Presentations text content in Secure and Privacy-Preserving
Slide1
Secure and Privacy-Preserving Database Services in the Cloud
Divy Agrawal, Amr El Abbadi, Shiyuan WangUniversity of California, Santa Barbara{agrawal, amr, sywang}@cs.ucsb.edu
ICDE’2013 Tutorial
Slide2Cloud Computing
Successful paradigm for computing and storage
FeaturesPay per useNo up-front cost for deploymentScalabilityElasticitySoftware as a Service (SaaS)Platform as a Service (PaaS)Infrastructure as a Service (IaaS)
4/11/2013
ICDE 2013 Tutorial
2
Slide3Adopting the Cloud
Emails
CollaborationAdministrative appsConferencing softwareEducation
4/11/2013
ICDE 2013 Tutorial
3
Early adopters are mainly low risk apps
with less sensitive data
Sensitive Data
Slide4Cloud – A Tempting Attack Target
Why the cloud?Ubiquitous access to consolidated data.Shared infrastructure economies of scaleA lot of small and medium businessesWhy attack?Target one service provider, attack multiple companiesFinancial gain from trading sensitive information
4/11/2013
ICDE 2013 Tutorial
4
Slide5Cloud Provides Novel Attack Opportunities
Co-residence attack [Ristenpart et al. CCS’09]Adversary: non-provider-affiliated malicious partiesMap and identify location of target VMPlace attacker VM co-resident with target VMCross-VM side-channel attacks (due to sharing of physical resources): eg, number of visitors to a page, or keystroke attacks for password retrieval.Signature wrapping attack [Somorovsky et al. CCSW’11]Control Interface compromise by capturing a SOAP msg.Manipulate SOAP message with arbitrary XML fragmentsUse XML signature vulnerability to pass authenticationTake control of a victim’s account
4/11/2013
ICDE 2013 Tutorial
5
Slide6Amazon’s Best Practices for Cloud Security and Privacy
ConcernsCo-residence attacksSide channel attacksNetwork based attacksUnauthorized accessesInsider attacksPrivacy violationFuture vulnerabilities?
4/11/2013
ICDE 2013 Tutorial
6
Defenses [AWS security]dedicated instances, virtual private cloud, isolated network and trafficFirewall and access controlIdentity and access management, multi-factor authenticationaccesses checked and auditedRely on clients for access controlRecommend using data encryption and encrypted file system
Best effort defense is not sufficient
Slide7A Barrier to Conquer
Security and privacy – a barrier to cloud adoptionData (sensitive data) – a key concernWe need to solve data security and privacy problems in the cloud
4/11/2013
ICDE 2013 Tutorial
7
Slide8Outline
Database Security and Privacy: General Practice in the DB Community Data Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges
4/11/2013
ICDE 2013 Tutorial
8
Slide9Access Control [Bertino et al. TDSC’05]
Problem Statement: authorizing data access scopes (relations, attributes, tuples) to users of DBMSDiscretionary access controlAuthorization administration policies, ie, granting and revoking authorization (centralized, ownership, etc)Content-based using views and rewriting for fine-grained access controlRole-based access control: a function with a set of actions, consisting of users membersMandatory access control: Object and subject classification (eg, top secret, secret, unclassified, etc).
