Secure and Privacy-Preserving PowerPoint Presentation, PPT - DocSlides

Slide1

Secure and Privacy-Preserving Database Services in the Cloud

Divy Agrawal, Amr El Abbadi, Shiyuan WangUniversity of California, Santa Barbara{agrawal, amr, sywang}@cs.ucsb.edu

ICDE’2013 Tutorial

Slide2

Cloud Computing

Successful paradigm for computing and storage

FeaturesPay per useNo up-front cost for deploymentScalabilityElasticitySoftware as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)

4/11/2013

ICDE 2013 Tutorial

2

Slide3

Adopting the Cloud

Emails

CollaborationAdministrative appsConferencing softwareEducation

4/11/2013

ICDE 2013 Tutorial

3

Early adopters are mainly low risk apps

with less sensitive data

Sensitive Data

Slide4

Cloud – A Tempting Attack Target

Why the cloud?Ubiquitous access to consolidated data.Shared infrastructure economies of scaleA lot of small and medium businessesWhy attack?Target one service provider, attack multiple companiesFinancial gain from trading sensitive information

4/11/2013

ICDE 2013 Tutorial

4

Slide5

Cloud Provides Novel Attack Opportunities

Co-residence attack [Ristenpart et al. CCS’09]Adversary: non-provider-affiliated malicious partiesMap and identify location of target VMPlace attacker VM co-resident with target VMCross-VM side-channel attacks (due to sharing of physical resources): eg, number of visitors to a page, or keystroke attacks for password retrieval.Signature wrapping attack [Somorovsky et al. CCSW’11]Control Interface compromise by capturing a SOAP msg.Manipulate SOAP message with arbitrary XML fragmentsUse XML signature vulnerability to pass authenticationTake control of a victim’s account

4/11/2013

ICDE 2013 Tutorial

5

Slide6

Amazon’s Best Practices for Cloud Security and Privacy

ConcernsCo-residence attacksSide channel attacksNetwork based attacksUnauthorized accessesInsider attacksPrivacy violationFuture vulnerabilities?

4/11/2013

ICDE 2013 Tutorial

6

Defenses [AWS security]dedicated instances, virtual private cloud, isolated network and trafficFirewall and access controlIdentity and access management, multi-factor authenticationaccesses checked and auditedRely on clients for access controlRecommend using data encryption and encrypted file system

Best effort defense is not sufficient

Slide7

A Barrier to Conquer

Security and privacy – a barrier to cloud adoptionData (sensitive data) – a key concernWe need to solve data security and privacy problems in the cloud

4/11/2013

ICDE 2013 Tutorial

7

Slide8

Outline

Database Security and Privacy: General Practice in the DB Community Data Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges

4/11/2013

ICDE 2013 Tutorial

8

Slide9

Access Control [Bertino et al. TDSC’05]

Problem Statement: authorizing data access scopes (relations, attributes, tuples) to users of DBMSDiscretionary access controlAuthorization administration policies, ie, granting and revoking authorization (centralized, ownership, etc)Content-based using views and rewriting for fine-grained access controlRole-based access control: a function with a set of actions, consisting of users membersMandatory access control: Object and subject classification (eg, top secret, secret, unclassified, etc).

4/11/2013

ICDE 2013 Tutorial

9

Slide10

Data Anonymization

Problem: protecting Personally Identifiable Information (PII) and their sensitive attributes

4/11/2013

ICDE 2013 Tutorial

10

Quasi-identifierSensitiveDOBGenderZipcodeDisease1/21/76Male53715Heart Disease4/13/86Female53715Hepatitis2/28/76Male53703Brochitis1/21/76Male53703Broken Arm4/13/86Female53706Flu2/28/76Female53706Hang Nail

Quasi-identifiers

need to begeneralized or suppressed

Quasi-identifiers

are sets of attributes that can be linked

with external data to

uniquely

identify an individual

Slide11

Equivalence

class

share

same QI

Solution

:

k-Anonymity

[Samarati et al. TR’98]

Quasi-identifiers indistinguishable among k individualsImplemented by building generalization hierarchy or partitioning multi-dimensional data space

4/11/2013

ICDE 2013 Tutorial

11

Slide12

Enhanced Solution: l-Diversity[Machanavajjhala et al. ICDE’06]

