Privacy preserving computation and verification of aggregate queries on outsourced databases
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on
  • Presentation posted in: General

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases. Brian Thompson 1 , Stuart Haber 2 , William G. Horne 2 , Tomas Sander 2 , and Danfeng Yao 1. 1. 2. Rutgers University Dept. of Computer Science Piscataway, NJ. Hewlett-Packard Labs

Download Presentation

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privacy preserving computation and verification of aggregate queries on outsourced databases

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases

Brian Thompson1, Stuart Haber2, William G. Horne2, Tomas Sander2, and Danfeng Yao1

1

2

Rutgers University

Dept. of Computer Science

Piscataway, NJ

Hewlett-Packard Labs

5 Vaughn Dr., Suite 301

Princeton, NJ


Contributions

Contributions

  • An efficient, distributed architecture for outsourcing databases

  • A privacy-preserving protocol for computing aggregate queries that is resistant to collusion of dishonest service providers

  • A mechanism that allows users to verify the integrity and correctness of aggregate query responses

PDAS: Privacy-Preserving Database-As-a-Service


Outline

Outline

  • Motivation

  • PDAS Architecture and Protocol

  • Secure Computation of Aggregate Queries

  • Correctness Verification

  • Conclusions and Future Work


Outline1

Outline

  • Motivation

  • PDAS Architecture and Protocol

  • Secure Computation of Aggregate Queries

  • Correctness Verification

  • Conclusions and Future Work


Simple client server model

Simple Client-Server Model

Client

Data Owner

Client

query

response

Client

Client

Client

What if data owner has insufficient time or resources to answer all queries?

PDAS: Privacy-Preserving Database-As-a-Service


Database as a service

Database-As-a-Service

  • Outsource database to a trusted third-party service provider (SP).

  • SP supports and maintains DBMS infrastructure, stores data and responds to queries.

  • Applications: Census data, medical records, network monitoring, recommendation systems.

  • Data may be private or sensitive.

    • Only answer queries that follow a pre-defined inference control policy.

outside scope of our work

PDAS: Privacy-Preserving Database-As-a-Service


Database as a service1

Database-As-a-Service

Security threat!

What if server is compromised or SP is malicious?

Data Owner

sensitive data,inference control policy

Service Provider

Integrity issue!

How does Client know that results are correct?

query rejected!

result AQ

query Q

Client

PDAS: Privacy-Preserving Database-As-a-Service


Database as a service2

Database-As-a-Service

  • Encryption [HIM02, MT06]

    • When client is the original data owner.

  • Publish only statistics

    • Limits utility for complex data mining apps.

  • Publish representative subset

    • Good for approximate query results.

    • No privacy for individuals in released dataset.

PDAS: Privacy-Preserving Database-As-a-Service


Our solution privacy preserving database as a service pdas

Our Solution: Privacy-Preserving Database-As-a-Service (PDAS)

  • Outsource database to m service providers.

  • Each SP gets a “share” of each data item.

  • Each share gives zero information, but the shares can be combined to reconstruct the original data. [Shamir ’79]

  • A homomorphic commitment scheme is used to guarantee correctness. [Pedersen ’91]

PDAS: Privacy-Preserving Database-As-a-Service


Outline2

Outline

  • Motivation

  • PDAS Architecture and Protocol

  • Secure Computation of Aggregate Queries

  • Correctness Verification

  • Conclusions and Future Work


Pdas architecture

PDAS Architecture

Data Owner

request shares of AQ

SP1

SP2

SP3

calculate share AQ1

calculate share AQ2

calculate result AQ

calculate share AQ3

aggregate query Q

result AQ,proof of correctness

Client

PDAS: Privacy-Preserving Database-As-a-Service


Pdas protocol

PDAS Protocol

  • COMMIT: Data owner generates commitment values, signs root of Merkle hash tree.

  • DISTRIBUTE: Shares of each data item are distributed to SPs using Shamir secret-sharing.

  • QUERY: Client submits aggregate query to SP.

  • RESPOND: SP requests shares of aggregate from other SPs, recovers result, returns to Client.