4/11/2013
ICDE 2013 Tutorial
9
Slide10Data Anonymization
Problem: protecting Personally Identifiable Information (PII) and their sensitive attributes
4/11/2013
ICDE 2013 Tutorial
10
Quasi-identifierSensitiveDOBGenderZipcodeDisease1/21/76Male53715Heart Disease4/13/86Female53715Hepatitis2/28/76Male53703Brochitis1/21/76Male53703Broken Arm4/13/86Female53706Flu2/28/76Female53706Hang Nail
Quasi-identifiers
need to begeneralized or suppressed
Quasi-identifiers
are sets of attributes that can be linked
with external data to
uniquely
identify an individual
Slide11Equivalence
class
share
same QI
Solution
:
k-Anonymity
[Samarati et al. TR’98]
Quasi-identifiers indistinguishable among k individualsImplemented by building generalization hierarchy or partitioning multi-dimensional data space
4/11/2013
ICDE 2013 Tutorial
11
Slide12Enhanced Solution: l-Diversity[Machanavajjhala et al. ICDE’06]
At least l values for sensitive attributes in each equivalence class
4/11/2013
ICDE 2013 Tutorial
12
ZipcodeAgeSalaryDisease476**2*20KGastric Ulcer476**2*25KGastritis476**2*30KStomach Cancer4790*≥4050KGastritis4790*≥40100KFlu4790*≥4070KBronchitis476**3*60KBronchitis476**3*80KPneumonia476**3*90KStomach Cancer
A 3-diverse patient table
Slide13Enhanced Solution: t-Closeness[Li et al. ICDE’07]
Distance between overall distribution of sensitive attribute values and distribution of sensitive attribute values in an equivalence class bounded by t
4/11/2013
ICDE 2013 Tutorial
13
Slide14Privacy-Preserving Data Mining
Problems: hide sensitive rules or private individual data in data mining [Verykios et al. SIGMOD’04]1. sanitize sensitive item sets or sensitive rules2. build data mining model without access to precise data, e.g. privacy-preserving classification, clustering3. private parties compute together on their private inputs, e.g. distributed association rule mining, collaborative filteringSolutions1. Data perturbation, blocking rule confusion2. Data perturbation Distribution reconstruction [Agrawal et al. SIGMOD’00, PODS’01]3. Secure Multi-party Computation (SMC) [Clifton et al. KDD’02]
4/11/2013
ICDE 2013 Tutorial
14
Slide15Differential Privacy for Statistical Data[Dwork ICALP’06]
We need a strong privacy notion that is independent of arbitrary external informationGuarantee little risk for an individual joining a databaseDefinition: A randomized function Ƙ gives Ɛ-differential privacy if for all databases D and D’ differing in at most one row, and all subsets S of Range(Ƙ),Ɛ is a small constant, usually Solution: output perturbation (calibrating noise)
4/11/2013
ICDE 2013 Tutorial
15
Slide16A randomized function K gives ε-Differential Privacy IFF for all datasets D1 and D2 differing on at most one element, and all S Range (K)
Strong
privacy guarantees while querying a database
16
Query
A
PERTURBATION
P(A)
Query
A’
PERTURBATION
P(A’)
Indistiguishable
!
Thanks to Ben Zhao for this slide
Differential Privacy for Statistical Data
[
Dwork
ICALP’06]
Slide17Access Control & Privacy [Chaudhuri et al. CIDR’11]
4/11/2013
ICDE 2013 Tutorial
17
Hybrid System combining authorization predicates and “noisy” views
Slide18Secure Devices for Privacy[Anciaux et al. SIGMOD’07]
Problem: protecting private data during queries involving both private (hidden) and public (visible) dataSolution: carry private data in a secure USB key, ensure private data never leaves the USB key, and only public data flows to the keyQuery optimization for small RAM USB key
4/11/2013
ICDE 2013 Tutorial
18
Slide19Outline
Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges
4/11/2013
ICDE 2013 Tutorial
19
Slide20A lot of problems need to be taken care ofSome problems are oldsome problems are amplified by the cloud
4/11/2013
ICDE 2013 Tutorial
20