At least l values for sensitive attributes in each equivalence class

4/11/2013

ICDE 2013 Tutorial

12

ZipcodeAgeSalaryDisease476**2*20KGastric Ulcer476**2*25KGastritis476**2*30KStomach Cancer4790*≥4050KGastritis4790*≥40100KFlu4790*≥4070KBronchitis476**3*60KBronchitis476**3*80KPneumonia476**3*90KStomach Cancer

A 3-diverse patient table

Slide13

Enhanced Solution: t-Closeness[Li et al. ICDE’07]

Distance between overall distribution of sensitive attribute values and distribution of sensitive attribute values in an equivalence class bounded by t

4/11/2013

ICDE 2013 Tutorial

13

Slide14

Privacy-Preserving Data Mining

Problems: hide sensitive rules or private individual data in data mining [Verykios et al. SIGMOD’04]1. sanitize sensitive item sets or sensitive rules2. build data mining model without access to precise data, e.g. privacy-preserving classification, clustering3. private parties compute together on their private inputs, e.g. distributed association rule mining, collaborative filteringSolutions1. Data perturbation, blocking  rule confusion2. Data perturbation  Distribution reconstruction [Agrawal et al. SIGMOD’00, PODS’01]3. Secure Multi-party Computation (SMC) [Clifton et al. KDD’02]

4/11/2013

ICDE 2013 Tutorial

14

Slide15

Differential Privacy for Statistical Data[Dwork ICALP’06]

We need a strong privacy notion that is independent of arbitrary external informationGuarantee little risk for an individual joining a databaseDefinition: A randomized function Ƙ gives Ɛ-differential privacy if for all databases D and D’ differing in at most one row, and all subsets S of Range(Ƙ),Ɛ is a small constant, usually Solution: output perturbation (calibrating noise)

 

4/11/2013

ICDE 2013 Tutorial

15

Slide16

A randomized function K gives ε-Differential Privacy IFF for all datasets D1 and D2 differing on at most one element, and all S Range (K)

Strong

privacy guarantees while querying a database

16

Query

A

PERTURBATION

P(A)

Query

A’

PERTURBATION

P(A’)

Indistiguishable

!

Thanks to Ben Zhao for this slide

Differential Privacy for Statistical Data

[

Dwork

ICALP’06]

Slide17

Access Control & Privacy [Chaudhuri et al. CIDR’11]

4/11/2013

ICDE 2013 Tutorial

17

Hybrid System combining authorization predicates and “noisy” views

Slide18

Secure Devices for Privacy[Anciaux et al. SIGMOD’07]

Problem: protecting private data during queries involving both private (hidden) and public (visible) dataSolution: carry private data in a secure USB key, ensure private data never leaves the USB key, and only public data flows to the keyQuery optimization for small RAM USB key

4/11/2013

ICDE 2013 Tutorial

18

Slide19

Outline

Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges

4/11/2013

ICDE 2013 Tutorial

19

Slide20

A lot of problems need to be taken care ofSome problems are oldsome problems are amplified by the cloud

4/11/2013

ICDE 2013 Tutorial

20

Slide21

Problems Amplified by the Cloud

4/11/2013

ICDE 2013 Tutorial

21

Data confidentialityAttacksUnauthorized accesses, side channel attacksSolutionsEncryption, querying encrypted dataTrusted computing

User

Cloud Servers

D

ata

Query

Answer

Access privacy

Attacks

Inferences on access patterns or query results

Solutions

Private information retrieval

Q

uery obfuscation

Slide22

Data Services in the Cloud

4/11/2013

ICDE 2013 Tutorial

22

DB Queries

Functionality

Performance

Adversaries:

curious but not malicious

cloud / insiders

3

rd

party attackers

Actions:

obtain / infer data and queries

Slide23

Challenges: Conflicting Goals

4/11/2013

ICDE 2013 Tutorial

23

Existing Services

Functionality

Performance

Confidentiality / Privacy

High

Low

High

Many Crypto Systems/Protocols

Ideal State

Slide24

Outline

Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges

4/11/2013

ICDE 2013 Tutorial

24

Slide25

Data Confidentiality

1. EncryptionHomomorphic encryptionPartition IndexOrder-preserving encryptionEncrypted Index2. Leveraging TrustDistributionTrusted computing

4/11/2013

ICDE 2013 Tutorial

25

Slide26

Database as a Service [Hacigümüs et al. ICDE’02]

