Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.

Published byAnnis Lawson Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment."— Presentation transcript:

1 Secure Cloud Database with Sense of Security

2 Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts the service provider? – Goal: protect sensitive data

3 Related Work Encryption Approach – NetDB2, IBM (Outsourced database) – Relational Cloud, CryptDB (MIT, CIDR 2011) – TrustedDB using secure hardware (VLDB 2011 demo, Radu Sion) Secure Multi-Party Computation Approach – ShareMind

4 NetDB2 Tuple 1xxxyyy Tuple 2aaabbb Tuple 1!a4a3g Tuple 2L%jm*K Value-level encryption SELECT * WHERE value = `xxx’SELECT * WHERE value = `!a4’ DB Encrypted DB Tuple 1P2 Tuple 2P1 + Partition information Partition: P1: < `m’; otherwise P2 SELECT * WHERE value < `xxx’SELECT * WHERE value in [P1, P2] Simple deterministic encryption

5 CryptDB Onion-encryption: multiple encryption done on 1 data 10 Original data encrypt E 1 (10) = A*65h OPES: numeric comparisons E 2 (A*65h) = BB647 Deterministic encryption Equality can be done Non-deterministic encryption No computation is feasible E 3 (BB647) = %j@9G If the user wants more computation power, decrypt to the desired level (one way!)

6 ShareMind Key: Secret sharing + recursive processing A B C Service Provider 1 Service Provider 2 Service Provider 3 Query Result D E F D + E + F = Result DB DB = A + B + C

7 Comparisons of the two approaches Encryption-based methods – Provide limited computation capabilities – Security strength depends on the encryption function For example, deterministic encryption may allow a frequency analysis attack – `Male’, `Female’ => `%k9)2’, `Ah475’ – `Ah475’ x 21; `%k9)2’ x 5 in DB group MPC-based methods – More generic operators – Requires multiple trusted parties ShareMind cannot guard against collusions

8 MPC-based is the solution? DB ABC SP2SP1SP3 Owner DBA BC SP1SP2 Owner MPC-based: What if all service providers collude? Updated Model: Owner has to join in MPC operations, (storage and computation) cost not less than hosting DB on its own; 2 SPs? Not cost-effective

9 Research problem Owner keeps a small share A (small storage) Without A, SP cannot recover DB (similar security strength as MPC) Owner has minimal involvement in MPC (low cost) DB A B SP Owner Desired Model

10 Secure multiparty computation Background

11 Secret sharing (around 1980) 10 Secret 4 6 shares AliceBob 6+4 = 10 What is the secret value? Alice’s share would be 5? 20? -3? The secret is recovered only when the two parties exchange their shares

12 Secret sharing General case s Secret s1s1 s2s2 …snsn The secret can be divided into n parties, for any n s = g(s 1, s 2, …, s n ) Example: Sum of all shares (modular) Bitwise XOR of all shares Product, string concatenation, etc… Security requirement: Given k < n shares, it is hard to recover s

13 Secure multiparty computation Party 1 x1x1 Party 2 x2x2 Party n xnxn … Objective: Every party obtains f(x 1, x 2, …, x n ) but cannot observe any other information apart from its own data r = f(x 1, x 2, …, x n ) r r r

14 To design a generic secure database

15 Before we proceed…. Clarifying the security Negative result – Ideal security: Querying workflow: user issues query => service providers compute result and return to user Knowledge gained by service providers: NONE. Not even anything about query and result! – A solution achieving ideal security is not more efficient than a non-outsourcing solution (not using cloud)

16 Knowledge gained by service provider Output space of a simple selection query: varies from no tuple to the entire database – Even larger space if we consider joins Example knowledge gain – If the output size is small, the service provider knows it is not the case that the query selects entire table To hide the above information, each returned query result should be at least of size = entire table

17 Security in secure database The service provider can observe – Query content The tables that are related to the query Number of conditions, types of conditions, attributes that are related But not other info about query – Query answer the set of shares of tuples in some query answer But not other content

18 Example query SELECT Name FROM Employer WHERE Salary > 6000 Transformed query may look like to one service provider SELECT ATTRIBUTE_7 FROM TABLE_A WHERE ATTRIBUTE_3 - X > 0 WITH PARAM_X_1 = 1234 WITH PARAM_CMP = 335

19 Some basic design To hide the database, we use secret sharing DB = A + B In our case, we use multiplicative secret sharing – To store value v, we have ab = v (mod D) D: domain size The shares are a, b DB A B SP Owner

20 2 types of operators Owner Service provider Type 1 a b Secure operation: the result is also in the share format Majority of the operations should be of this type Owner Service provider Type 2 r Disclosing operation: the result is directly given to SP Operation: Whether the tuple is in the query result Type 2 can be done by Type 1, then send a to b

21 Share Compression The shares of the DB is generated randomly Who decides the random shares? Lets use a pseudo random function – Similar to RSA encryption IDX 118 220 IDShare 11 24 f(ID) = mID k mod n IDShare 118 25 Share A Kept by owner Share B By SP k,m: secret key; n public key k=2 m=1

