CS573 Data Privacy and Security Secure data outsourcing – Combining encryption and fragmentation

Combining Fragmentation and Encryption for outsourcing Breaking sensitive associations between attributes

Confidentiality Constraints Example: constraint {DoB, Zip, Illness} – Okay to release {DoB, Zip}, {Zip}, …

Constraint Example

Basic ideas Singleton constraints – encryption Association constraints – encryption of any one attribute – Fragmentation of the attributes

Example

Fragmentation Classical distributed database design problem (vertical fragmentation) Total number of possible fragmentations given N attributes? What would be an optimal fragmentation?

Optimal fragmentation Correctly enforce constraints Maximal visibility Minimal fragmentation – Maximal attribute affinity Problem is NP hard

Algorithm without confidentiality constraints Without confidentiality constraints - Hierarchical clustering With confidentiality constraints? – {s}, {n,d}, {n,z}, {n, i}, {n, p}, {d, z, i}, {d, z, p}

References Combining fragmentation and encryption to protect privacy in data storage, TISSEC, 2010 Fragmentation design for efficient query execution over sensitive distributed databases, ICDCS, 2009