Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Preserving Query Processing in Cloud Computing Wen Jie 2011-5-27.

Published byBeatrice Rogers Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Preserving Query Processing in Cloud Computing Wen Jie 2011-5-27."— Presentation transcript:

1 Privacy Preserving Query Processing in Cloud Computing Wen Jie 2011-5-27

2 Outline Background Privacy Preserving Query Processing ◦ Method Based on Privacy Homomorphism  Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011) ◦ Method Based on Secret Share:  Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011) Comparison Conclusion

3 Background Development of cloud computing applications ◦ Amazon: EC2 S3 ◦ Google: appEngine Development of DaaS in cloud computing Expensive hardware, software and expertise Background Secret Share Method Encryption Method Comparison Conclusion

4 Background Security ◦ Query privacy  Disclose to Cloud  Disclose to DO ◦ Data privacy  Disclose to Cloud  Disclose to User Background Secret Share Method Encryption Method Comparison Conclusion Data privacy Query privacy

5 Background Generalization Principal ◦ Relational data: quasi-identifier ◦ Spatial data: location cloaking Encrypt or transform ◦ Hashing ◦ Space filling curves Distributed environment ◦ Based on Secure Multiparty Computation Background Secret Share Method Encryption Method Comparison Conclusion

6 Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011) Background Secret Share Method Encryption Method Comparison Conclusion

7 Preliminary Privacy Homomorphism ◦ Encryption transformations which map a set of operations on cleartext to another set of operations on ciphertext ◦ Modified ASM-PH Encryption Scheme  E(e 1 ) + E(e 2 ) = E(e 1 + e 2 )  E(e 1 ) - E(e 2 ) = E(e 1 - e 2 )  E(e 1 ) * E(e 2 ) = E(e 1 * e 2 ) Background Secret Share Method Encryption Method Comparison Conclusion Processing Private Queries over Untrusted Data Cloud through Privacy Homomorphism (ICDE 2011)

8 Architecture Key idea: let the client lead the distance access and keep track of traversal path Background Secret Share Method Encryption Method Comparison Conclusion Dist(E(e 1 ), E(e 2 )) = E(dist(e 1, e 2 )) Step 0: initialization

9 Architecture Key idea: let the client lead the distance access and keep track of traversal path Background Secret Share Method Encryption Method Comparison Conclusion Step 1: local distance computation E(q) in the query Dist(E(q), E(e 1 )) = E(dist(q, e 1 ))Scrambling Dist(E(p), E(e 1 ))

10 Architecture Key idea: let the client lead the distance access and keep track of traversal path Background Secret Share Method Encryption Method Comparison Conclusion Step 2: distance decryption and recoding Scrambled E(dist( p, e 1 )) Decrypt to distanceRecoding the distance

11 Architecture Key idea: let the client lead the distance access and keep track of traversal path Background Secret Share Method Encryption Method Comparison Conclusion Step 3: find next node to traverse Recoded distance

12 Local Distance Computation of Minimum Square Distance Distance between query point q and an index entry [l, u] Background Secret Share Method Encryption Method Comparison Conclusion

13 Scrambling Notice: ◦ Real distances ◦ Monotonic: distance compare Two scrambling functions ◦ Sign computation  E(s)*E( ξ ) = E (s* ξ )  Receive sign(s* ξ ) ◦ Recoding  E(s 1 )*E( ξ ) + E(s 2 ) = E(s 1 * ξ +s 2 )  Receive recoded(s 1 * ξ +s 2 ) Background Secret Share Method Encryption Method Comparison Conclusion Depend on sign(s) Depend on sign(s 1 )

14 Distance Decryption and Recoding Decryption with E -1 (· ) Recoding properties ◦ Strictly monotonic  Key idea: record all existing recoded value pairs (real valued, recoded value) at cloud side ◦ Immune to chosen ciphertext attack  Key idea: recoded values are random Background Secret Share Method Encryption Method Comparison Conclusion

15 Processing Distance Range Queries Query: find all records whose distances are within r from point q Background Secret Share Method Encryption Method Comparison Conclusion s 1 *4r 2 + s 2 Recoding Recoded 4r 2

16 Processing Distance Range Queries Query: find all records whose distances are within r from point q Background Secret Share Method Encryption Method Comparison Conclusion Recoded 4r 2 E(s 1 )*dist(E(e 1 ), E(q)) + E(s 2 ) Decryption Recoding

17 Processing Distance Range Queries Query: find all records whose distances are within r from point q Background Secret Share Method Encryption Method Comparison Conclusion Recoded 4r 2 Recoded dist(e 1, q)

18 Performance Analysis Distance Range Query Performance Background Secret Share Method Encryption Method Comparison Conclusion distance threshold

19 Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011) Secret Share Method Encryption Method Comparison Conclusion Background

20 Preliminary Secret share scheme ◦ protect sensitive information by dividing the value into n shares The scheme is called (k, n) threshold scheme if it satisfies: ◦ k or more shares reconstruct the value ◦ k-1 or less shares make the value completely undetermined Secret Share Method Encryption Method Comparison Conclusion Background Privacy Preserving Query Processing on Secret Share Based Data Storage (DASFAA 2011)