Slide21Problems Amplified by the Cloud
4/11/2013
ICDE 2013 Tutorial
21
Data confidentialityAttacksUnauthorized accesses, side channel attacksSolutionsEncryption, querying encrypted dataTrusted computing
User
Cloud Servers
D
ata
Query
Answer
Access privacy
Attacks
Inferences on access patterns or query results
Solutions
Private information retrieval
Q
uery obfuscation
Slide22Data Services in the Cloud
4/11/2013
ICDE 2013 Tutorial
22
DB Queries
Functionality
Performance
Adversaries:
curious but not malicious
cloud / insiders
3
rd
party attackers
Actions:
obtain / infer data and queries
Slide23Challenges: Conflicting Goals
4/11/2013
ICDE 2013 Tutorial
23
Existing Services
Functionality
Performance
Confidentiality / Privacy
High
Low
High
Many Crypto Systems/Protocols
Ideal State
Slide24Outline
Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges
4/11/2013
ICDE 2013 Tutorial
24
Slide25Data Confidentiality
1. EncryptionHomomorphic encryptionPartition IndexOrder-preserving encryptionEncrypted Index2. Leveraging TrustDistributionTrusted computing
4/11/2013
ICDE 2013 Tutorial
25
Slide26Database as a Service [Hacigümüs et al. ICDE’02]
Protects data from steeling but plaintext data can still be seen on the serverWrite – encrypt before storinginsert into lineitem (discount) values (encrypt(10,key))Read – decrypt before accessselect decrypt(discount,key) from lineitem where custid = 300Encryption alternativesSoftware level v.s. Hardware level (cryptographic coprocessor) encryptionGranularity: field, row, page
4/11/2013
ICDE 2013 Tutorial
26
Slide27Keyword Search on Encrypted Texts [Song et al. S&P’00]
Directly search on encrypted data without decryption on server sideEncrypt word by word. For word WiBlock_ciphertext Xi = Ek(Wi), Word key ki = fk(Xi), Pseudorandom sequence Ti = <Si, Fki(Si)>Searchable_ciphertext Ci = Xi TiSearch for a word WBlock_ciphertext X = Ek(W), Word key ki = fk(X)Check ciphertexts one by one to see if C X = (Xi Ti) X is of the form <s, Fki(s)> for some random value s
4/11/2013
ICDE 2013 Tutorial
27
Slide28Homomorphic Encryption
Paillier’s cryptosystemFully Homomorphic Encryption [Gentry CACM’10]Enable arbitrary functions over encrypted dataAddition, multiplication, binary operations
4/11/2013
ICDE 2013 Tutorial
28
Slide29Homomorphic Encryption
4/11/2013
ICDE 2013 Tutorial
29
OperationX86-64Intel Core 2 @ 2.1 GHzSH_Keygen250 msSH_Enc24 msSH_Add1 msSH_Mul41 msSH_Dec (2-element ciphertext)15 msSH_Dec (3-element ciphertext)26 ms
From Kristen
Lauter’s Slides @ MSR Faculty Summit 2011
1 million dataAggregation: 16 minutesRange query: 11 hours
Too expensive to be practical
Slide30We need practical solutions TO querYING on encrypted dataBASE
4/11/2013
ICDE 2013 Tutorial
30
Slide31Partition and Identification Index [Hacigümüs et al. SIGMOD’02]
E(tuple): encrypted-tuple, {attribute-index}Attribute-index: attribute value partition ids
4/11/2013
ICDE 2013 Tutorial
31
2
0
200
4
00
600
8
00
1000
7
5
1
4
Slide32Partition and Identification Index
Client knows a map function, Map(val) = id of the partition containing val
4/11/2013
ICDE 2013 Tutorial
32
2
0
200
4
00
600
8
00
1000
7
5
1
4
1
0
200
4
00
600
8
00
1000
2
4
5
7
Random mapping
Order-preserving mapping
Slide33Mapping Predicate Conditions
Map(< val) : ids of the partitions that could contain values < valE.g. Map(eid < 280) = {2, 7} for random mappingMap(> val) : ids of the partitions that could contain values > valMap(Ai = Aj): pairs of ids of the partitions that could have equal Ai and Aj valuesDecryption and processing on the client
4/11/2013
ICDE 2013 Tutorial
33
Slide34Mapping Predicate Conditions
4/11/2013
ICDE 2013 Tutorial
34
e
mp.did
=
mrg.did
Slide35Optimal Partition for Range Queries[Hore et al. VLDB’04]