  • VERIFY: Client checks commitments against signed root hash, verifies commitment for result.

PDAS: Privacy-Preserving Database-As-a-Service


Outline3

Outline

  • Motivation

  • PDAS Architecture and Protocol

  • Secure Computation of Aggregate Queries

  • Correctness Verification

  • Conclusions and Future Work


Privacy preserving computation and verification of aggregate queries on outsourced databases

Note: Computation in the field Fq

Note: Allows for threshold scheme

Secret Sharing with Polynomials

[Shamir ’79]

  • Construct a random (k-1)-degree polynomial P with P(0) = S.

  • Each share is a point on the curve.

  • k points are both necessary and sufficientto uniquely determine the polynomial.

PDAS: Privacy-Preserving Database-As-a-Service


Privacy preserving computation and verification of aggregate queries on outsourced databases

x1

x2

x3

Secret Sharing with Polynomials

PA(x)

(x1, PA(x1))

(0, A)

(x2, PA(x2))

(x3, PA(x3))


Privacy preserving computation and verification of aggregate queries on outsourced databases

x1

x2

x3

Secret Sharing with Polynomials

(x1, PB(x1))

(0, B)

(x2, PB(x2))

(x3, PB(x3))

PB(x)


Privacy preserving computation and verification of aggregate queries on outsourced databases

x1

x2

x3

Secret Sharing with Polynomials

Task: secure computation of A + B

Task: computeA + B

PA(x)

(x1, PB(x1))

(0, B)

(x2, PB(x2))

(x3, PB(x3))

(x1, PA(x1))

(0, A)

PB(x)

(x2, PA(x2))

(x3, PA(x3))


Privacy preserving computation and verification of aggregate queries on outsourced databases

x1

x2

x3

Secret Sharing with Polynomials

Determined the sum A+B without revealing A or B !

Player 1 calculates: PA(x1) + PB(x1)

Player 3 calculates: PA(x3) + PB(x3)

Player 2 calculates: PA(x2) + PB(x2)

(x1, PA+B(x1))

(0, A+B)

PA(x)

(x1, PB(x1))

(x2, PB(x2))

(x3, PB(x3))

PA+B(x)

(x2, PA+B(x2))

(x1, PA(x1))

(x3, PA+B(x3))

PB(x)

(x2, PA(x2))

(x3, PA(x3))


Secret sharing in pdas

Secret Sharing in PDAS

  • A secret-sharing polynomial Pj is constructed for each data element Dj , i.e.

  • The share of data Djfor SPi is

  • Suppose client queries for

  • SPi computes and broadcasts

  • Using polynomial interpolation, the SPs can derive the polynomial

PDAS: Privacy-Preserving Database-As-a-Service


Secret sharing in pdas1

Secret Sharing in PDAS

  • Honest SPs only contribute to a computation if the query follows the data owner’s policy.

  • PDAS allows for a (k,m) threshold scheme, where any k of m SPs can answer a query. If less than k collaborate, they learn nothing.

  • If there are less than k dishonest SPs, the system has information theoretic security.

  • Privacy is preserved* – no information is leaked besides the query results!

PDAS: Privacy-Preserving Database-As-a-Service


Outline4

Outline

  • Motivation

  • PDAS Architecture and Protocol

  • Secure Computation of Aggregate Queries

  • Correctness Verification

  • Conclusions and Future Work


Verification in pdas

Verification in PDAS

The Pedersen Commitment Scheme [’91]

Prover: COMMIT( )

  • Publish generators of group

  • Choose random

  • Calculate commitment value:

    Verifier: VERIFY( )

  • Check commitment:

PDAS: Privacy-Preserving Database-As-a-Service


Verification in pdas1

Verification in PDAS

  • Owner computes commitment to each data entry and signs to authenticate.

  • Given , the client verifies the commitment: .

  • This requires access to sensitive data !

  • Problem: How to verify an aggregate query result without access to individual entries?

Use a homomorphic commitment scheme!

