Download presentation
Presentation is loading. Please wait.
Published byAnnis Lawson Modified over 9 years ago
1
Secure Cloud Database with Sense of Security
2
Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts the service provider? – Goal: protect sensitive data
3
Related Work Encryption Approach – NetDB2, IBM (Outsourced database) – Relational Cloud, CryptDB (MIT, CIDR 2011) – TrustedDB using secure hardware (VLDB 2011 demo, Radu Sion) Secure Multi-Party Computation Approach – ShareMind
4
NetDB2 Tuple 1xxxyyy Tuple 2aaabbb Tuple 1!a4a3g Tuple 2L%jm*K Value-level encryption SELECT * WHERE value = `xxx’SELECT * WHERE value = `!a4’ DB Encrypted DB Tuple 1P2 Tuple 2P1 + Partition information Partition: P1: < `m’; otherwise P2 SELECT * WHERE value < `xxx’SELECT * WHERE value in [P1, P2] Simple deterministic encryption
5
CryptDB Onion-encryption: multiple encryption done on 1 data 10 Original data encrypt E 1 (10) = A*65h OPES: numeric comparisons E 2 (A*65h) = BB647 Deterministic encryption Equality can be done Non-deterministic encryption No computation is feasible E 3 (BB647) = %j@9G If the user wants more computation power, decrypt to the desired level (one way!)
6
ShareMind Key: Secret sharing + recursive processing A B C Service Provider 1 Service Provider 2 Service Provider 3 Query Result D E F D + E + F = Result DB DB = A + B + C
7
Comparisons of the two approaches Encryption-based methods – Provide limited computation capabilities – Security strength depends on the encryption function For example, deterministic encryption may allow a frequency analysis attack – `Male’, `Female’ => `%k9)2’, `Ah475’ – `Ah475’ x 21; `%k9)2’ x 5 in DB group MPC-based methods – More generic operators – Requires multiple trusted parties ShareMind cannot guard against collusions
8
MPC-based is the solution? DB ABC SP2SP1SP3 Owner DBA BC SP1SP2 Owner MPC-based: What if all service providers collude? Updated Model: Owner has to join in MPC operations, (storage and computation) cost not less than hosting DB on its own; 2 SPs? Not cost-effective
9
Research problem Owner keeps a small share A (small storage) Without A, SP cannot recover DB (similar security strength as MPC) Owner has minimal involvement in MPC (low cost) DB A B SP Owner Desired Model
10
Secure multiparty computation Background
11
Secret sharing (around 1980) 10 Secret 4 6 shares AliceBob 6+4 = 10 What is the secret value? Alice’s share would be 5? 20? -3? The secret is recovered only when the two parties exchange their shares
12
Secret sharing General case s Secret s1s1 s2s2 …snsn The secret can be divided into n parties, for any n s = g(s 1, s 2, …, s n ) Example: Sum of all shares (modular) Bitwise XOR of all shares Product, string concatenation, etc… Security requirement: Given k < n shares, it is hard to recover s
13
Secure multiparty computation Party 1 x1x1 Party 2 x2x2 Party n xnxn … Objective: Every party obtains f(x 1, x 2, …, x n ) but cannot observe any other information apart from its own data r = f(x 1, x 2, …, x n ) r r r
14
To design a generic secure database
15
Before we proceed…. Clarifying the security Negative result – Ideal security: Querying workflow: user issues query => service providers compute result and return to user Knowledge gained by service providers: NONE. Not even anything about query and result! – A solution achieving ideal security is not more efficient than a non-outsourcing solution (not using cloud)
16
Knowledge gained by service provider Output space of a simple selection query: varies from no tuple to the entire database – Even larger space if we consider joins Example knowledge gain – If the output size is small, the service provider knows it is not the case that the query selects entire table To hide the above information, each returned query result should be at least of size = entire table
17
Security in secure database The service provider can observe – Query content The tables that are related to the query Number of conditions, types of conditions, attributes that are related But not other info about query – Query answer the set of shares of tuples in some query answer But not other content
18
Example query SELECT Name FROM Employer WHERE Salary > 6000 Transformed query may look like to one service provider SELECT ATTRIBUTE_7 FROM TABLE_A WHERE ATTRIBUTE_3 - X > 0 WITH PARAM_X_1 = 1234 WITH PARAM_CMP = 335