Optimal for privacy-performance tradeoffPerformance: minimize number of false positives over all range queries in a given query distributionFalse positives caused by server returning a superset of answersPrivacy: maximize variance, entropy of value distribution in a partitionHigh variance – increase adversaries’ error in inferring sensitive attribute valuesHigh entropy – reduce adversaries’ ability to identify encrypted tuples satisfying a plaintext query
4/11/2013
ICDE 2013 Tutorial
35
Slide36Partition / Bucketization Review
ProsEfficient computation on the serverConsData update is hard (may need re-distribution)Filtering super answer set could be time consuming depending on the partitions sizesMight reveal value distribution from relative partitions changes during dynamic data updates
4/11/2013
ICDE 2013 Tutorial
36
Slide37Can Ciphertext Be Queried Directly
Encryption with special properties that allow predicate evaluation on ciphertextsOrder-preserving partition mapping order-preserving encryption
4/11/2013
ICDE 2013 Tutorial
37
Slide38Order Preserving Encryption[Agrawal et al. SIGMOD’04]
4/11/2013
ICDE 2013 Tutorial
38
Slide39Achieving Order Preserving Encryption
4/11/2013
ICDE 2013 Tutorial
39
Slide40Order-Preserving Review
ProsReturn exact answers instead of super setsCan leverage existing DB indexConsHard to perform analysis and aggregationSome tuples could be easily identified if approach is applied to multiple attributes
4/11/2013
ICDE 2013 Tutorial
40
Slide41CryptDB [Popa et al. SOSP’11]
Supports a wide range of SQL queries over encrypted dataServer fully evaluates queries on encrypted data, and client does not perform query processingSQL-aware encryptionleverage provable practical techniques for different SQL operators over encrypted dataAdjustable query-based encryptionDynamically adjust the encryption level of data items according to user’s queriesOnion of encryptionsFrom weaker forms of encryption that allow certain computation to stronger forms of encryption that reveal no information
4/11/2013
ICDE 2013 Tutorial
41
Slide42SQL-Aware Onion Encryption
4/11/2013
ICDE 2013 Tutorial
42
RND: no functionality
DET: equality selection
SEARCH: word selection
(only for text fields)
Any value
JOIN: equality join
RND: no functionality
OPE: comparison
Any value
OPE-JOIN: inequality join
int
value
HOM: sum
Slide43CryptDB System
4/11/2013
ICDE 2013 Tutorial
43
For performing cryptographic operations
For sending certain onion layer key
Slide44CryptDB Review
ProsSupport a wide range of SQL queriesConsConfidentiality level degrades to the weakest encryption in the long term
4/11/2013
ICDE 2013 Tutorial
44
Slide45Why can we NOT leverage well proved encryption mechanisms and DB indexing techniques
4/11/2013
ICDE 2013 Tutorial
45
Slide46Encrypted Index for Outsourced Data
Build a normal B+-tree index on key valuesEncrypt B+-tree nodesStore (and disperse) encrypted index in the cloud [Damiani et al. CCS’03, Wang et al. SDM’11]A query with predicates on keys is processed by locating desired key values on encrypted index.Traversal on index relies on the client to retrieve and decrypt index nodes.
4/11/2013
ICDE 2013 Tutorial
46
Slide474/11/2013
ICDE 2013 Tutorial
47
A2
A1
D: Data Tuples
t
1
t
2
....,tN
…………………
A1
…………………
Ad
…………………
…
…………………
A2
I: B+-tree Index
…
…
…
…
…
…
…
…
n
1
n
2
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
I
D
n
1
n
2
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … … … … … … … …
IE
E(n2)
E(n1)
… … …
… … …
… … … … … … … … … … … … … … … … … … … … … … … … … … …
TD
tc1
tc2
… … …
… … …
… … … … … … … … … … … … … … … … … … … … … … … … … … …
TE
E(tc2)
E(tc1)
S
i
S
1
S
n
Cloud Servers
Salted IDA
Slide48Practical Secure Query Processing
4/11/2013
ICDE 2013 Tutorial
48
C
lient
Proxy
S
i
S
1
S
n
