ index Encryption Method Secret Share Method Comparison Conclusion

Query Processing Background • Employee name and salary are both divided into n shares SELECT name FROM Employees WHERE salary = 35 Encrypt 35 using DES scheme into h8jbka8g Search in metedata for key_sal: 128h8jbka8g search index on attribute key_sal K sub queries reconstruct name from k shares Encryption Method Secret Share Method Comparison Conclusion

Experiments Evaluation Background • Security analysis • DSPs collude with each other • DR colludes with at least k DSPs Encryption Method Secret Share Method Comparison Conclusion

Experiments Evaluation Background • Efficiency Evaluation • Time comparison between hash based searching and index based searching Encryption Method Secret Share Method Comparison Conclusion

Experiments Evaluation Background • Efficiency Evaluation • Time comparison between encryption and polynomial computation • Data extension and tuple size Encryption Method Secret Share Method Comparison Conclusion

Comparison Background Encryption Method Secret Share Method Comparison Conclusion

Conclusion Background • PH Encryption Method • Low efficiency • Data privacy preservation • Query privacy preservation • Secret Share Method • High efficiency • Data privacy preservation • Query privacy leak when DO colludes with cloud Encryption Method Secret Share Method Comparison Conclusion

Q&A? Thank you~

Privacy Preserving Query Processing in Cloud Computing

Privacy Preserving Query Processing in Cloud Computing

Presentation Transcript

Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Privacy Preserving in Ubiquitous Computing: Architecture

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing

Privacy in Cloud Computing

Privacy-Preserving Multibiometric Authentication in Cloud