1 / 93

Multi-Dimensional Range Query over Encrypted Data

Multi-Dimensional Range Query over Encrypted Data. Elaine Shi Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig. Network Audit Logs. Network gateway. Data center. Network Audit Logs. Network gateway. Data center. An Ideal Solution. Network gateway. Data center.

mariannew
Download Presentation

Multi-Dimensional Range Query over Encrypted Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-Dimensional Range Query over Encrypted Data Elaine Shi Joint work with John Bethencourt, Hubert Chan, Dawn Song, Adrian Perrig

  2. Network Audit Logs Network gateway Data center

  3. Network Audit Logs Network gateway Data center

  4. An Ideal Solution Network gateway Data center

  5. Auditor Query: (100 · port · 200) Æ ( ip 2 128.1.*.*) Trusted authority auditor

  6. Auditor Query: (100 · port · 200) Æ ( ip 2 128.1.*.*) Capability: (100 · port · 200) Æ ( ip 2 128.1.*.*) Trusted authority auditor

  7. Security Capability: (100·port ·200) Æ (ip 2128.1.*.*) • Can decrypt all matching entries • Cannot learn additional information for non-matching entries • Except for the fact that they do not match

  8. The Challenges • Current practices: • No encryption • All-or-nothing decryption • Encryption with simple searches • Challenge: • How to design such an encryption scheme • Efficiency • Provable security

  9. Generalized Problem Definition Setup: • Record: E = (msg, X) • msg 2 {0,1}* : non-searchable • X = (x1, x2, … , xn) 2 {0,1}n : searchable

  10. Generalized Problem Definition Setup: • Record: E = (msg, X) • msg 2 {0,1}* : non-searchable • X = (x1, x2, … , xn) 2 {0,1}n : searchable

  11. Generalized Problem Definition • KeyGen • Key generation • Encrypt • Encryption • DeriveCap • Compute a capability • QueryDecrypt • Attempt to decrypt using a capability

  12. KeyGen (, n) • : security parameter • n: bit-length of X KeyGen(, n) Trusted authority

  13. KeyGen (, n) • Publish PK – public key • Retain MSK – master secret key KeyGen(, n) PK MSK Trusted authority

  14. Encrypt(PK, X, msg) X = 00110 C Ã Encrypt(PK, X, msg)

  15. Encrypt(PK, X, msg): Network Audit Log X = (IP = 1.2.3.4, port = 80, time = May 1st) C Ã Encrypt(PK, X, “Hello”)

  16. P DeriveCap(PK, MSK, P ) P

  17. DeriveCap(PK, MSK, P ) P:f(X) = 0 P:f(X) = 1 f: {0, 1}n ! {0, 1}

  18. DeriveCap(PK, MSK, P ): Network Audit Log P: f(X) = 0 P:f(X) = 1 f: {0, 1}n ! {0, 1} Network audit log example: X :(IP, port, time) P : range query on X: (IP 2 128.2.*.*) Æ (port 2 [100, 200]) Æ (time 2 “May 2nd”)

  19. P DeriveCap(PK, MSK, P ) Cap(P ) Ã DeriveCap(PK, MSK, P ) P Capability for property P

  20. P QueryDecrypt(PK, Cap(P ), C) P

  21. Generalized Problem Definition • KeyGen(, n) • Key generation • Encrypt(PK, X, msg) • Encryption • DeriveCap(PK, MSK, P ) • Compute a capability • QueryDecrypt(PK, Cap(P) , C) • Attempt to decrypt using a capability

  22. Generalized Problem Definition • KeyGen(, n) • Key generation • Encrypt(PK, X, msg) • Encryption • DeriveCap(PK, MSK, P ) • Compute a capability • QueryDecrypt(PK, Cap(P) , C) • Attempt to decrypt using a capability X, P Network audit log example: X :(IP, port, time) P : range query on X

  23. Security Requirements • Suppose adversary has capabilities for properties P1, P2, …, Pq • Let C = Encrypt(PK, X, msg) • 81 · i · q, X 2Pi • Adversary cannot learn additional information about X or msg • Computationally bounded adversary

  24. Stock Trading through a Broker broker Buy if (price < $$$) Æ (time 2 {today, tomorrow} ) Buy/sell order Current stock price exchange investor

  25. Stock Trading through a Broker broker Buy if (price < $$$) Æ (time 2 {today, tomorrow} ) Buy/sell order Current stock price exchange investor

