1 / 38

Multi-Dimensional Range Query over Encrypted Data

Multi-Dimensional Range Query over Encrypted Data. Authors: Elaine Shi, John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides borrowed from Michael Chen and revised. Motivation - Network Audit Logs. Network gateway. Data center. An Ideal Solution. Network gateway. Data center.

spencer
Download Presentation

Multi-Dimensional Range Query over Encrypted Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides borrowed from Michael Chen and revised

  2. Motivation - Network Audit Logs Network gateway Data center

  3. An Ideal Solution Network gateway Data center

  4. Auditor Query: (100 · port · 200) Æ ( ip 2 128.1.*.*) Trusted authority auditor

  5. Auditor Query: (100 · port · 200) Æ ( ip 2 128.1.*.*) Capability: (100 · port · 200) Æ ( ip 2 128.1.*.*) Trusted authority auditor

  6. Security Query: (100·port ·200) Æ (ip 2128.1.*.*) • Can decrypt all matching entries • Cannot learn additional information for non-matching entries • Except for the fact that they do not match

  7. The Challenges • Current practices: • No encryption • All-or-nothing decryption • Challenge: • How to design such an encryption scheme • Efficiency • Security

  8. Related work • Search on encrypted data (SoE) • Not clear if can be extended to range query over multiple attributes. • Anonymous hierarchical IBE (AHIBE) • Could be used to implement MRQED, encryption cost O(TD) • Concurrent work • BonehWaters06: Complex query over encrypted data. More expensive public key size, encryption cost, cheaper decryption cost and shorter decryption key size.

  9. Different from general DB range query • Data is discrete (a small cardinality) • Search is still linear scan • Need to check multiple decrypt keys • Multiple linear scans

  10. Generalized Problem Definition • Time-stamp t, source address a, destination port p • A tuple (t, a, p) can be viewed as a point x in 3 dimensional space. • Query for flows with • Hyper-rectangle B in space • x is in B ?

  11. Generalized Problem Definition • KeyGen • Key generation • Encrypt • Encryption • DeriveKey • Compute a decryption key • QueryDecrypt • Attempt to decrypt using a capability

  12. KeyGen (, n) • Input • k: security parameter • n: bit-length of x • Output • public key PK & master private key SK KeyGen(, n) Trusted authority

  13. Encrypt(PK, x, msg) x: a point Cipher_Text à Encrypt(PK, x, msg)

  14. DeriveKey(PK, SK, B ) DKB t1 B : “hyper-rectangle” t2 r1 r2

  15. QueryDecrypt(PK, DK, C) • Output • msg if • if

  16. Roadmap • Trivial construction • AIBE – MRQED1 • Efficient representation for ranges • 1 dimensional scheme • Extension to multiple dimensions

  17. Trivial Construction • 1 dimensionOne public key pair for each possible range - O(T2) public key pairs - O(T2) cipher texts and decryption keys for each range: the same message is encrypted many times! Performance of D dimensions T: # different values along each dimension D: # dimensions

  18. Roadmap • Trivial construction • AIBE – MRQED1 • Efficient representation for ranges • 1 dimensional scheme • Extension to multiple dimensions

  19. Identity based encryption (IBE) Master PK + ID (e.g., a string)  ID-specific PK ID + SK_manager  ID-specific SK Benefit: needs only to maintain one MasterPK; can invalidate the specific ID at anytime. For details of IBE, check • Dan Boneh and Matthew Franklin. Identity-based encryption from the weil pairing. SIAM J. Comput., 32(3):586–615, 2003.

  20. AIBE – MRQED1 • Try to decrease storage and computation cost • Efficient representation of range: - Define Interval Tree tr(T) as a binary tree over [1, T], each node represents a range - ith leaf node: cv(ID) = i - non-leaf node: cv(ID) = cv(ID1) U cv(ID2) in which ID1 & ID2 are its children nodes

  21. AIBE – MRQED1– cont’d • Set of IDs covering a point x - if , ID covers x if . - Define P(x) to be the set such IDs. - P(x) includes all nodes on the path from leaf x to root. • Range as a collection of IDs - Define (s, t) to be the minimum set of nodes that cover range [s, t].

  22. AIBE – MRQED1– cont’d [0, 7] [0, 3] [4, 7] [0, 1] [2, 3] [4, 5] [6, 7] 0 1 2 3 4 5 6 7 [1, 7]

  23. AIBE – MRQED1: Encrypt C0=Encrypt(PK, IDA, msg) A C1=Encrypt(PK, IDB, msg) B C2 C3 0 1 2 3 4 5 6 7

  24. AIBE – MRQED1: Encrypt C0 O(logT) ciphertext size C1 C2 C3 0 1 2 3 4 5 6 7

  25. AIBE – MRQED1: DeriveKey 0 1 2 3 4 5 6 7 [2, 6]

  26. AIBE – MRQED1: DeriveKey [2, 3] [4, 5] [6, 6] 0 1 2 3 4 5 6 7 [2, 6]

  27. AIBE – MRQED1: DeriveKey SK SK SK 0 1 2 3 4 5 6 7 [2, 6]

  28. AIBE – MRQED1: DeriveKey O(logT) decryption key size SK SK SK 0 1 2 3 4 5 6 7 [2, 6]

  29. Observations: • If x 2 [s, t], then | P(x)Å(s, t) | = 1 • If x2[s, t], P(x) Å(s, t)=; AIBE – MRQED1: QueryDecrypt

  30. AIBE – MRQED1: Decrypt C0 C1 C2 C3 0 1 2 3 4 5 6 7

  31. AIBE – MRQED1: Decrypt C0 C1 SK SK C2 SK C3 0 1 2 3 4 5 6 7 [2, 6]

  32. AIBE – MRQED1: Decrypt C0 C1 C2 C3 0 1 2 3 4 5 6 7

  33. AIBE – MRQED1: Decrypt C0 C1 SKB C2 C3 0 1 2 3 4 5 6 7 [0, 3]

  34. AIBE – MRQED1: Decrypt C0 C1 SKB C2 C3 0 1 2 3 4 5 6 7 [4, 7]

  35. AIBE – MRQED1: Performance T: # different values along each dimension D: # dimensions

  36. AIBE – MRQEDD – Encryption D = 2 dimensional example To encrypt point x = (3,5)

  37. AIBE – MRQEDD – DeriveKey Query range: [2,6] x [7,3] 1st dimension: (2, 6) 2nd dimension: (3,7)

  38. AIBE – MRQEDD Performance • O(1) PK size • O(D¢logT) • Encryption cost • Cipher Text. size • Decryption key size • O((logT)D) decrypt. cost • Good performance, but has a serious vulnerability – prone to collusion attack

More Related