Protects data from steeling but plaintext data can still be seen on the serverWrite – encrypt before storinginsert into lineitem (discount) values (encrypt(10,key))Read – decrypt before accessselect decrypt(discount,key) from lineitem where custid = 300Encryption alternativesSoftware level v.s. Hardware level (cryptographic coprocessor) encryptionGranularity: field, row, page

4/11/2013

ICDE 2013 Tutorial

26

Slide27

Keyword Search on Encrypted Texts [Song et al. S&P’00]

Directly search on encrypted data without decryption on server sideEncrypt word by word. For word WiBlock_ciphertext Xi = Ek(Wi), Word key ki = fk(Xi), Pseudorandom sequence Ti = <Si, Fki(Si)>Searchable_ciphertext Ci = Xi TiSearch for a word WBlock_ciphertext X = Ek(W), Word key ki = fk(X)Check ciphertexts one by one to see if C X = (Xi Ti) X is of the form <s, Fki(s)> for some random value s

4/11/2013

ICDE 2013 Tutorial

27

Slide28

Homomorphic Encryption

Paillier’s cryptosystemFully Homomorphic Encryption [Gentry CACM’10]Enable arbitrary functions over encrypted dataAddition, multiplication, binary operations

 

4/11/2013

ICDE 2013 Tutorial

28

Slide29

Homomorphic Encryption

4/11/2013

ICDE 2013 Tutorial

29

OperationX86-64Intel Core 2 @ 2.1 GHzSH_Keygen250 msSH_Enc24 msSH_Add1 msSH_Mul41 msSH_Dec (2-element ciphertext)15 msSH_Dec (3-element ciphertext)26 ms

From Kristen

Lauter’s Slides @ MSR Faculty Summit 2011

1 million dataAggregation: 16 minutesRange query: 11 hours

Too expensive to be practical

Slide30

We need practical solutions TO querYING on encrypted dataBASE

4/11/2013

ICDE 2013 Tutorial

30

Slide31

Partition and Identification Index [Hacigümüs et al. SIGMOD’02]

E(tuple): encrypted-tuple, {attribute-index}Attribute-index: attribute value partition ids

4/11/2013

ICDE 2013 Tutorial

31

2

0

200

4

00

600

8

00

1000

7

5

1

4

Slide32

Partition and Identification Index

Client knows a map function, Map(val) = id of the partition containing val

4/11/2013

ICDE 2013 Tutorial

32

2

0

200

4

00

600

8

00

1000

7

5

1

4

1

0

200

4

00

600

8

00

1000

2

4

5

7

Random mapping

Order-preserving mapping

Slide33

Mapping Predicate Conditions

Map(< val) : ids of the partitions that could contain values < valE.g. Map(eid < 280) = {2, 7} for random mappingMap(> val) : ids of the partitions that could contain values > valMap(Ai = Aj): pairs of ids of the partitions that could have equal Ai and Aj valuesDecryption and processing on the client

4/11/2013

ICDE 2013 Tutorial

33

Slide34

Mapping Predicate Conditions

4/11/2013

ICDE 2013 Tutorial

34

e

mp.did

=

mrg.did

Slide35

Optimal Partition for Range Queries[Hore et al. VLDB’04]

Optimal for privacy-performance tradeoffPerformance: minimize number of false positives over all range queries in a given query distributionFalse positives caused by server returning a superset of answersPrivacy: maximize variance, entropy of value distribution in a partitionHigh variance – increase adversaries’ error in inferring sensitive attribute valuesHigh entropy – reduce adversaries’ ability to identify encrypted tuples satisfying a plaintext query

4/11/2013

ICDE 2013 Tutorial

35

Slide36

Partition / Bucketization Review

ProsEfficient computation on the serverConsData update is hard (may need re-distribution)Filtering super answer set could be time consuming depending on the partitions sizesMight reveal value distribution from relative partitions changes during dynamic data updates

4/11/2013

ICDE 2013 Tutorial

36

Slide37

Can Ciphertext Be Queried Directly

Encryption with special properties that allow predicate evaluation on ciphertextsOrder-preserving partition mapping  order-preserving encryption

4/11/2013

ICDE 2013 Tutorial

37

Slide38

Order Preserving Encryption[Agrawal et al. SIGMOD’04]