Cloud Servers
…
Index I
…
…
root
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
IE
E(n
2
)
E(n
1
)
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
… … …
TE
E(tc
2
)
E(tc
1
)
IE
col1
IE
col1
…
…
n
1
1
2
…
…
…
IE
:1
E(n
1
)
…
…
…
IE
:1
E(n
1
)
TE
col2
TE
col2
…
…
…
TE
:2
E(tc
2
)
…
…
…
TE
:2
E(tc
2
)
Cache partial index nodes
on client to improve efficiency
Slide49Encrypted Index Review
ProsCan be directly deployed on existing cloud settingsProvide stronger confidentiality than partition, order-preserving encryption without losing query efficiencyConsThe Cloud’s computational ability is under utilizedQueries directly supported are limited to queries on indexed key attributes
4/11/2013
ICDE 2013 Tutorial
49
Slide50Data Confidentiality
1. EncryptionHomomorphic encryptionPartition IndexOrder-preserving encryptionEncrypted Index2. Leveraging Trust
4/11/2013
ICDE 2013 Tutorial
50
Slide51Distribution instead of Encryption
Under non-communicating servers assumption [Aggarwal et al. CIDR’05]
4/11/2013
ICDE 2013 Tutorial
51
Server 1
Server 2
Sensitive attributes
E(telephone), E(email)
Sensitive association
name, salary
name
salary
n
ame, E(salary)
Query
Q1
Q2
Result(Q1) join Result(Q2)
Slide52Distribution Review
ProsReduce encryption and decryption overheadConsNon-communicating servers assumption is strong*Data distribution policy is usually not up to a client, but decided by cloud server providers* [Emekci et al. ICDE’06, Agrawal et al. SRDS’88, Ciriani et al. ESORICS’09]
4/11/2013
ICDE 2013 Tutorial
52
Slide53Tamper Resistant Trusted Hardware
4/11/2013
ICDE 2013 Tutorial
53
Slide54Computation Cost Consideration
4/11/2013
ICDE 2013 Tutorial
54
Slide55Trusteddb [Bajaj et al. SIGMOD’11]
4/11/2013
ICDE 2013 Tutorial
55
Slide56Trusted Computing Review
ProsSupport almost all existing DBMS functionalitiesConsComputing and memory resources are limited Cipherbase [Arasu et al. CIDR’13]: better optimization based on trusted hardwareRequires secret key handover from user to trusted hardware
4/11/2013
ICDE 2013 Tutorial
56
Slide57Outline
Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges
4/11/2013
ICDE 2013 Tutorial
57
Slide58Access Privacy
1. Private Information Retrieval (PIR)2. Oblivious RAM3. Relaxing Privacy
4/11/2013
ICDE 2013 Tutorial
58
Slide59Private Information Retrieval[Chor et al. JACM’98]
Multi-servers information theoretic PIRImplemented based on XOR, polynomial interpolationAchieves 2-server communication complexity O(n1/3)Tolerate collusions of up to t < k serversSingle-server PIRRequire only computational indistinguishability
4/11/2013
ICDE 2013 Tutorial
59
X=
X
1X2………Xn
database
Server
Client
q=“give me
i
th
record”
encrypted(q)
encrypted-result=f(X, encrypted(q))
X
i
Slide60cPIR Theoretical Background
Quadratic Residue (QR)x is a quadratic residue (QR) mod N if E.g. N=35, 11 is QR (92=11 mod 35)3 is QNR (no y exists such that y2=3 mod 35)Essential properties:QR ×QR = QRQR ×QNR = QNRLet N =p1×p2, p1 and p2 are large primes of m/2 bits.Quadratic Residuosity Assumption (QRA)Determining if a number is a QR or a QNR is computationally hard if p1 and p2 are not given.
4/11/2013
ICDE 2013 Tutorial
60
Slide61
Single Database cPIR [Kushilevitz et al. FOCS’97]
4/11/2013
ICDE 2013 Tutorial
61
Adapted from Tan’s presentation
0
1
0
1
1
1
0
1
0
1
0
1
0
1
1
1
e
g
Get
M
2,3
N=35
QNR={3,12,13,17,27,33}
QR={1,4,9,11,16,29}
4 16 17 11
QNR
z
4
z3z2z1
z
2
=QNR => X
10
=1z2=QR => X10=0
M
2,3
2732717
Computation cost: O(n)
C
lient
Server
z
:
Slide624/11/2013
ICDE 2013 Tutorial
62
Practicality of PIR [Sion et al. NDSS’07, Olumofin et al. FC’11]
cPIR
is more than one order of magnitude slower than trivial data transfer.
Multi-server PIR is more practical, but it requires servers cannot collude.
