privacy preserving query processing over encrypted data
play

Privacy-Preserving Query Processing over Encrypted Data in Cloud - PowerPoint PPT Presentation

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer


  1. Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer Science Emory University October 31, 2016 Yousef M. Elmehdwi Privacy-Preserving Query Processing 1 / 57

  2. Motivation Two-Cloud Setting Cloud Computing PP k NN Classification Computation over Encrypted Data Conclusion and Future Research Cloud Computing Definition Type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications Outsourcing Data owner outsources its data as well as processing functionalities to a cloud Reduced management cost, less overhead of data storage, and improved quality of service Key Challenge Cloud cannot be fully trusted Protect data confidentiality query privacy, and data access patterns Yousef M. Elmehdwi Privacy-Preserving Query Processing 2 / 57

  3. Motivation Two-Cloud Setting Cloud Computing PP k NN Classification Computation over Encrypted Data Conclusion and Future Research Cloud Computing 2 How to Ensure Data Confidentiality Data owners encrypt their data before outsourced to a cloud Key challenge: query processing over encrypted data without the cloud ever decrypting the data Yousef M. Elmehdwi Privacy-Preserving Query Processing 3 / 57

  4. Motivation Two-Cloud Setting Cloud Computing PP k NN Classification Computation over Encrypted Data Conclusion and Future Research Computing on Encrypted Data Basic idea Party P 1 sends encrypted data to party P 2 Party P 2 performs some computation and returns the encrypted result to party P 1 Party P 1 decrypts to find out the answer Ways to perform computations on encrypted data Fully homomorphic encryption (impractical) Additive/Multiplicative homomorphic encryption schemes (Additive adopted in this work) Yousef M. Elmehdwi Privacy-Preserving Query Processing 4 / 57

  5. Motivation Two-Cloud Setting Cloud Computing PP k NN Classification Computation over Encrypted Data Conclusion and Future Research The Goal of this Work Develop distributed protocols to allow the cloud to perform queries directly over encrypted data During query processing, the cloud cannot infer any information about the outsourced data, the user queries, or data access patterns Such a protocol is termed as privacy-preserving query processing (PPQP) Yousef M. Elmehdwi Privacy-Preserving Query Processing 5 / 57

  6. Motivation Two-Cloud Setting Cloud Computing PP k NN Classification Computation over Encrypted Data Conclusion and Future Research Desired Output and Security Guarantee Basic formulation � � � C : T ′ � , � Bob : q � → � Bob : q out � PPQP Input - T ′ denotes the encrypted database and q the user query Output- q out denotes set of records that satisfies q Security requirements Data confidentiality and query privacy 1 Privacy/Hide data access patterns 2 Output security 3 Information that can be inferred from input/output is not a security 4 violation Other desirable requirements End-user efficiency and correctness 1 Yousef M. Elmehdwi Privacy-Preserving Query Processing 6 / 57

  7. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Example: Insurance Company Yousef M. Elmehdwi Privacy-Preserving Query Processing 8 / 57

  8. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Two-Cloud Environment Basic Assumptions Existence of two cloud service providers denoted by C 1 and C 2 (e.g., Google and Amazon) Alice owns a database T of n records t 1 , . . . , t n and m attributes Alice generates two keys ( pk , sk ) based on the AH-E NC system Alice encrypts T attribute-wise, and sends the encrypted database T ′ to C 1 and sk to C 2 Bob wants to execute his input query q = � q 1 , . . . , q m � on T ′ in the cloud in a privacy-preserving manner C 1 is the data host, who stores all uploaded (encrypted) data T ′ C 2 is called the key holder since it stores Alice’s private key sk Yousef M. Elmehdwi Privacy-Preserving Query Processing 9 / 57

  9. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Architecture of Two-Cloud Setting Based Solution Yousef M. Elmehdwi Privacy-Preserving Query Processing 10 / 57

  10. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Adopted Security Model More realistic model: Secure multiparty computation (SMC) Parties collaboratively compute the functionality in a secure fashion without using a trusted third party In SMC, security means guaranteeing the correctness of the output as well as the privacy of the parties’ inputs Yousef M. Elmehdwi Privacy-Preserving Query Processing 11 / 57