22 Storage cost Linear to number of columns – Assuming the IDs are from 1-t Just need to remember t Note on the random function: – To make the input look like random, we have » f(ID) = mh(ID) k mod n h: any one-way hash Storage part is easy, how about computation? IDShare 11 24 …… f(ID) = mID k mod n

23 How to do multiplication? Column-column multiplication – The two values are both in share format AB 1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A X B 200 5 40 (k = 3, m=5) m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=1 resharing 4 50 k=1 m=5 A = a1a2 B = b1b2 C = (a1b1)(a2b2) mID k = 10

24 Recap: operations at the parties A (k = 1, m=5) B (k =2,m=1) Owner SP AB 15 28 109 …… C (k=2,m=1) C 50 … … …

25 Column-constant multiplication A 10 IDA (k = 1, m=1) 22 A 5 Real value Owner SP Constant B = 20 C = A X B 200 5 40 (k = 1, m=20) k = 2 m=5 resharing 20 10 k=-1 m=4 mID k = 2

26 Column-column addition A = a 1 a 2 B = b 1 b 2 – C = A + B => a 1 a 2 + b 1 b 2 – Goal: C = c 1 c 2 = a 1 a 2 + b 1 b 2 c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 Owner: a1, b1 SP: a2, b2 Kept by owner

27 Column-column addition c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 AB 1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A + B 30 f(ID) = mID k 3.75 A:k=-1 m=2.5 C (k = 2, m = 2) 8 B:k=0 m=0.5 1.25 * 1 + 0.5 * 5

28 Column-constant addition Add a constant to each tuple – Becomes column-column addition A 10 20 30 45 AZ 101 201 301 451

29 Managing negative values A sign bit is used – In two shares – Again the owner keeps a function Additive function 0 represents positive, 1 represents negative Value 1Value 2Sign bit of v1 x v2 000 011 101 110 XOR gate. Addition.

30 Multiplication with sign bit AB -1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A X B -200 5 40 (k = 3, m=5) m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=1 resharing 4 50 k=1 m=5 mID k = 10 Magnitude part: the same!

31 Multiplication with sign bit AB -1020 IDA’s sign (k = 2, m=1) B’s sign (k =1,m=1) 24 (1, +) AB 0, -1, + Real value Owner SP C = A X B -200 0, - 1, + m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=2 resharing 8 (0, -) 1, + k=1 m=2 -1 = 2 Magnitude part: the same! n = 3 k = 3 m=1 mod 3 mod 2 0: No change 1: Change sign Ans: 4 => 1 Change!

32 Addition with sign bit The math is the same A = a 1 a 2 B = b 1 b 2 – C = A + B => a 1 a 2 + b 1 b 2 – Goal: C = c 1 c 2 = a 1 a 2 + b 1 b 2 c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2

33 Addition with sign bit c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 AB -1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 Sign(k=1, m = 5) 20 (0, -) (k=2, m = 2) 8 (0, -) AB Value15 Sign1, +0, - Real value Owner SP C = A + B 10 f(ID) = mID k 1.25 A:k=-1 m=2.5 C (k = 2, m = 2) Value8 Sign(k=1, m=2) 4 (1, +) B:k=0 m=0.5 -1.25 * 1 + (-0.5) * (-5) (k=1, m = 5) (k=2, m = 2) No change

34 Comparison One type of comparison: A > 0 – A = a 1 a 2 Secret sharing with the sign bit a 1 >0a 2 >0A > 0 T (1) F (0) T (1)F(0) T(1)

35 Others Security – Given a share, the attacker cannot get the private keys (k, m), i.e., other shares Reducible to RSA A reduced security strength can be achieved – f(ID) = kh(ID) No modular exponential => more efficient at service provider side

Download ppt "Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment."

Similar presentations

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.

Mix and Match: A Simple Approach to General Secure Multiparty Computation + Markus Jakobsson Bell Laboratories Ari Juels RSA Laboratories.
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.

RSA COSC 201 ST. MARY’S COLLEGE OF MARYLAND FALL 2012 RSA.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
22C:19 Discrete Structures Integers and Modular Arithmetic

22C:19 Discrete Structures Integers and Modular Arithmetic
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.

General Cryptographic Protocols (aka secure multi-party computation) Oded Goldreich Weizmann Institute of Science.
Complexity 7-1 Complexity Andrei Bulatov Complexity of Problems.

Complexity 7-1 Complexity Andrei Bulatov Complexity of Problems.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
Complexity 5-1 Complexity Andrei Bulatov Complexity of Problems.

Complexity 5-1 Complexity Andrei Bulatov Complexity of Problems.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.

Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:

Cryptography Lecture 11: Oct 12. Cryptography AliceBob Cryptography is the study of methods for sending and receiving secret messages. adversary Goal:
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.

Similar presentations

Ads by Google