Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced.

Published byCody Howard Modified over 9 years ago

Similar presentations

Presentation on theme: "Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced."— Presentation transcript:

1 Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced Spatial Databases Wei-Shinn Ku National Tsing Hua University June 15, 2011

2 Wei-Shinn Ku Slide 2 Auburn University Computer Science and Software Engineering Presentation Outline Introduction System Architecture Space Encryption based Privacy Protection Spatial Query Integrity Auditing with Dual Space Encryption Keys Experimental Validation Future Work

3 Wei-Shinn Ku Slide 3 Auburn University Computer Science and Software Engineering Motivation Why outsourcing? –Network technology advancements –Data management cost is five to ten times higher than the initial acquisition costs –Economy of scale –Companies can concentrate on their businesses Popularity of location-based services –Spatial data for gazetteer, vector data, etc.

4 Wei-Shinn Ku Slide 4 Auburn University Computer Science and Software Engineering Motivation (Cont.) Two main challenges –Data privacy (e.g., medical records, Navteq road vector data) –Query integrity There is no existing solution which can ensure both privacy and integrity for outsourced spatial data.

5 Wei-Shinn Ku Slide 5 Auburn University Computer Science and Software Engineering Contributions We propose an innovative approach that simultaneously ensures both the privacy and the integrity of outsourced spatial data. Space encryption as the basis Data replication based Integrity auditing Supports the most important spatial query types: –Range queries –k nearest neighbor queries

6 Wei-Shinn Ku Slide 6 Auburn University Computer Science and Software Engineering Related Research Data privacy protection –Executing SQL queries over encrypted databases –Existing solutions did not consider the problem of query integrity Query Integrity Assurance –Results are both correct and complete –Merkle hash tree based solution – state-of-the-art –MR-tree [ICDE’08] supports spatial queries, however it did not consider privacy protection

7 Wei-Shinn Ku Slide 7 Auburn University Computer Science and Software Engineering Presentation Outline Introduction System Architecture Space Encryption based Privacy Protection Spatial Query Integrity Auditing with Dual Space Encryption Keys Experimental Validation Future Work

8 Wei-Shinn Ku Slide 8 Auburn University Computer Science and Software Engineering System Architecture Mobile users (e.g., cell phones, PDAs, etc.) Location-based service providers (could be malicious) Database owner (e.g., possessing point of interest data)

9 Wei-Shinn Ku Slide 9 Auburn University Computer Science and Software Engineering System Architecture (Cont.) Mobile devices cannot store significant amount of data => asking queries and analyzing results. Assume the DB owner can embed additional information in the outsourced DB. dataPreprocess(D) => replication and encryption queryRewrite(D) => query the encrypted spatial database Auditing queries

10 Wei-Shinn Ku Slide 10 Auburn University Computer Science and Software Engineering Presentation Outline Introduction System Architecture Space Encryption based Privacy Protection Spatial Query Integrity Auditing with Dual Space Encryption Keys Experimental Validation Future Work

11 Wei-Shinn Ku Slide 11 Auburn University Computer Science and Software Engineering Space Encryption Employ one-way functions to preserve privacy by encoding the locations of all spatial objects. A one-way function is easy to compute but difficult to invert, meaning that some algorithms can compute the function in polynomial time while no probabilistic polynomial-time algorithm can compute an inverse image of the function with better than negligible probability. Our solution encrypts the location of every data point.

12 Wei-Shinn Ku Slide 12 Auburn University Computer Science and Software Engineering Space Encryption (Cont.) Spatial data management => an ideal one- way transformation should respect the spatial proximity of the original space. Maintaining the distance properties of the original space => it enables efficient evaluation of spatial queries. Space filling curves can be applied as one- way functions for space encryption.

13 Wei-Shinn Ku Slide 13 Auburn University Computer Science and Software Engineering Space Filling Curves A space-filling curve (e.g., Z curve, Gray-coded curve, etc.) is a continuous curve, which passes through every point of a closed space. We employ the Hilbert curve as an example.

14 Wei-Shinn Ku Slide 14 Auburn University Computer Science and Software Engineering Space Encryption Key The curve parameters (e.g., the curve order and orientation) can be applied as ciphers for preserving privacy of outsourced spatial data. We can formulate the relationship in a two- dimensional space as where x and y are the coordinate of a point in the original space. The curve parameters including the curve’s starting point (x 0, y 0 ), curve order O, and curve orientation θ make up the Space Encryption Key (SEK) of the Hilbert curve based one-way function.