4/11/2013

ICDE 2013 Tutorial

38

Slide39

Achieving Order Preserving Encryption

4/11/2013

ICDE 2013 Tutorial

39

Slide40

Order-Preserving Review

ProsReturn exact answers instead of super setsCan leverage existing DB indexConsHard to perform analysis and aggregationSome tuples could be easily identified if approach is applied to multiple attributes

4/11/2013

ICDE 2013 Tutorial

40

Slide41

CryptDB [Popa et al. SOSP’11]

Supports a wide range of SQL queries over encrypted dataServer fully evaluates queries on encrypted data, and client does not perform query processingSQL-aware encryptionleverage provable practical techniques for different SQL operators over encrypted dataAdjustable query-based encryptionDynamically adjust the encryption level of data items according to user’s queriesOnion of encryptionsFrom weaker forms of encryption that allow certain computation to stronger forms of encryption that reveal no information

4/11/2013

ICDE 2013 Tutorial

41

Slide42

SQL-Aware Onion Encryption

4/11/2013

ICDE 2013 Tutorial

42

RND: no functionality

DET: equality selection

SEARCH: word selection

(only for text fields)

Any value

JOIN: equality join

RND: no functionality

OPE: comparison

Any value

OPE-JOIN: inequality join

int

value

HOM: sum

Slide43

CryptDB System

4/11/2013

ICDE 2013 Tutorial

43

For performing cryptographic operations

For sending certain onion layer key

Slide44

CryptDB Review

ProsSupport a wide range of SQL queriesConsConfidentiality level degrades to the weakest encryption in the long term

4/11/2013

ICDE 2013 Tutorial

44

Slide45

Why can we NOT leverage well proved encryption mechanisms and DB indexing techniques

4/11/2013

ICDE 2013 Tutorial

45

Slide46

Encrypted Index for Outsourced Data

Build a normal B+-tree index on key valuesEncrypt B+-tree nodesStore (and disperse) encrypted index in the cloud [Damiani et al. CCS’03, Wang et al. SDM’11]A query with predicates on keys is processed by locating desired key values on encrypted index.Traversal on index relies on the client to retrieve and decrypt index nodes.

4/11/2013

ICDE 2013 Tutorial

46

Slide47

4/11/2013

ICDE 2013 Tutorial

47

A2

A1

D: Data Tuples

t

1

t

2

....,tN

…………………

A1

…………………

Ad

…………………

…

…………………

A2

I: B+-tree Index

…

…

…

…

…

…

…

…

n

1

n

2

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

I

D

n

1

n

2

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … … … … … … … …

IE

E(n2)

E(n1)

… … …

… … …

… … … … … … … … … … … … … … … … … … … … … … … … … … …

TD

tc1

tc2

… … …

… … …

… … … … … … … … … … … … … … … … … … … … … … … … … … …

TE

E(tc2)

E(tc1)

S

i

S

1

S

n

Cloud Servers

Salted IDA

Slide48

Practical Secure Query Processing

4/11/2013

ICDE 2013 Tutorial

48

C

lient

Proxy

S

i

S

1

S

n

Cloud Servers

…

Index I

…

…

root

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

IE

E(n

2

)

E(n

1

)

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

… … …

TE

E(tc

2

)

E(tc

1

)

IE

col1

IE

col1

…

…

n

1

1

2

…

…

…

IE

:1

E(n

1

)

…

…

…

IE

:1

E(n

1

)

TE

col2

TE

col2

…

…

…

TE

:2

E(tc

2

)

…

…

…

TE

:2

E(tc

2

)

Cache partial index nodes

on client to improve efficiency

Slide49

Encrypted Index Review

ProsCan be directly deployed on existing cloud settingsProvide stronger confidentiality than partition, order-preserving encryption without losing query efficiencyConsThe Cloud’s computational ability is under utilizedQueries directly supported are limited to queries on indexed key attributes

4/11/2013

ICDE 2013 Tutorial

49

Slide50

Data Confidentiality

1. EncryptionHomomorphic encryptionPartition IndexOrder-preserving encryptionEncrypted Index2. Leveraging Trust

4/11/2013

ICDE 2013 Tutorial

50

Slide51

Distribution instead of Encryption

Under non-communicating servers assumption [Aggarwal et al. CIDR’05]

4/11/2013

ICDE 2013 Tutorial

51

Server 1

Server 2

Sensitive attributes

E(telephone), E(email)

Sensitive association

name, salary

name

salary

n

ame, E(salary)

Query

Q1

Q2

Result(Q1) join Result(Q2)