  26. Stock Trading through a Broker broker Buy if (price < $$$) Æ (time 2 {today, tomorrow} ) Buy/sell order Current stock price exchange: Trusted party investor

  27. Generalized Problem Definition • KeyGen(, n) • Key generation • Encrypt(PK, X, msg) • Encryption • DeriveCap(PK, MSK, P ) • Compute a capability • QueryDecrypt(PK, Cap(P) , C) • Attempt to decrypt using a capability X, P Stock trading example: X : {time range} £ {price range} P : (price, time) 2 X, range query

  28. Remark • Network audit log ÃRQED • Encrypt under a point • Decrypt under a range • Stock trading ÃDual • Encrypt under a range • Decrypt under a point • RQED ! Dual

  29. In this talk • Focus on multi-dimensional range query • In database applications, SQL queries are by nature range queries.

  30. 2-Dimensional Example Encrypt(msg, X) X = (IP, port)

  31. 2-Dimensional Example Encrypt(msg, X) X = (IP, port)

  32. 2-Dimensional Example Encrypt(msg, X) X = (IP, port)

  33. Roadmap • Trivial construction • Reducing public key size • Using Anonymous Identity-Based Encryption • Efficient representation for ranges • 1 dimensional scheme • Extension to multiple dimensions

  34. Roadmap • Trivial construction • Reducing public key size • Using Anonymous Identity-Based Encryption • Efficient representation for ranges • 1 dimensional scheme • Extension to multiple dimensions Main Technical Difficulty: Extension from 1-dim to multi-dim

  35. Trivial Construction public-key encryptionPE = (K, E, D) B: hyper-rectangle, • RQED: • PK • MSK • Encrypt(PK, X, msg) • CapB • QueryDec(PK, CapB, C) • PE : • PKX for every point X • SKX for every point X • E (PKX, msg||0t) • SKX for each X 2 B • D (PKX,SKX, C) for each X 2 B

  36. Trivial Construction public-key encryptionPE = (K, E, D) B: hyper-rectangle, • RQED: • PK • MSK • Encrypt(PK, X, msg) • CapB • QueryDec(PK, CapB, C) • PE : • PKX for every point X • SKX for every point X • E (PKX, msg) • SKX for each X 2 B • D (PKX,SKX, C) for each X 2 B

  37. Trivial Construction PE = (K, E, D): public-key encryption B: hyper-rectangle, • RQED: • PK • MSK • Encrypt(PK, X, msg) • CapB • QueryDec(PK, CapB, C) • PE : • PKX for every point X • SKX for every point X • E (PKX, msg) • SKX for each X 2 B • D (PKX,SKX, C) for each X 2 B

  38. Trivial Construction T: # different values along each dimension D: # dimensions

  39. Trivial Construction T: # different values along each dimension D: # dimensions

  40. Roadmap • Trivial construction • Reducing public key size • Using Anonymous Identity-Based Encryption • Efficient representation for ranges • 1 dimensional scheme • Extension to multiple dimensions

  41. What is AIBE? ID1 Public key encryption (PK1, SK1) ID2 PK1 ID3 ID4 ID5

  42. What is AIBE? ID1 Public key encryption ID2 C Ã Encrypt(PK1, msg) ID3 ID4 ID5

  43. What is AIBE? ID1 Public key encryption ID2 msg à Decrypt(PK1, SK1, C) C à Encrypt(PK1, msg) ID3 ID4 ID5

  44. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) ID2 ID3 Trusted authority ID4 ID5

  45. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) ID2 PK ID3 Trusted authority ID4 ID5

  46. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) ID2 PK ID3 Trusted authority ID4 • Global public key: • rather than different public key for each user ID5

  47. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) SK1 ID2 MSK SK2 ID3 SK3 Trusted authority SK4 ID4 SK5 ID5

  48. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) ID2 C Ã Encrypt(PK, ID1, msg) ID3 Trusted authority ID4 ID5

  49. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) ID2 msg à Decrypt(PK, SK1, C) C à Encrypt(PK, ID1, msg) ID3 Trusted authority ID4 ID5

  50. What is AIBE? ID1 Anonymous Identity-Based Encryption (AIBE) ID2 C Ã Encrypt(PK, ID1, msg) C = ??????? ID3 Trusted authority ID4 ID5

More Related