19
Some basic design To hide the database, we use secret sharing DB = A + B In our case, we use multiplicative secret sharing – To store value v, we have ab = v (mod D) D: domain size The shares are a, b DB A B SP Owner
20
2 types of operators Owner Service provider Type 1 a b Secure operation: the result is also in the share format Majority of the operations should be of this type Owner Service provider Type 2 r Disclosing operation: the result is directly given to SP Operation: Whether the tuple is in the query result Type 2 can be done by Type 1, then send a to b
21
Share Compression The shares of the DB is generated randomly Who decides the random shares? Lets use a pseudo random function – Similar to RSA encryption IDX 118 220 IDShare 11 24 f(ID) = mID k mod n IDShare 118 25 Share A Kept by owner Share B By SP k,m: secret key; n public key k=2 m=1
22
Storage cost Linear to number of columns – Assuming the IDs are from 1-t Just need to remember t Note on the random function: – To make the input look like random, we have » f(ID) = mh(ID) k mod n h: any one-way hash Storage part is easy, how about computation? IDShare 11 24 …… f(ID) = mID k mod n
23
How to do multiplication? Column-column multiplication – The two values are both in share format AB 1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A X B 200 5 40 (k = 3, m=5) m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=1 resharing 4 50 k=1 m=5 A = a1a2 B = b1b2 C = (a1b1)(a2b2) mID k = 10
24
Recap: operations at the parties A (k = 1, m=5) B (k =2,m=1) Owner SP AB 15 28 109 …… C (k=2,m=1) C 50 … … …
25
Column-constant multiplication A 10 IDA (k = 1, m=1) 22 A 5 Real value Owner SP Constant B = 20 C = A X B 200 5 40 (k = 1, m=20) k = 2 m=5 resharing 20 10 k=-1 m=4 mID k = 2
26
Column-column addition A = a 1 a 2 B = b 1 b 2 – C = A + B => a 1 a 2 + b 1 b 2 – Goal: C = c 1 c 2 = a 1 a 2 + b 1 b 2 c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 Owner: a1, b1 SP: a2, b2 Kept by owner
27
Column-column addition c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 AB 1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A + B 30 f(ID) = mID k 3.75 A:k=-1 m=2.5 C (k = 2, m = 2) 8 B:k=0 m=0.5 1.25 * 1 + 0.5 * 5
28
Column-constant addition Add a constant to each tuple – Becomes column-column addition A 10 20 30 45 AZ 101 201 301 451
29
Managing negative values A sign bit is used – In two shares – Again the owner keeps a function Additive function 0 represents positive, 1 represents negative Value 1Value 2Sign bit of v1 x v2 000 011 101 110 XOR gate. Addition.
30
Multiplication with sign bit AB -1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A X B -200 5 40 (k = 3, m=5) m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=1 resharing 4 50 k=1 m=5 mID k = 10 Magnitude part: the same!
31
Multiplication with sign bit AB -1020 IDA’s sign (k = 2, m=1) B’s sign (k =1,m=1) 24 (1, +) AB 0, -1, + Real value Owner SP C = A X B -200 0, - 1, + m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=2 resharing 8 (0, -) 1, + k=1 m=2 -1 = 2 Magnitude part: the same! n = 3 k = 3 m=1 mod 3 mod 2 0: No change 1: Change sign Ans: 4 => 1 Change!
32
Addition with sign bit The math is the same A = a 1 a 2 B = b 1 b 2 – C = A + B => a 1 a 2 + b 1 b 2 – Goal: C = c 1 c 2 = a 1 a 2 + b 1 b 2 c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2
33
Addition with sign bit c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 AB -1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 Sign(k=1, m = 5) 20 (0, -) (k=2, m = 2) 8 (0, -) AB Value15 Sign1, +0, - Real value Owner SP C = A + B 10 f(ID) = mID k 1.25 A:k=-1 m=2.5 C (k = 2, m = 2) Value8 Sign(k=1, m=2) 4 (1, +) B:k=0 m=0.5 -1.25 * 1 + (-0.5) * (-5) (k=1, m = 5) (k=2, m = 2) No change
34
Comparison One type of comparison: A > 0 – A = a 1 a 2 Secret sharing with the sign bit a 1 >0a 2 >0A > 0 T (1) F (0) T (1)F(0) T(1)
35
Others Security – Given a share, the attacker cannot get the private keys (k, m), i.e., other shares Reducible to RSA A reduced security strength can be achieved – f(ID) = kh(ID) No modular exponential => more efficient at service provider side
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.