Ioannis Demertzis University of Maryland yannisumdedu Stavros Papadopoulos Intel Labs amp MIT stavrospcsailmitedu Odysseas Papapetrou EPFL Lausanne Switzerland odysseaspapapetrouepflch ID: 557840
Download Presentation The PPT/PDF document "Practical Private Range Search Revisited" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Practical Private Range Search Revisited
Ioannis
Demertzis
*
University of Maryland
yannis@umd.edu
Stavros Papadopoulos
Intel Labs & MIT
stavrosp@csail.mit.edu
Odysseas Papapetrou*EPFL, Lausanne, Switzerlandodysseas.papapetrou@epfl.ch
Antonios DeligiannakisTechnical University of Creteadeli@softnet.tuc.gr
Minos GarofalakisTechnical University of Creteminos@softnet.tuc.gr
*Work
performed while the
author
was
at the
Technical
University
of Crete Slide2
Cloud Computing
Pros:
Near infinite scalability for big data analytic
Easy and
ubiquitous access on solid data
Cost reduction with the use of shared infrastructure
+ Affordable
for small and medium businessesCons: - Serious
security and privacy
concerns regarding outsourcing and querying on private company or personal data
Solution: Privacy Preserving QueryingSlide3Slide4
IDEAL SOLUTION
Privacy Preserving Querying
Client
Encrypted
Database
Later:
Client
Untrusted
Cloud
Encrypt(DB)
Encrypted(query)
Encrypted(results)
?Slide5
Solutions for Encrypted Search
Efficiency
Security
High
Low
High
OPE
DET
PPE
SSE
Func
/
Pred
Enc
ORAM
FHE
Secure
Efficient
Secure & Efficient
CryptDB
CipherBase
MONOMI
Google
BigQuery
Microsoft SQL 2016
Always Encrypted
…
Not all
schemes are
explained (Feel free to ask me during the poster session!!)Slide6
Why? Practical Private Range Search?
No Practical and Secure solution!
Our Contribution:
Range Searchable Symmetric
Encryption (RSSE
) schemesSlide7
Related Work – Private Range Search
Efficiency
Security
High
Low
High
OPE
DET
PPE
FHE
Ostrovsky
et. al (1990)
Goldreich
et. al (1996)
Stefanov
et al. (2011,2013,
2013)
Gentry et al. 2010
Popa
et al. (2013)
Kerschbaum
et al. (2014)
Hacigumus
et al. (2002)
Hore
et al. (2004, 2012)
Boneh
et al. (2007)
Shi et al. (2007)
Lu et al. (2012)
R
SSE
Func
/
Pred
Enc
ORAM
?
Not all schemes are explained (Feel free to ask me during the poster session!!)
Secure & Efficient
Secure
Efficient
Li et al. (2015)Slide8
What is Searchable Symmetric Encryption?
C
lient
Untrusted
Cloud
s
earch query:
keyword
Leakage
is the amount of information that the untrusted cloud learns
?Slide9
k
1
k
2
k
3
F
1
F
4
F
2
F
1
F
2
F
3
F
4
F
5
F
6
F
3
F
6
F
4
F
2
F
5
F
1
Searchable Symmetric Encryption (SSE) schemes
C
lient
Untrusted
CloudSlide10
k
1
k
2
k
3
F
1
F
4
F2
F1F2
F3
F
4
F
5
F
6
F
3
F
6
F
4
F
2
F
5
F
1
Searchable Symmetric Encryption (SSE) schemes
C
lient
Untrusted
CloudSlide11
k
1
k
2
k
3
F
1
F
4
F2
F1F2
F3
F
4
F
5
F
6
F
3
F
6
F
4
F
2
F
5
F
1
Searchable Symmetric Encryption (SSE) schemes
C
lient
Untrusted
Cloud
L1 leakage:
total
leakage prior to query execution
e.g
.
size of each encrypted file
,
size of encrypted indexSlide12
k
1
k
2
k
3
F
1
F
4
F2
F1F2
F3
F
4
F
5
F
6
F
3
F
6
F
4
F
2
F
5
F
1
Searchable Symmetric Encryption (SSE) schemes
C
lient
Untrusted
Cloud
k
1
token
L2 leakage
(leakage during query execution)
Search pattern
:
whether a search query is repeated
Access pattern
:
encrypted document ids and files
that satisfy
the search
querySlide13
Security Game
Real Scheme
Simulator
Enc
(
) +
Enc
(
)
w1
token1
…
wN
tokenN
L1
(
)
&^*@h@&*^H4&*24
w1 |
L2
( w1 )
^&*
daUY
@#*
…
wN |
L2
( wN)
&k*&()#&*@
AdversarySlide14
Trivial Solution 1 - Quadratic Approach
1
2
3
F1
F
4
F
2
F
3
F6
F4
F
2
F5
F
1
1-2
F1
F
4
F
2
F
3
F6
F4
F
2
2-3
F
3
F6
F4
F
2
F5
F
1
1-3
F5
F
1
F1
F
4
F
2
F
3
F6
F4
F
2
Client
Untrusted
Cloud
2-3
SELECT *
FROM TABLE as T
WHERE T.SALARY ≥
2
K
and T.SALARY ≤
3
K
Optimal Security
-
O(1)
Query Size -
O(
r)
Search Time -
O(nm
2
)
Space
– No False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range size
Main idea:
Replicate each tuple to all possible ranges
it belongs to (For domain [0,m]
O(m
2
)
possible ranges)
Slide15
Trivial Solution 2 – Linear Approach
1
2
3
4
5
6
7
8
F1
F
4
F
2
F
3
F
5
C
lient