15 Wei-Shinn Ku Slide 15 Auburn University Computer Science and Software Engineering Space Encryption Key (Cont.)

16 Wei-Shinn Ku Slide 16 Auburn University Computer Science and Software Engineering Presentation Outline Introduction System Architecture Space Encryption based Privacy Protection Spatial Query Integrity Auditing with Dual Space Encryption Keys Experimental Validation Future Work

17 Wei-Shinn Ku Slide 17 Auburn University Computer Science and Software Engineering Dual Space Encryption First encrypt DB with a primary space encryption key SEK P. Replicate r percent of DB and encrypt the duplicate with a secondary encryption key SEK S which possesses different curve parameters. Combine the two encrypted datasets and store them at the service provider. The service provider can only see the Hilbert value of each spatial data object. For any spatial object s in the query result set, a client should be able to verify whether s is a valid record of DB and if s has a counterpart which is encrypted with another SEK.

18 Wei-Shinn Ku Slide 18 Auburn University Computer Science and Software Engineering Dual Space Encryption (Cont.) For supporting object verification, we encrypt the coordinate, non-spatial attributes, and dual information I d with a symmetric key S K which is shared by the database owner and all the clients. The purpose of the dual information field is for clients to tell if a spatial object has a duplicate in the outsourced database. I d has three values which stand for (i) primary encryption without duplication, (ii) primary encryption with duplication, and (iii) secondary encryption respectively.

19 Wei-Shinn Ku Slide 19 Auburn University Computer Science and Software Engineering Dual Space Encryption (Cont.)

20 Wei-Shinn Ku Slide 20 Auburn University Computer Science and Software Engineering Dual Space Encryption (Cont.) We apply cryptographic hash functions to generate a signature Ψ for each spatial object with the coordinate and non-spatial attributes as the input message. The structure of an encrypted spatial object:

21 Wei-Shinn Ku Slide 21 Auburn University Computer Science and Software Engineering Range Queries A client first identifies the Hilbert values covered by the range query based on the parameters of SEK P. The client queries the service provider for retrieving the objects covered by the query range. After receiving the query result set R, the client first filters out objects encrypted with SEK S and verifies the validity of all the remaining objects with their attached signatures. If all the objects in R are valid, the client generates an auditing range query Q A with the same query range size as Q R and the parameters of SEK S.

22 Wei-Shinn Ku Slide 22 Auburn University Computer Science and Software Engineering Range Queries (Cont.)

23 Wei-Shinn Ku Slide 23 Auburn University Computer Science and Software Engineering Range Queries (Cont.) If the service provider carries out queries honestly, the query result set of the auditing query must contain counterparts of all the objects with duplicates in R. In practice, the client can launch a single auditing query for verifying a number of regular queries by combining their query ranges for saving resources.

24 Wei-Shinn Ku Slide 24 Auburn University Computer Science and Software Engineering k Nearest Neighbor Queries For a given kNN query point Q located at position (x Q, y Q ), a client first employs SEK P to compute as the query point in the encrypted space. Because there is r percent duplicate data in D E which should be filter out from query results, we multiply k by (1 + r) to get k' and apply k' as the query parameter. The client removes objects encrypted with SEK S and checks if there are k objects leftover in R. The client retrieves the object s ∗ which has the longest distance to Q in R.

25 Wei-Shinn Ku Slide 25 Auburn University Computer Science and Software Engineering k Nearest Neighbor Queries (Cont.)

26 Wei-Shinn Ku Slide 26 Auburn University Computer Science and Software Engineering k Nearest Neighbor Queries (Cont.) Because of loss of a dimension in the encrypted space, the objects in R may not precisely match the actual k nearest neighbors of Q. The client utilizes the distance between Q and s ∗ (Dist(Q, s ∗ )) as a search upper bound and launches a range query Q R with Dist(Q, s ∗ ) to decide the query window size. The client audits the range query result.

27 Wei-Shinn Ku Slide 27 Auburn University Computer Science and Software Engineering Attack-aware Auditing Query Composition Negligent auditing queries may reveal critical information to allow malicious LBS providers to detect the correspondence among the data with different encryption keys. For example, assume a client launches an auditing query after every regular query. Then, a malicious service provider can easily learn the relationship between the two queries and remove the query results of both queries to jeopardize future queries without being detected by clients.