Slide63PIR Could Be More Practical [Olumofin et al. FC’11]
Multi-server information-theoretic PIRSingle-server lattice-based PIR Unlike previous cPIR which are based on number theoryCan achieve one order of magnitude speedup by using GPUCons: security not well understood as number theory based cPIR
4/11/2013
ICDE 2013 Tutorial
63
Slide64Access Privacy
1. Private Information Retrieval (PIR)2. Oblivious RAM3. Relaxing Privacy
4/11/2013
ICDE 2013 Tutorial
64
Slide65Oblivious RAM Based PIR[Goldreich & Ostrovsky JACM ‘96 Williams et al. NDSS’08]
A step towards making PIR practicalOblivious RAM : achieve oblivious access in server memoryOrganize data in pyramid like levels of bucketsEnsure each access touches a bucket at every level
4/11/2013
ICDE 2013 Tutorial
65
Slide664/11/2013
ICDE 2013 Tutorial
66
Slide67Oblivious RAM Based PIR
4/11/2013
ICDE 2013 Tutorial
67
Computation cost: O(log
2
n)
Needs some client storage during oblivious re-ordering of encrypted data
Slide68Oblivious RAM Review
ProsComputation and communication complexities <= O(log2n) per query ConsClient storage requires O()
4/11/2013
ICDE 2013 Tutorial
68
Slide69Access Privacy
1. Private Information Retrieval (PIR)2. Oblivious RAM3. Relaxing Privacy
4/11/2013
ICDE 2013 Tutorial
69
Slide70Bounding-Box PIR [Wang et al. DBSEC’10]
4/11/2013
ICDE 2013 Tutorial
70
0
1
0
1
1
1
0
1
0
1
0
1
0
1
1
1
e
g
Get
M
2,3
N
=35QNR={3,12,13,17,27,33}QR={1,4,9,11,16,29}
z
2
=QNR => M2,3=1
M
2,3
1727
16 17
QNR
y
:
z
:
Bounding Box
C
lient
Server
Slide71Hybrid Approach with Homomorphic Encryption [Wang et al. DAPD’13]
4/11/2013
ICDE 2013 Tutorial
71
C
lient
S
erver
0.1. bucket summary S
0.2. public key K
pub
1. query vector Q’
2
. answer vector V
3. decrypt V & filter
R
pub
.B
:
[0,100)
S
1
:
0
20
50
6
0
70
8
5
9
5
100
BK
1
BK
2
BK
3
BK
4
BK
5
BK
6
BK
7
S
1
K
pub
Q: [45, 65)
Q’: (E(0), E(1), E(1), E(1), E(0), E(0), E(0))
V: (E(0)
VBK1
, E(1)
VBK2, E(1)VBK3, E(1)VBK4, E(0)VBK5, E(0)VBK6, E(0)VBK7)
D(V[2]) = D(E(1)
VBK2
) = D(E(1))*VBK
2
= VBK
2
D(V[3])
=
D(E(1)
VBK3
)
= D(E(1))*
VBK
3
=
VBK
3
D(V[4])
=
D(E(1)
VBK4
)
= D(E(1))*
VBK
4
=
VBK
4
Slide72Hybrid Approach with Homomorphic Encryption [Wang et al. DAPD’13]
4/11/2013
ICDE 2013 Tutorial
72
Client selects subset of buckets for server to work onPrivate query bucketsRelevant frequently co-accessed sets of buckets of other usersReasons for using frequent bucket setsHide in crowdLess identifiable
S
erver
BHE
BHE
C
lient
q
uery
history
C
lient
q
uery
history
p
rivate
distributed
frequent pattern mining
[TKDE04]
FBS
C
lient
S
erver
H
HE
Q’: (
0
,
E(1)
,
E(1)
,
E(1)
,
0
,
E(0)
,
E(0)
)
Slide73Access Pattern Privacy on Encrypted Index [Vimercati et al. ICDCS’11]
Not using any cryptographic protocolsCover searches Fake searchesCached searchesCache index nodesIndex shufflingExchange contents between index nodesCounteract node-data association attacks
4/11/2013
ICDE 2013 Tutorial
73
Slide74Index Shuffling
4/11/2013
ICDE 2013 Tutorial
74
Slide75Relaxing Privacy Review
ProsMore computationally efficient than PIRCons(Incomplete) privacy tricky to define and quantify
4/11/2013
ICDE 2013 Tutorial
75
Slide76Outline
Database Security and PrivacyData Security and Privacy in the CloudData ConfidentialityAccess PrivacyOpen Research Challenges
4/11/2013
ICDE 2013 Tutorial
76
Slide77Open Research Problems
Homomorphic encryption for processing range/join database queries on encrypted dataImprove performance of querying encrypted data for use in practical OLTP applicationsPre-computationParallel calculationEnd to end security in the cloudNeed information flow control and auditing in addition to cryptography or trusted computing based approaches
4/11/2013
ICDE 2013 Tutorial
77
Slide78Concluding Remarks
Cloud security and privacy is not a completely new problem. Some issues are amplified by the cloud.Protecting data confidentiality and access privacyMaintaining practical functionality and performance while achieving security and privacy
4/11/2013
ICDE 2013 Tutorial
78
Slide79References
[Bertino et al. TDSC’05] E. Bertino et al. Database security-concepts, approaches, and challenges. In IEEE TDSC, 2(1), 2005.[Samarati et al. TR’98] P. Samarati et al. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. TR 1998.[Machanavajjhala et al. ICDE’06] A. Machanavajjhala et al. l-diversity: privacy beyond k-anonymity. In ICDE 2006.[Li et al. ICDE’07] N. Li et al. t-closeness: privacy beyond k-anonymity and l-diversity. In ICDE 2007.[Dwork ICALP’06] C. Dwork. Differential privacy. In ICALP(2) 2006.[Verykios et al. SIGMOD’04] V. S. Verykios et al. State-of-the-art in privacy preserving data mining. In SIGMOD 2004.[Agrawal et al. SIGMOD’00] R. Agrawal et al. Privacy-preserving data mining. In SIGMOD 2000. [Clifton et al. KDD’02] C. Clifton et al. Tools for privacy preserving distributed data mining. In KDD 2002. [Anciaux et al. SIGMOD’07] N. Anciaux et al. GhostDB: querying visible and hidden data without leaks. In SIGMOD 2007.
