Download
1 / 28
300 likes | 753 Views
Secure kNN Computation on Encrypted Data base. B98505024 吳昇峰. 前情提要 (?. 現今網路都放在 service provider 的機房內 (Out source database). SECURITY 越來越重要了 但要怎麼確保 安全 性呢 ?. 加密 !! Encryption. attacker. THE SCONEDB MODEL. Secret key K Database encryption function E t () Query encryption function E D ()
E N D
Secure kNN Computation on Encrypted Data base B98505024 吳昇峰
前情提要(? • 現今網路都放在service provider的機房內(Out source database) SECURITY越來越重要了 但要怎麼確保安全性呢? 加密!!Encryption
attacker THE SCONEDB MODEL Secret key K Database encryption function Et() Query encryption function ED() Result decryption function D() EDBMS DB Aux Query processer Can access EDBMS Encrypted database, queries, result Except key DATA Player 1 (Owner) Player 2 q DB secret key K EQ() q ET() DB D()
Attack levels • Knowledge(H) ==attacker所知道的 • Level 1: Observes only the encrypted database E(DB) H=(E(DB)) 只拿到有加密的DB • Level 2:Knows a set of plain tuples P in DB don’t know the corresponding encrypt values of those tuplesH=(E(DB),P) • 拿到部分未加密的tuples 但不知道對應到加密過的DB的哪些資料 (主要目標) • Level 3: Observes a set of tuples P in DB and knows the corresponding encrypted values I , H=(E(DB),P,I) I(t)=Et(t,K) 除了拿到未加密的資料也拿到對應的加密過的地方 (rare)
KNN application in this model • Knn query search for k points in a database that are the nearest to a given query point q • 為什麼database 的點上有距離(? • 我們假設一個點上面有很多的值 舉例來說p(1,2,3.5,3) 這樣就可以構成一個在四維空間的點 這跟加密有什麼關係(? 因為他有個性質是可以用DPT(distance preserving transformation)去轉換資料的時候還可以保留點到點的距離 BUT!!!!NOTSECURE!!!
如何攻擊 在加密的方式下 讓系統算出d(p1,p2)在E(DB),P1,p2為在db上的點 Distance-recoverable encryption
DPT-a example of DRE • 如果E是DPT • d(E(p1,K),E(p2,K))=d(p1,p2) • E= Np+t N,ptogether form the secret key • Resist level-1 attacks • Not secure under level-2 or level3
How to attack? • 假設attacker知道是用什麼算法 ex.在此他就會知道是d() 兩個點之間的距離 • 他想要求得db裡面的y • LEVEL3 • d(p,q) can be computed by d(E(p,K),E(q,K)) • If he knows points P (未加密){x1,x2,x3.....xd+1) 和他想要得到的點y’(加密) • d(xi,y)=d(I(xi),y’) 多個方程式取交集可以得到y這個值
How to attack? • Level 2P= {x1, x2, x3..... xd+1) • Signature linking attack • Construct P’s signature =pairwise distances between every two points in P • (d(x1,x2),d(x1,x3), d(x2,x3)…….) • Try to find an ordered set of encrypted points Q in E(DB) 當|Q|=|P|的時候,且當sig(Q)=sig(P) • 就可還原出原本的部分DB(晉升成level3的attack)
Math alert • 因為DRE可以讓attacker從加密算出他的signature • Can’t reveal distance information • Distance computation id not necessary • Given tow point p1,p2
Still distance recoverable • p1’*p1’ 這個owner可以自己先乘好放在DB • P1’*p2’need an encryption !
ASPE • Asymmetric scalar product preserving encryption ET() 和 Eq() 需要不同的加密
pTq=(pTM)(M-1q)=ET(p,K)Eq(q,K) • →p’=ET(p,K)=(pTM) • q’=Eq(q,K)=(M-1q) • Using the M and M-1 as transformations of query and points
把他藏起來(? • Point • Hide the product in the d+1 dimension of point p • 用 -0.5||p||2 • Ex. p=(3,4) ||p||2=25 • 則pnew=(3,4,-12.5) • Query • 必須增加一個dimension配合point 用1 • Ex q=(1,2) qnew=(1,2,1)
Weakness • Query will lie on a d-dimensional hyper plane • Can get some level-3-like information 補上一個randomfactor r to scale qnew=r(qT,1)T
Scheme 1 is not secure against level-3 attack • If there are d+1 points xi (1 ≤ i ≤ d+1) in P such that the vectors(xi, −0.5||xi||2) are linearly independent, then the attacker can recover DB from E(DB). How to improve again? 加大!!! 加複雜!
How to improve again? 加複雜! • Split it! p splitting p=pa+pb p=(3,7) pa=(10,2) pb(-7,5) q splitting Double attacks cost
General • players 1 and 2 secretly agree on which of p[i] and q[i] to split. • Share a configuration bit vector, indicates whether p-splitting or q-splitting
Artificial Dimensions 加大!!! • 增加Dimensions • 從d→d‘ • 在dimensions d+1~d’亂數產生 • 且product over these artificial attributes =0 • pnew*qnew=p*q • d’>=80 才安全
Scheme2 • Can resist level 3 attack • Scheme2=Scheme1+splitting+artificial dimensions
Test to break a DRE σ=minimum size of P n=how many point σ=4.6 average attack time is 314 seconds Easy to break!