28 Wei-Shinn Ku Slide 28 Auburn University Computer Science and Software Engineering Attack-aware Auditing Query Composition (Cont.) Generally, a checking query Q A, should not leak any correspondence information among the data objects in D E and Q A should be hard to differentiate from other regular queries. The main principle is to apply a single query to evaluate the integrity of multiple queries. Auditing query

29 Wei-Shinn Ku Slide 29 Auburn University Computer Science and Software Engineering Presentation Outline Introduction System Architecture Space Encryption based Privacy Protection Spatial Query Integrity Auditing with Dual Space Encryption Keys Experimental Validation Future Work

30 Wei-Shinn Ku Slide 30 Auburn University Computer Science and Software Engineering Simulation Datasets Synthetic and real-world datasets

31 Wei-Shinn Ku Slide 31 Auburn University Computer Science and Software Engineering Encoded POI Density

32 Wei-Shinn Ku Slide 32 Auburn University Computer Science and Software Engineering Spatial Database Outsourcing Initialization

33 Wei-Shinn Ku Slide 33 Auburn University Computer Science and Software Engineering Query Processing on the Client Side

34 Wei-Shinn Ku Slide 34 Auburn University Computer Science and Software Engineering Integrity Auditing

35 Wei-Shinn Ku Slide 35 Auburn University Computer Science and Software Engineering Communication Cost

36 Wei-Shinn Ku Slide 36 Auburn University Computer Science and Software Engineering Against Malicious Attacks

37 Wei-Shinn Ku Slide 37 Auburn University Computer Science and Software Engineering Presentation Outline Introduction System Architecture Space Encryption based Privacy Protection Spatial Query Integrity Auditing with Dual Space Encryption Keys Experimental Validation Future Work

38 Wei-Shinn Ku Slide 38 Auburn University Computer Science and Software Engineering Future Work Extend our algorithm to support more spatial query types such as spatial join, spatial path queries, etc. Wei-Shinn Ku, Ling Hu, Cyrus Shahabi, Haixun Wang, Query Integrity Assurance of Location-based Service Accessing Outsourced Spatial Databases, In Proceedings of the 11 th International Symposium on Spatial and Temporal Databases (SSTD), Aalborg, Denmark, 2009

39 Wei-Shinn Ku Slide 39 Auburn University Computer Science and Software Engineering Questions?

Download ppt "Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced."

Similar presentations

Supporting Cooperative Caching in Disruption Tolerant Networks

Supporting Cooperative Caching in Disruption Tolerant Networks
Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.

Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.
Ranking Outliers Using Symmetric Neighborhood Relationship Wen Jin, Anthony K.H. Tung, Jiawei Han, and Wei Wang Advances in Knowledge Discovery and Data.

Ranking Outliers Using Symmetric Neighborhood Relationship Wen Jin, Anthony K.H. Tung, Jiawei Han, and Wei Wang Advances in Knowledge Discovery and Data.
Efficient Evaluation of k-Range Nearest Neighbor Queries in Road Networks Jie BaoChi-Yin ChowMohamed F. Mokbel Department of Computer Science and Engineering.

Efficient Evaluation of k-Range Nearest Neighbor Queries in Road Networks Jie BaoChi-Yin ChowMohamed F. Mokbel Department of Computer Science and Engineering.
1 Chapter 5 : Query Processing and Optimization Group 4: Nipun Garg, Surabhi Mithal

1 Chapter 5 : Query Processing and Optimization Group 4: Nipun Garg, Surabhi Mithal
Di Yang, Elke A. Rundensteiner and Matthew O. Ward Worcester Polytechnic Institute VLDB 2009, Lyon, France 1 A Shared Execution Strategy for Multiple Pattern.

Di Yang, Elke A. Rundensteiner and Matthew O. Ward Worcester Polytechnic Institute VLDB 2009, Lyon, France 1 A Shared Execution Strategy for Multiple Pattern.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Efficiency concerns in Privacy Preserving methods Optimization of MASK Shipra Agrawal.

Efficiency concerns in Privacy Preserving methods Optimization of MASK Shipra Agrawal.
A Novel Scheme for Video Similarity Detection Chu-Hong Hoi, Steven March 5, 2003.

A Novel Scheme for Video Similarity Detection Chu-Hong Hoi, Steven March 5, 2003.
Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.

Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
SWE 423: Multimedia Systems Chapter 7: Data Compression (1)

SWE 423: Multimedia Systems Chapter 7: Data Compression (1)
1 SINA: Scalable Incremental Processing of Continuous Queries in Spatio-temporal Databases Mohamed F. Mokbel, Xiaopeng Xiong, Walid G. Aref Presented by.

1 SINA: Scalable Incremental Processing of Continuous Queries in Spatio-temporal Databases Mohamed F. Mokbel, Xiaopeng Xiong, Walid G. Aref Presented by.
1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.

1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
Overview of Cryptography Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Overview of Cryptography Anupam Datta CMU Fall A: Foundations of Security and Privacy.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Similar presentations

Ads by Google