Untrusted
Cloud
1
2
3
4
5
6
7
8
F
6
Main idea:
Transform the range queries to point queries
SELECT *
FROM TABLE as T
WHERE T.SALARY ≥
1K
and T.SALARY ≤
8
K
Weaker Security
-
O
(R)
Query Size
–
O
(
R+r
)
Search Time -
O(
n)
Space
– No False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide16
Linear Approach (BRC-URC)
1
2
3
4
5
6
7
8
F1
F
4
F
2
F
5
C
lient
Untrusted
Cloud
d
e
f
g
b
c
a
a
F
3
F
6
Main idea:
Use
Delegatable
-
PRFs (DPRFs)
Kiayas
et al.CCS’13
SELECT *
FROM TABLE as T
WHERE T.SALARY ≥
1K
and T.SALARY ≤
8
K
Weaker Security
-
O
(
logR
)
Query Size -
O
(
logR+r
)
Search Time -
O(
n)
Space
– No False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide17
Logarithmic-B
est Range C
over
Approach
1
2
3
4
5
6
7
8
F1
F
4
F
2
F
5
C
lient
Untrusted
Cloud
F
3
1-2
3-4
5-6
1-4
5-8
1-8
F
6
F1
F
4
F
2
Main idea:
Increase the space by replicating each tuple to
the dyadic intervals in which it belongs (
xlogm
)
F
6
F1
F
4
F
2
F5
F
3
F
6
F1
F
4
F
2
F5
F
3
F6
7-8
F3
F
5
Intermediate Security
-
O
(
logR
)
Query Size -
O
(
logR+r
)
Search Time -
O(
nlogm
)
Space
– No False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide18
Logarithmic-B
est Range C
over Approach
1
2
3
4
5
6
7
8
C
lient
Untrusted
Cloud
1-2
3-4
5-6
7-8
1-4
5-8
1-8
Main idea:
Answer the queries with the minimum number
of nodes which cover the range
BRC(1,4) =
1-4
BRC(2,5) =
2
3-4
5
Equal
size ranges have tokens
of
unequal
size
Complex tokens have
a
specific structure
Intermediate Security
-
O
(
logR
)
Query Size -
O
(
logR+r
)
Search Time -
O(
nlogm
)
Space
– No False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide19
Logarithmic
-Uniform R
ange
Cover Approach
1
2
3
4
5
6
7
8
C
lient
Untrusted
Cloud
1-2
3-4
5-6
7-8
1-4
5-8
1-8
Main idea:
Answer all the queries with the same size
with the same number of tokens
U
RC(1,4) =
URC(2,5) =
2
3-4
5
Equal
size ranges have tokens
of
unequal
size
Complex tokens have
a
specific structure
Solved by Logarithmic-SRC/Logarithmic
SRCi
1
2
3-4
Intermediate Security
-
O
(
logR
)
Query Size -
O
(
logR+r
)
Search Time -
O(
nlogm
)
Space
– No False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide20
Logarithmic
-Single R
ange
Cover Approach
C
lient
Untrusted
Cloud
1
2
3
4
5
6
7
8
1-2
3-4
5-6
7-8
1-4
5-8
1-8
Main idea:
An
swe
r all the queries with one token
SRC(4,5) =
1-8
False Positives
False Positives
Actual Answer
O(n)
False Positives
Optimal Security
–
O
(1)
Query Size -
O
(n)
Search Time
-
O(
nlogm
)
Space
–
O
(n)
False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide21
Logarithmic
-Single R
ange
Cover Approach
C
lient
Untrusted
Cloud
1
2
3
4
5
6
7
8
1-2
3-4
5-6
7-8
1-4
5-8
1-8
Main idea:
Augment the
tree
structure
with extra nodes
without increasing asymptotically the space
SRC(4,5) =
O(range)
False Positives values
2-3
4-5
6-7
3-6
4-5
O(n)
False Positives
SRC(2,4) =
1-4
False
Positive
value
Actual Values
All the tuples have value = 1
If we have only one value per leaf then
O(result size)
False Positives
Flatten the distribution
(Assign one value per leaf)
Logarithmic
SRCi
Optimal Security
-
O
(1)
Query Size -
O
(n)
Search Time
-
O(
nlogm
)
Space
–
O
(n)
False
Positives
n:
dataset size,
r:
result size,
m:
domain size ,
R:
query range sizeSlide22
Logarithmic
-Single R
ange
Cover
-
i
Approach
C
lient
Untrusted
Cloud
12
3
4
5
6
7
8
1-2
3-4
5-6
7-8
1-4
5-8
1-8
Main idea:
Augment the
tree
structure
with extra nodes
without increasing asymptotically the space
SRC(4,5) =
O(range)
False Positives values
2-3
4-5
6-7
3-6
4-5
O(n)
False Positives
SRC(2,4) =
1-4
If we have only one value per leaf then
O(result size)
False Positives
Flatten the distribution
(Assign one value per leaf)
Logarithmic
SRCi
Optimal Security
-
O
(1)
Query Size
–
O
(
R+r
)
Search Time
-
O(
nlogm
)
Space
–
O
(
R+r
)
False
Positives
n
:
dataset size,
r:
result size,
m:
domain size ,
R:
query range size
All the tuples have value = 1 Slide23
Thank you!!! Questions???
Efficiency
Security
High
Low
High
OPE
DET
PPE
FHE
Func
/
Pred
Enc
ORAM
?
We will present the experimental evaluation in the Poster
Session
Secure
Efficient
Secure & Efficient