Secure Joins with MapReduce Xavier Bultel 1 Radu Ciucanu 2 Matthieu Giraud 3 Pascal Lafourcade 3 Lihua Ye 4 1 IRISA, Univerist´ e de Rennes 1, France 2 INSA, Universit´ e Orl´ eans, France 3 LIMOS, Universit´ e Clermont Auvergne, France 4 Harbin Institute of Technology, China Foundations & Practice of Security – November 13, 2018
Joins Name City Name Disease Alice Montreal Alice Diabetes ⊲ ⊳ Bob London Bob Flu Cesar Tokyo Bob Cancer = Name City Disease Alice Montreal Diabetes Bob London Flu Bob London Cancer
Cascade Joins Name City Alice Montreal R 1 = Bob London Cesar Tokyo Name Disease Alice Diabetes R 2 = Bob Flu Bob Cancer Disease Specialist R 3 = Cancer Hopkins Diabetes Jude
Cascade Joins Name City Alice Montreal R 1 = Bob London 1 R 1 ⊲ ⊳ R 2 = Cesar Tokyo Name City Disease Alice Montreal Diabetes Bob London Flu Name Disease Bob London Cancer Alice Diabetes R 2 = Bob Flu Bob Cancer Disease Specialist R 3 = Cancer Hopkins Diabetes Jude
Cascade Joins Name City Alice Montreal R 1 = Bob London 1 R 1 ⊲ ⊳ R 2 = Cesar Tokyo Name City Disease Alice Montreal Diabetes Bob London Flu Name Disease Bob London Cancer Alice Diabetes R 2 = Bob Flu Bob Cancer 2 ( R 1 ⊲ ⊳ R 2 ) ⊲ ⊳ R 3 = Name City Disease Specialist Disease Specialist Alice Montreal Diabetes Jude Bob London Cancer Hopkins R 3 = Cancer Hopkins Diabetes Jude
Hypercube Joins Relation R 1 : Cancer ( R 1 , t 1 ) ( R 1 , t 2 ) ( R 1 , t 3 ) ( R 3 , t 7 ) t 1 = (Alice , Montreal) ( R 2 , t 6 ) ( R 3 , t 7 ) t 2 = (Bob , London) t 3 = (Eve , Tokyo) Disease (0 , 1) (1 , 1) Relation R 2 : t 4 = (Alice , Diabetes) ( R 1 , t 1 ) ( R 1 , t 2 ) Diab., Flu t 5 = (Bob , Flu) ( R 1 , t 3 ) ( R 3 , t 8 ) ( R 2 , t 4 ) ( R 2 , t 5 ) t 6 = (Bob , Cancer) ( R 3 , t 8 ) Relation R 3 : t 7 = (Cancer , Hopkins) (0 , 0) (1 , 0) t 8 = (Diabetes , Jude) Eve Alice, Bob Name
MapReduce Input 1 Input 2 Input 3 Partitioning input data Scheduling program execution on machines Map 1 Map 2 Map 3 Performing the shuffle | | | Handling machine failures Shuffle Programmer gives: Reduce 1 Reduce 2 Input files Map and Reduce Output 1 Output 2
Joins with MapReduce Cascade Joins n relations ⇒ n − 1 MapReduce rounds Public Cloud User’s Domain 1 st round 2 nd round n -1 th round User R 1 Q 2 Q 3 Q n − 1 Q n U R 1 ⊲ ⊳ R n ⊳ . . . ⊲ R 2 R 3 R 4 R n
Joins with MapReduce Hypercube Joins n relations ⇒ 1 MapReduce round Public Cloud User’s Domain User R 1 , R 2 , R 3 U R 1 ⊲ ⊳ R 2 ⊲ ⊳ R 3
Security Model Cloud is honest-but-curious R 1 , . . . , R n ⊳ i R i ⊲ Cloud Data owner User Security properties Secrecy of R 1 , . . . , R n and ⊲ ⊳ i R i User queries ⊲ ⊳ i R i but cannot learn R 1 , . . . , R n
Contributions Secure MapReduce Algorithms Cascade Hypercube Secure-Private (SP) approach Cloud nodes do not learn R 1 , . . . , R n Cloud nodes do not learn ⊲ ⊳ i R i Collision-Resistant-Secure-Private (CRSP) approach Prevent collision between cloud and user
Outline 1 Cryptographic tools 2 Secure Joins with MapReduce 3 Security & Performances 4 Conclusion
Outline 1 Cryptographic tools 2 Secure Joins with MapReduce 3 Security & Performances 4 Conclusion
Pseudo-Random Function Definition f : K × D → R Deterministic Indistinguishable from a random function Notation f k ( m ) = f ( k , m )
Public-Key Encryption Definition ( pk , sk ) ← G ( λ ) c ← E pk ( m ) m ← D sk ( c ) D sk ( E pk ( m )) = m Notation { m } = E pk ( m )
Outline 1 Cryptographic tools 2 Secure Joins with MapReduce 3 Security & Performances 4 Conclusion
