360 likes | 618 Views
Privacy Preserving Query Processing in Cloud Computing. Wen Jie 2011-5-27. Outline. Background Privacy Preserving Query Processing Method Based on Privacy Homomorphism Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011)
E N D
Privacy Preserving Query Processing in Cloud Computing WenJie 2011-5-27
Outline • Background • Privacy Preserving Query Processing • Method Based on Privacy Homomorphism • Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011) • Method Based on Secret Share: • Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011) • Comparison • Conclusion
Background Background • Development of cloud computing applications • Amazon: EC2 S3 • Google: appEngine • Development of DaaS in cloud computing • Expensive hardware, software and expertise Encryption Method Secret Share Method Comparison Conclusion
Background Background • Security • Query privacy • Disclose to Cloud • Disclose to DO • Data privacy • Disclose to Cloud • Disclose to User Encryption Method Secret Share Method Query privacy Data privacy Comparison Conclusion
Background Background • Generalization Principal • Relational data: quasi-identifier • Spatial data: location cloaking • Encrypt or transform • Hashing • Space filling curves • Distributed environment • Based on Secure Multiparty Computation Encryption Method Secret Share Method Comparison Conclusion
Background Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011) Encryption Method Secret Share Method Comparison Conclusion
Preliminary • Processing Private Queries over Untrusted Data Cloud • through Privacy Homomorphism (ICDE 2011) Background • Privacy Homomorphism • Encryption transformations which map a set of operations on cleartext to another set of operations on ciphertext • Modified ASM-PH Encryption Scheme • E(e1) + E(e2) = E(e1 + e2) • E(e1) - E(e2) = E(e1 - e2) • E(e1) * E(e2) = E(e1 * e2) Encryption Method Secret Share Method Comparison Conclusion
Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 0: initialization Secret Share Method Dist(E(e1), E(e2)) = E(dist(e1, e2)) Comparison Conclusion
Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 1: local distance computation Secret Share Method Comparison Conclusion E(q) in the query Scrambling Dist(E(p), E(e1)) Dist(E(q), E(e1)) = E(dist(q, e1))
Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 2: distance decryption and recoding Secret Share Method Comparison Conclusion Decrypt to distance Recoding the distance Scrambled E(dist( p, e1))
Architecture Background • Key idea: let the client lead the distance access and keep track of traversal path Encryption Method Step 3: find next node to traverse Secret Share Method Comparison Conclusion Recoded distance
Local Distance Computation of Minimum Square Distance Background • Distance between query point q and an index entry [l, u] Encryption Method Secret Share Method Comparison Conclusion
Scrambling Background • Notice: • Real distances • Monotonic: distance compare • Two scrambling functions • Sign computation • E(s)*E(ξ) = E (s*ξ) • Receive sign(s*ξ) • Recoding • E(s1)*E(ξ) + E(s2) = E(s1*ξ+s2) • Receive recoded(s1*ξ+s2) Encryption Method Secret Share Method Comparison Depend on sign(s) Conclusion Depend on sign(s1)
Distance Decryption and Recoding Background • Decryption with E-1 (· ) • Recoding properties • Strictly monotonic • Key idea: record all existing recoded value pairs (real valued, recoded value) at cloud side • Immune to chosen ciphertext attack • Key idea: recoded values are random Encryption Method Secret Share Method Comparison Conclusion
Processing Distance Range Queries Background • Query: find all records whose distances are within r from point q Encryption Method Secret Share Method Comparison Conclusion Recoding Recoded 4r2 s1*4r2 + s2
Processing Distance Range Queries Background • Query: find all records whose distances are within r from point q Encryption Method Secret Share Method E(s1)*dist(E(e1), E(q)) + E(s2) Comparison Conclusion Recoded 4r2 Decryption Recoding
Processing Distance Range Queries Background • Query: find all records whose distances are within r from point q Encryption Method Secret Share Method Comparison Conclusion Recoded dist(e1, q) Recoded 4r2
Performance Analysis Background • Distance Range Query Performance Encryption Method Secret Share Method Comparison distance threshold Conclusion
Background Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011) Encryption Method Secret Share Method Comparison Conclusion
Preliminary • Privacy Preserving Query Processing on Secret • Share Based Data Storage (DASFAA 2011) Background • Secret share scheme • protect sensitive information by dividing the value into n shares • The scheme is called (k, n) threshold scheme if it satisfies: • k or more shares reconstruct the value • k-1 or less shares make the value completely undetermined Encryption Method Secret Share Method Comparison Conclusion
Architecture Background • Three parties • Data Owner (DO) • Database Service Provider (DSP) • Data Requestor (DR) • How it works • Delegate data (DO) • Build an index (DO) • Process a query (DR) Encryption Method Secret Share Method Comparison Conclusion Privacy preserving index
Secret Share Scheme Background • A share is the result value y • Given known x1 x2 … xn , n shares are y1 y2 … yn . • Any k pairs of (x1, y1), (x2, y2)… (xk, yk) can reconstruct the above polynomial Real value Encryption Method Secret Share Method Comparison Conclusion
Data Division Background • Data Division at DO with (3, 5) threshold scheme • Randomly choose a polynomial on finite domain F103 • Choose a minimum generator = 5 X = {5, 25, 22, 7, 35} • Share(20, 1) = 82; Share(20, 2) = 79; Share(20, 3) = 14; Share(20, 4) = 87; Share(20, 5) = 102 Encryption Method Secret Share Method Comparison Conclusion
Data Division Background Encryption Method Secret Share Method DSP1 DSP5 Comparison Conclusion DSP4 DSP2 DSP3
Data Reconstruction Background • Private Data Reconstruction at DR • DR needs at least k shares of the value • Lagrange interpolation to reconstruct the polynomial Encryption Method Secret Share Method Comparison Conclusion
Storage Model Background • All relations like R(A1, A2, … ,Am) are stored into n DSPs in the form of following relation: Encryption Method Secret Share Method Source attribute Comparison Conclusion key attribute
Key Generation Function Background • Key value = bucket_id || encrypted_sal • Bucket_id makes sure that values are in order • Use a symmetric algorithm DES and the random key to encrypt salary value Encryption Method Secret Share Method Comparison Conclusion
Index Creation Function Background • B+ index Encryption Method Secret Share Method Comparison Conclusion
Query Processing Background • Employee name and salary are both divided into n shares SELECT name FROM Employees WHERE salary = 35 Encrypt 35 using DES scheme into h8jbka8g Search in metedata for key_sal: 128h8jbka8g search index on attribute key_sal K sub queries reconstruct name from k shares Encryption Method Secret Share Method Comparison Conclusion
Experiments Evaluation Background • Security analysis • DSPs collude with each other • DR colludes with at least k DSPs Encryption Method Secret Share Method Comparison Conclusion
Experiments Evaluation Background • Efficiency Evaluation • Time comparison between hash based searching and index based searching Encryption Method Secret Share Method Comparison Conclusion
Experiments Evaluation Background • Efficiency Evaluation • Time comparison between encryption and polynomial computation • Data extension and tuple size Encryption Method Secret Share Method Comparison Conclusion
Comparison Background Encryption Method Secret Share Method Comparison Conclusion
Conclusion Background • PH Encryption Method • Low efficiency • Data privacy preservation • Query privacy preservation • Secret Share Method • High efficiency • Data privacy preservation • Query privacy leak when DO colludes with cloud Encryption Method Secret Share Method Comparison Conclusion
Q&A? Thank you~