  11. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Adopted Adversarial Model Adversarial model Generally specifies what an adversary or attacker is allowed to do during an execution of a secure protocol Common adversary models under SMC Semi-honest: follow the protocol faithfully, but can try to infer the secret information of the other parties from the data they see during the protocol execution Malicious: may do anything to infer secret information (e.g., input modification, sending the wrong values) In our work, we adopt the semi-honest adversary model Yousef M. Elmehdwi Privacy-Preserving Query Processing 12 / 57

  12. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Justification of Use of Semi-Honest Model Two reasons for adopting Semi-Honest Model Developing protocols under the semi-honest setting is an important first step towards constructing protocols with stronger security guarantees Both C 1 and C 2 were assumed to be two cloud service providers. Today, cloud service providers in the market are legitimate, well-known companies (e.g., Amazon, Google, and Microsoft). These companies maintain reputations that are invaluable assets that need to be protected at all costs. Thus, a collusion between them is highly unlikely as it will damage their reputation, which, in turn, affects their revenues. Yousef M. Elmehdwi Privacy-Preserving Query Processing 13 / 57

  13. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Additive Homomorphic Probabilistic Encryption E pk and D sk be the encryption and decryption functions. Given m 1 , m 2 ∈ Z N , the AH-E NC system exhibits the following properties. Homomorphic Addition � � � � E pk ( m 1 + m 2 ) = D sk E pk ( m 1 ) ∗ E pk ( m 2 ) D sk Homomorphic Multiplication Given a constant c and a ciphertext E pk ( m 1 ) E pk ( m 1 ) c � � � � E pk ( c ∗ m 1 ) = D sk D sk Probabilistic Let c 1 = E pk ( m 1 ) and c 2 = E pk ( m 2 ) Probability for c 1 � = c 2 is very high even if m 1 = m 2 Semantic Security Given E pk ( m 1 ) , an adversary cannot derive any information about m 1 Yousef M. Elmehdwi Privacy-Preserving Query Processing 14 / 57

  14. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Sub-protocol Secure Multiplication (SM) �� � � �� → �� C 1 : E pk ( a ∗ b ) � , � C 2 : ∅� � SM C 1 : E pk ( a ) , E pk ( b ) , C 2 : sk Input : E pk ( a ) , E pk ( b ) , and private key sk Output : encryption of a ∗ b Secure Squared Euclidean Distance (SSED) C 1 : E pk ( | X − Y | 2 ) �� � � �� �� � � SSED C 1 : E pk ( X ) , E pk ( Y ) , C 2 : sk → , � C 2 : ∅� Input : X and Y are m -dimensional vectors, and private key sk , where E pk ( X ) = � E pk ( x 1 ) , . . . , E pk ( x m ) � , E pk ( Y ) = � E pk ( y 1 ) , . . . , E pk ( y m ) � Output : encryption of squared Euclidean distance between X and Y Yousef M. Elmehdwi Privacy-Preserving Query Processing 15 / 57

  15. Motivation Overview Two-Cloud Setting Security model PP k NN Classification Privacy-preserving primitives Conclusion and Future Research Proving Security of SM Sub-Protocols 2 Secure Bit-OR (SBOR) �� � � �� �� � � C 1 : E pk ( o 1 ) , E pk ( o 2 ) C 2 : sk → C 1 : E pk ( o 1 ∨ o 2 ) , � C 2 : ∅� SBOR , Input : o 1 and o 2 are two bits, and sk is private key sk Output : encryption of the boolean OR operation between o 1 and o 2 Secure Bit-Decomposition (SBD) �� � � �� �� � � SBD C 1 : E pk ( z ) , C 2 : sk → C 1 : [ z ] , � C 2 : ∅� Input : E pk ( z ) such that 0 ≤ z < 2 l and sk is private key � � Output : [ z ] = E pk ( z 1 ) , . . . , E pk ( z l ) SBD: Example � � � � Let z = 5, l = 3. SBD E pk ( 5 ) , sk → [ z ] = E pk ( 1 ) , E pk ( 0 ) , E pk ( 1 ) Yousef M. Elmehdwi Privacy-Preserving Query Processing 16 / 57

Recommend


More recommend