4/11/2013
ICDE 2013 Tutorial
79
Slide80References
[Chaudhuri et al. CIDR’11] S. Chaudhuri et al. Database access control & privacy: is there a common ground? In CIDR 2011.[Ristenpart et al. CCS’09] T. Ristenpart et al. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In CCS 2009.[Somorovsky et al. CCSW’11] J. Somorovsky et al. All your clouds are belong to us: security analysis of cloud management interfaces. In CCSW 2011.[Hacigümüs et al. ICDE’02] H. Hacigümüs et al. Providing database as a service. In ICDE 2002.[Song et al. S&P’00] D. Song et al. Practical techniques for searches on encrypted data. In S&P 2000.[Hacigümüs et al. SIGMOD’02] H. Hacigümüs et al. Executing SQL over encrypted data in the database service provider mode. In SIGMOD 2002.[Hore et al. VLDB’04] B. Hore et al. A privacy-preserving index for range queries. In VLDB 2004.[Agrawal et al. SIGMOD’04] R. Agrawal et al. Order preserving encryption for numeric data. In SIGMOD 2004.
4/11/2013
ICDE 2013 Tutorial
80
Slide81References
[Popa et al. SOSP’11] R. A. Popa et al. Cryptdb: protecting confidentiality with encrypted query processing. In SOSP 2011.[Damiani et al. CCS’03] E. Damiani et al. Balancing confidentiality and efficiency in untrusted relational DBMSs. In CCS 2003.[Wang et al. SDM’11] S. Wang et al. A comprehensive framework for secure query processing on relational data in the cloud. In SDM 2011.[Aggarwal et al. CIDR’05] G. Aggarwal et al. Two can keep a secret: a distributed architecture for secure database services. In CIDR 2005.[Emekci et al. ICDE’06] F. Emekci et al. Privacy preserving query processing using third parties. In ICDE 2006.[Agrawal et al. SRDS’88] D. Agrawal et al. Quorum consensus algorithms for secure and reliable data. In SRDS 1988.[Bajaj et al. SIGMOD’11] S. Bajaj et al. Trusteddb: a trusted hardware based database with privacy and data confidentiality. In SIGMOD 2011. [Song et al. IEEE’12] D. Song et al. Cloud data protection for the masses. In IEEE Computer, 45(1), 2012.[Chor et al. JACM’98] B. Chor et al. Private information retrieval. In J. ACM, 45(6), 1998.
4/11/2013
ICDE 2013 Tutorial
81
Slide82References
[Kushilevitz et al. FOCS’97] E. Kushilevitz et al. Replication is not needed: single database, computationally private information retrieval. In FOCS 1997.[Sion et al. NDSS’07] R. Sion et al. On the computational practicality of private information retrieval. In NDSS 2007.[Olumofin et al. FC’11] F. G. Olumofin et al. Revisiting the computational practicality of private information retrieval. In FC 2011.[Williams et al. NDSS’08] P. Williams et al. Usable private information retrieval. In NDSS 2008.[Wang et al. DBSEC’10] S. Wang et al. Generalizing PIR for practical private retrieval of public data. In DBSec 2010.[Wang et al. DAPD’13] S. Wang et al. Towards practical private processing of database queries over public data. In DAPD 2013.[Vimercati et al. ICDCS’11] S. D. C. Vimercati et al. Efficient and private access to outsourced data. In ICDCS 2011.
4/11/2013
ICDE 2013 Tutorial
82
Slide83Slide84Slide85Slide86Slide87
Secure and Privacy-Preserving
Download Presentation - The PPT/PDF document "Secure and Privacy-Preserving" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.