Slide52

Distribution Review

ProsReduce encryption and decryption overheadConsNon-communicating servers assumption is strong*Data distribution policy is usually not up to a client, but decided by cloud server providers* [Emekci et al. ICDE’06, Agrawal et al. SRDS’88, Ciriani et al. ESORICS’09]

4/11/2013

ICDE 2013 Tutorial

52

Slide53

Tamper Resistant Trusted Hardware

4/11/2013

ICDE 2013 Tutorial

53

Slide54

Computation Cost Consideration

4/11/2013

ICDE 2013 Tutorial

54

Slide55

Trusteddb [Bajaj et al. SIGMOD’11]

4/11/2013

ICDE 2013 Tutorial

55

Slide56

Trusted Computing Review

ProsSupport almost all existing DBMS functionalitiesConsComputing and memory resources are limited Cipherbase [Arasu et al. CIDR’13]: better optimization based on trusted hardwareRequires secret key handover from user to trusted hardware

4/11/2013

ICDE 2013 Tutorial

56

Slide57

Outline

Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges

4/11/2013

ICDE 2013 Tutorial

57

Slide58

Access Privacy

1. Private Information Retrieval (PIR)2. Oblivious RAM3. Relaxing Privacy

4/11/2013

ICDE 2013 Tutorial

58

Slide59

Private Information Retrieval[Chor et al. JACM’98]

Multi-servers information theoretic PIRImplemented based on XOR, polynomial interpolationAchieves 2-server communication complexity O(n1/3)Tolerate collusions of up to t < k serversSingle-server PIRRequire only computational indistinguishability

4/11/2013

ICDE 2013 Tutorial

59

X=

X

1X2………Xn

database

Server

Client

q=“give me

i

th

record”

encrypted(q)

encrypted-result=f(X, encrypted(q))

X

i

Slide60

cPIR Theoretical Background

Quadratic Residue (QR)x is a quadratic residue (QR) mod N if E.g. N=35, 11 is QR (92=11 mod 35)3 is QNR (no y exists such that y2=3 mod 35)Essential properties:QR ×QR = QRQR ×QNR = QNRLet N =p1×p2, p1 and p2 are large primes of m/2 bits.Quadratic Residuosity Assumption (QRA)Determining if a number is a QR or a QNR is computationally hard if p1 and p2 are not given.

4/11/2013

ICDE 2013 Tutorial

60

 

Slide61

Single Database cPIR [Kushilevitz et al. FOCS’97]

4/11/2013

ICDE 2013 Tutorial

61

Adapted from Tan’s presentation

0

1

0

1

1

1

0

1

0

1

0

1

0

1

1

1

e

g

Get

M

2,3

N=35

QNR={3,12,13,17,27,33}

QR={1,4,9,11,16,29}

4 16 17 11

QNR

z

4

z3z2z1

z

2

=QNR => X

10

=1z2=QR => X10=0

M

2,3

2732717

Computation cost: O(n)

C

lient

Server

z

:

Slide62

4/11/2013

ICDE 2013 Tutorial

62

Practicality of PIR [Sion et al. NDSS’07, Olumofin et al. FC’11]

cPIR

is more than one order of magnitude slower than trivial data transfer.

Multi-server PIR is more practical, but it requires servers cannot collude.

Slide63

PIR Could Be More Practical [Olumofin et al. FC’11]

Multi-server information-theoretic PIRSingle-server lattice-based PIR Unlike previous cPIR which are based on number theoryCan achieve one order of magnitude speedup by using GPUCons: security not well understood as number theory based cPIR

4/11/2013

ICDE 2013 Tutorial

63

Slide64

Access Privacy

1. Private Information Retrieval (PIR)2. Oblivious RAM3. Relaxing Privacy

4/11/2013

ICDE 2013 Tutorial

64

Slide65

Oblivious RAM Based PIR[Goldreich & Ostrovsky JACM ‘96 Williams et al. NDSS’08]

A step towards making PIR practicalOblivious RAM : achieve oblivious access in server memoryOrganize data in pyramid like levels of bucketsEnsure each access touches a bucket at every level

4/11/2013

ICDE 2013 Tutorial

65

Slide66

4/11/2013

ICDE 2013 Tutorial

66

Slide67

Oblivious RAM Based PIR

4/11/2013

ICDE 2013 Tutorial

67

Computation cost: O(log

2

n)