PDAS: Privacy-Preserving Database-As-a-Service


Verification in pdas2

commitments signed by data owner

What is x1+ x2?

Verification in PDAS

Pedersen commitment scheme is homomorphic:

Verify:

Service Provider

PDAS: Privacy-Preserving Database-As-a-Service


Verification in pdas3

hroot

Verification in PDAS

  • Use Merkle hash tree to improve efficiency.

  • Data owner only signs once: the root hash.

hroot

h0

h1

h00

h01

h10

h11

PDAS: Privacy-Preserving Database-As-a-Service


Outline5

Outline

  • Motivation

  • PDAS Architecture and Protocol

  • Secure Computation of Aggregate Queries

  • Correctness Verification

  • Conclusions and Future Work


Security properties of pdas

Security Properties of PDAS

  • Secrecy: Only query results are revealed.

  • Security: Commitments are computationally binding and unconditionally hiding.

  • Correctness: Accuracy, integrity guaranteed.

  • Collusion resistance: Privacy is protected against k-1 collaborating adversaries.

  • Accountability: Malicious SPs will be caught.

In practice, may relax some properties to achieve greater functionality. Details in corrected version of paper.

PDAS: Privacy-Preserving Database-As-a-Service


Efficiency of pdas

Efficiency of PDAS

  • Setup cost is O(nm) time* for data owner, but there is no maintenance cost.

  • Space required is O(n) for each SP.

  • Time complexity to compute a query over subset S is only O(|S|) for each SP, plus O(|S| log n) communication cost.

  • Verification has computational and communication cost O(min(|S| log n, n)).

PDAS: Privacy-Preserving Database-As-a-Service


Extensions

Extensions

  • Dynamic databases

    • Support efficient addition/deletion

  • Multiple data owners

  • Load balancing

  • Selection over insensitive attributes

    • “Mixed” databases

    • Guaranteeing completeness

PDAS: Privacy-Preserving Database-As-a-Service


Future work

Future Work

Complex queries

Nested queries

Selection over sensitive attributes

MAX, MIN

Inference control

Differential privacy [Dwork06]

Private Information Retrieval

[Chor, Goldreich, Kushilevitz, Sudan ‘95]

PETS 2009

PDAS: Privacy-Preserving Database-As-a-Service


Conclusions

Conclusions

PDAS accomplishes the following goals:

  • A distributed architecture for computing aggregate queries over sensitive data in outsourced databases.

  • An efficient protocol for verifying the accuracy and integrity of query results.

  • A secure system that is robust against a network of k-1 collaborating adversaries.

PDAS: Privacy-Preserving Database-As-a-Service


Thank you

Thank you!

Corrected version to be available soon:

http://www.cs.rutgers.edu/~danfeng/

PDAS: Privacy-Preserving Database-As-a-Service


Privacy preserving computation and verification of aggregate queries on outsourced databases

PDAS: Privacy-Preserving Database-As-a-Service


Extra slides

Extra Slides

PDAS: Privacy-Preserving Database-As-a-Service


Our solution secret sharing

SUM = ?

Our Solution: Secret Sharing

  • How to enforce a query response policy?

Please give me your share of ΣDj!

Okay, sure!

PDAS: Privacy-Preserving Database-As-a-Service


Our solution secret sharing1

Our Solution: Secret Sharing

  • How to enforce a query response policy?

Please give me your share of x!

No, I’m not supposed to. . .

PDAS: Privacy-Preserving Database-As-a-Service


Secret sharing

Secret Sharing

PDAS: Privacy-Preserving Database-As-a-Service


Related work

Related Work

  • H. Hacigümüs, B. Iyer, S. Mehrotra. “Efficient Execution of Aggregation Queries over Encrypted Relational Databases.” DASFAA, 2004.

  • F. Chin. “Security Problems on Inference Control for SUM, MAX, and MIN Queries.” Journal of ACM, 1986.

  • G. Jagannathan, R. Wright. “Private Inference Control for Aggregate Database Queries.” PADM, 2007.

PDAS: Privacy-Preserving Database-As-a-Service


  • Login