21 Architecture Three parties ◦ Data Owner (DO) ◦ Database Service Provider (DSP) ◦ Data Requestor (DR) How it works ◦ Delegate data (DO) ◦ Build an index (DO) ◦ Process a query (DR) Secret Share Method Encryption Method Comparison Conclusion Background Privacy preserving index

22 Secret Share Scheme A share is the result value y Given known x 1 x 2 … x n, n shares are y 1 y 2 … y n. Any k pairs of (x 1, y 1 ), (x 2, y 2 )… (x k, y k ) can reconstruct the above polynomial Secret Share Method Encryption Method Comparison Conclusion Background Real value

23 Data Division Data Division at DO with (3, 5) threshold scheme ◦ Randomly choose a polynomial on finite domain F 103 ◦ Choose a minimum generator = 5 X = {5, 25, 22, 7, 35} ◦ Share (20, 1) = 82; Share (20, 2) = 79; Share (20, 3) = 14; Share (20, 4) = 87; Share (20, 5) = 102 Secret Share Method Encryption Method Comparison Conclusion Background

24 Data Division empnonamesalary 20060019Mary82 20060011John… 20050012Kate… 20050001Mike… 20040018Henry… Secret Share Method Encryption Method Comparison Conclusion Background empnonamesalary 20060019Mary79 20060011John… 20050012Kate… 20050001Mike… 20040018Henry… empnonamesalary 20060019Mary14 20060011John… 20050012Kate… 20050001Mike… 20040018Henry… DSP 1 DSP 2 DSP 3 DSP 4 DSP 5 empnonamesalary 20060019Mary87 20060011John… 20050012Kate… 20050001Mike… 20040018Henry… empnonamesalary 20060019Mary102 20060011John… 20050012Kate… 20050001Mike… 20040018Henry…

25 Data Reconstruction Secret Share Method Encryption Method Comparison Conclusion Background Private Data Reconstruction at DR ◦ DR needs at least k shares of the value ◦ Lagrange interpolation to reconstruct the polynomial

26 Storage Model Secret Share Method Encryption Method Comparison Conclusion Background All relations like R(A 1, A 2, …,A m ) are stored into n DSPs in the form of following relation: Source attribute key attribute

27 Key Generation Function Secret Share Method Encryption Method Comparison Conclusion Background Key value = bucket_id || encrypted_sal ◦ Bucket_id makes sure that values are in order ◦ Use a symmetric algorithm DES and the random key to encrypt salary value

28 Index Creation Function Secret Share Method Encryption Method Comparison Conclusion Background B+ index

29 Query Processing Secret Share Method Encryption Method Comparison Conclusion Background Employee name and salary are both divided into n shares SELECT name FROM Employees WHERE salary = 35 Encrypt 35 using DES scheme into h8jbka8g Search in metedata for key_sal: 128h8jbka8g search index on attribute key_sal K sub queries reconstruct name from k shares

30 Experiments Evaluation Security analysis ◦ DSPs collude with each other ◦ DR colludes with at least k DSPs Secret Share Method Encryption Method Comparison Conclusion Background

31 Experiments Evaluation Efficiency Evaluation ◦ Time comparison between hash based searching and index based searching Secret Share Method Encryption Method Comparison Conclusion Background

32 Experiments Evaluation Efficiency Evaluation ◦ Time comparison between encryption and polynomial computation ◦ Data extension and tuple size Secret Share Method Encryption Method Comparison Conclusion Background

33 Comparison Secret Share Method Encryption Method Comparison Conclusion Background Encryption MethodSecret Share Method Data locationData ownerCloud Index locationClient (shadow index)Cloud DO involvementInitialization: Send shadow index to client Send key to cloud Outsourcing: Data division Index creation Client ComputationNode traversal Local distance computation Distance comparison Query transformation Results reconstruction Cloud ComputationEncryption Decryption Recoding Query processing Communication CostsHighLow

34 Conclusion PH Encryption Method ◦ Low efficiency ◦ Data privacy preservation ◦ Query privacy preservation Secret Share Method ◦ High efficiency ◦ Data privacy preservation ◦ Query privacy leak when DO colludes with cloud Secret Share Method Encryption Method Comparison Conclusion Background

35 Q&A? Thank you~

Download ppt "Privacy Preserving Query Processing in Cloud Computing Wen Jie 2011-5-27."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)

Private Inference Control David Woodruff MIT Joint work with Jessica Staddon (PARC)
Private Inference Control

Private Inference Control
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Technische Universität Ilmenau CCSW 2013 Sander Wozniak

Technische Universität Ilmenau CCSW 2013 Sander Wozniak
Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.

Multi-Dimensional Range Query over Encrypted Data Authors: Elaine Shi, Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig Slides originated.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Protection of Identity Information in Cloud Computing without Trusted Third Party 作者 :Rohit Ranchal, Bharat Bhargave, Lotfi Ben Othmane, Leszek Lilien,

Protection of Identity Information in Cloud Computing without Trusted Third Party 作者 :Rohit Ranchal, Bharat Bhargave, Lotfi Ben Othmane, Leszek Lilien,
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.
Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.

Similar presentations

Ads by Google