Needs some client storage during oblivious re-ordering of encrypted data

Slide68

Oblivious RAM Review

ProsComputation and communication complexities <= O(log2n) per query ConsClient storage requires O()

 

4/11/2013

ICDE 2013 Tutorial

68

Slide69

Access Privacy

1. Private Information Retrieval (PIR)2. Oblivious RAM3. Relaxing Privacy

4/11/2013

ICDE 2013 Tutorial

69

Slide70

Bounding-Box PIR [Wang et al. DBSEC’10]

4/11/2013

ICDE 2013 Tutorial

70

0

1

0

1

1

1

0

1

0

1

0

1

0

1

1

1

e

g

Get

M

2,3

N

=35QNR={3,12,13,17,27,33}QR={1,4,9,11,16,29}

z

2

=QNR => M2,3=1

M

2,3

1727

16 17

QNR

y

:

z

:

Bounding Box

C

lient

Server

Slide71

Hybrid Approach with Homomorphic Encryption [Wang et al. DAPD’13]

4/11/2013

ICDE 2013 Tutorial

71

C

lient

S

erver

0.1. bucket summary S

0.2. public key K

pub

1. query vector Q’

2

. answer vector V

3. decrypt V & filter

R

pub

.B

:

[0,100)

S

1

:

0

20

50

6

0

70

8

5

9

5

100

BK

1

BK

2

BK

3

BK

4

BK

5

BK

6

BK

7

S

1

K

pub

Q: [45, 65)

Q’: (E(0), E(1), E(1), E(1), E(0), E(0), E(0))

V: (E(0)

VBK1

, E(1)

VBK2, E(1)VBK3, E(1)VBK4, E(0)VBK5, E(0)VBK6, E(0)VBK7)

D(V[2]) = D(E(1)

VBK2

) = D(E(1))*VBK

2

= VBK

2

D(V[3])

=

D(E(1)

VBK3

)

= D(E(1))*

VBK

3

=

VBK

3

D(V[4])

=

D(E(1)

VBK4

)

= D(E(1))*

VBK

4

=

VBK

4

Slide72

Hybrid Approach with Homomorphic Encryption [Wang et al. DAPD’13]

4/11/2013

ICDE 2013 Tutorial

72

Client selects subset of buckets for server to work onPrivate query bucketsRelevant frequently co-accessed sets of buckets of other usersReasons for using frequent bucket setsHide in crowdLess identifiable

S

erver

BHE

BHE

C

lient

q

uery

history

C

lient

q

uery

history

p

rivate

distributed

frequent pattern mining

[TKDE04]

FBS

C

lient

S

erver

H

HE

Q’: (

0

,

E(1)

,

E(1)

,

E(1)

,

0

,

E(0)

,

E(0)

)

Slide73

Access Pattern Privacy on Encrypted Index [Vimercati et al. ICDCS’11]

Not using any cryptographic protocolsCover searches Fake searchesCached searchesCache index nodesIndex shufflingExchange contents between index nodesCounteract node-data association attacks

4/11/2013

ICDE 2013 Tutorial

73

Slide74

Index Shuffling

4/11/2013

ICDE 2013 Tutorial

74

Slide75

Relaxing Privacy Review

ProsMore computationally efficient than PIRCons(Incomplete) privacy tricky to define and quantify

4/11/2013

ICDE 2013 Tutorial

75

Slide76

Outline

Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges

4/11/2013

ICDE 2013 Tutorial

76

Slide77

Open Research Problems

Homomorphic encryption for processing range/join database queries on encrypted dataImprove performance of querying encrypted data for use in practical OLTP applicationsPre-computationParallel calculationEnd to end security in the cloudNeed information flow control and auditing in addition to cryptography or trusted computing based approaches

4/11/2013

ICDE 2013 Tutorial

77

Slide78

Concluding Remarks

Cloud security and privacy is not a completely new problem. Some issues are amplified by the cloud.Protecting data confidentiality and access privacyMaintaining practical functionality and performance while achieving security and privacy