SP Preprocessing Example Name City f k (Name) { Name } { City } Alice Montreal ˆ f k (Alice) { Alice } { Montreal } R 1 = ⇒ R 1 = Bob London f k (Bob) { Bob } { London } Cesar Tokyo f k (Cesar) { Cesar } { Tokyo } Name Disease f k (Name) f k (Disease) { Disease } Alice Diabetes f k (Alice) f k (Diabetes) { Diabetes } ˆ R 2 = ⇒ R 2 = Bob Flu f k (Bob) f k (Flu) { Flu } Bob Cancer f k (Bob) f k (Cancer) { Cancer } Disease Specialist f k (Disease) { Specialist } ˆ R 3 = ⇒ R 3 = Cancer Hopkins f k (Cancer) { Hopkins } Diabetes Jude f k (Diabetes) { Jude }
SP Cascade ( ˆ ⊳ ˆ ⊳ ˆ R 2 ) ⊲ R 1 ⊲ R 3 f k (Name) { Name } { City } f k (Name) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer }
SP Cascade ( ˆ ⊳ ˆ ⊳ ˆ R 2 ) ⊲ R 1 ⊲ R 3 f k (Name) { Name } { City } f k (Name) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer } f k ( Name ) { Name } { City } f k ( Name ) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer }
SP Cascade ( ˆ ⊳ ˆ ⊳ ˆ R 2 ) ⊲ R 1 ⊲ R 3 f k (Name) { Name } { City } f k (Name) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer } f k ( Name ) { Name } { City } f k ( Name ) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer } f k (Name) { Name } { City } f k ( Disease ) { Disease } f k ( Disease ) { Specialist } f k (Alice) { Alice } { Montreal } f k (Diab.) { Diab. } ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Flu) { Flu } f k (Diab.) { Jude } f k (Bob) { Bob } { London } f k (Cancer) { Cancer }
SP Cascade ( ˆ ⊳ ˆ ⊳ ˆ R 2 ) ⊲ R 1 ⊲ R 3 f k (Name) { Name } { City } f k (Name) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer } f k ( Name ) { Name } { City } f k ( Name ) f k (Disease) { Disease } f k (Disease) { Specialist } � � f k (Alice) { Alice } { Montreal } f k (Alice) f k (Diab.) { Diab. } ⊲ ⊳ ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Bob) f k (Flu) { Flu } f k (Diab.) { Jude } f k (Cesar) { Cesar } { Tokyo } f k (Bob) f k (Cancer) { Cancer } f k (Name) { Name } { City } f k ( Disease ) { Disease } f k ( Disease ) { Specialist } f k (Alice) { Alice } { Montreal } f k (Diab.) { Diab. } ⊲ ⊳ f k (Cancer) { Hopkins } f k (Bob) { Bob } { London } f k (Flu) { Flu } f k (Diab.) { Jude } f k (Bob) { Bob } { London } f k (Cancer) { Cancer } f k (Name) { Name } { City } f k (Disease) { Disease } { Specialist } f k (Alice) { Alice } { Montreal } f k (Diab.) { Diab. } { Jude } f k (Bob) { Bob } { London } f k (Cancer) { Cancer } { Hopkins }
SP Cascade Map function � � If i = 1: emit 2 ( t ) , ( Q 1 , t r ) π Q f 1 ∩ R f � � Else: emit π Q f i +1 ( t ) , ( R i +1 , t q ) i ∩ R f Reduce function � � If i � = n − 1: emit i +2 ( t r × t q ) , t r × t q π Q f i +1 ∩ R f Else: emit ( t r × t q , t r × t q )
SP Hypercube f k (Cancer) Relation R 1 : ( R 1 , t 1 ) ( R 1 , t 2 ) ( R 1 , t 3 ) ( R 3 , t 7 ) t 1 = ( f k (Alice) , { Alice } , { Montreal } ) ( R 2 , t 6 ) ( R 3 , t 7 ) t 2 = ( f k (Bob) , { Bob } , { London } ) Disease t 3 = ( f k (Eve) , { Eve } , { Tokyo } ) (0 , 1) (1 , 1) Relation R 2 : f k (Diab.), f k (Flu) t 4 = ( f k (Alice) , f k (Diab.) , { Diab. } ) ( R 1 , t 1 ) ( R 1 , t 2 ) t 5 = ( f k (Bob) , f k (Flu) , { Flu } ) ( R 1 , t 3 ) ( R 3 , t 8 ) ( R 2 , t 4 ) ( R 2 , t 5 ) t 6 = ( f k (Bob) , f k (Cancer) , { Cancer } ) ( R 3 , t 8 ) Relation R 3 : (0 , 0) (1 , 0) t 7 = ( f k (Cancer) , { Hopkins } ) t 8 = ( f k (Diab.) , { Jude } ) f k (Eve) f k (Alice), f k (Bob) Name
SP Hypercube Map function � � ( h 1 ( π X f 1 ( t r )) , . . . , h d ( π X f d ( t r ))) , t r emit Reduce function emit ( t , t )
CRSP Approach ⋉ · · · ⋊ R 1 ⋊ ⋉ R n Proxy Public Cloud R i Data owner User E pk P ( { m } ) = E pk P ( E pk U ( m ))
Recommend
More recommend