4/11/2013

ICDE 2013 Tutorial

78

Slide79

References

[Bertino et al. TDSC’05] E. Bertino et al. Database security-concepts, approaches, and challenges. In IEEE TDSC, 2(1), 2005.[Samarati et al. TR’98] P. Samarati et al. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. TR 1998.[Machanavajjhala et al. ICDE’06] A. Machanavajjhala et al. l-diversity: privacy beyond k-anonymity. In ICDE 2006.[Li et al. ICDE’07] N. Li et al. t-closeness: privacy beyond k-anonymity and l-diversity. In ICDE 2007.[Dwork ICALP’06] C. Dwork. Differential privacy. In ICALP(2) 2006.[Verykios et al. SIGMOD’04] V. S. Verykios et al. State-of-the-art in privacy preserving data mining. In SIGMOD 2004.[Agrawal et al. SIGMOD’00] R. Agrawal et al. Privacy-preserving data mining. In SIGMOD 2000. [Clifton et al. KDD’02] C. Clifton et al. Tools for privacy preserving distributed data mining. In KDD 2002. [Anciaux et al. SIGMOD’07] N. Anciaux et al. GhostDB: querying visible and hidden data without leaks. In SIGMOD 2007.

4/11/2013

ICDE 2013 Tutorial

79

Slide80

References

[Chaudhuri et al. CIDR’11] S. Chaudhuri et al. Database access control & privacy: is there a common ground? In CIDR 2011.[Ristenpart et al. CCS’09] T. Ristenpart et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In CCS 2009.[Somorovsky et al. CCSW’11] J. Somorovsky et al. All your clouds are belong to us: security analysis of cloud management interfaces. In CCSW 2011.[Hacigümüs et al. ICDE’02] H. Hacigümüs et al. Providing database as a service. In ICDE 2002.[Song et al. S&P’00] D. Song et al. Practical techniques for searches on encrypted data. In S&P 2000.[Hacigümüs et al. SIGMOD’02] H. Hacigümüs et al. Executing SQL over encrypted data in the database service provider mode. In SIGMOD 2002.[Hore et al. VLDB’04] B. Hore et al. A privacy-preserving index for range queries. In VLDB 2004.[Agrawal et al. SIGMOD’04] R. Agrawal et al. Order preserving encryption for numeric data. In SIGMOD 2004.

4/11/2013

ICDE 2013 Tutorial

80

Slide81

References

[Popa et al. SOSP’11] R. A. Popa et al. Cryptdb: protecting confidentiality with encrypted query processing. In SOSP 2011.[Damiani et al. CCS’03] E. Damiani et al. Balancing confidentiality and efficiency in untrusted relational DBMSs. In CCS 2003.[Wang et al. SDM’11] S. Wang et al. A comprehensive framework for secure query processing on relational data in the cloud. In SDM 2011.[Aggarwal et al. CIDR’05] G. Aggarwal et al. Two can keep a secret: a distributed architecture for secure database services. In CIDR 2005.[Emekci et al. ICDE’06] F. Emekci et al. Privacy preserving query processing using third parties. In ICDE 2006.[Agrawal et al. SRDS’88] D. Agrawal et al. Quorum consensus algorithms for secure and reliable data. In SRDS 1988.[Bajaj et al. SIGMOD’11] S. Bajaj et al. Trusteddb: a trusted hardware based database with privacy and data confidentiality. In SIGMOD 2011. [Song et al. IEEE’12] D. Song et al. Cloud data protection for the masses. In IEEE Computer, 45(1), 2012.[Chor et al. JACM’98] B. Chor et al. Private information retrieval. In J. ACM, 45(6), 1998.

4/11/2013

ICDE 2013 Tutorial

81

Slide82

References

[Kushilevitz et al. FOCS’97] E. Kushilevitz et al. Replication is not needed: single database, computationally private information retrieval. In FOCS 1997.[Sion et al. NDSS’07] R. Sion et al. On the computational practicality of private information retrieval. In NDSS 2007.[Olumofin et al. FC’11] F. G. Olumofin et al. Revisiting the computational practicality of private information retrieval. In FC 2011.[Williams et al. NDSS’08] P. Williams et al. Usable private information retrieval. In NDSS 2008.[Wang et al. DBSEC’10] S. Wang et al. Generalizing PIR for practical private retrieval of public data. In DBSec 2010.[Wang et al. DAPD’13] S. Wang et al. Towards practical private processing of database queries over public data. In DAPD 2013.[Vimercati et al. ICDCS’11] S. D. C. Vimercati et al. Efficient and private access to outsourced data. In ICDCS 2011.

4/11/2013

ICDE 2013 Tutorial

82

Slide83

Slide84

Slide85

Slide86

Slide87