html5-img
1 / 14

Protection of outsourced data

Protection of outsourced data . Maria Angel Marquez Andrade. Protecting data. [1] Kenan , Kevin.  Cryptography in the database: the last line of defense . Addison Wesley, 2006. External third party , stores and manages the data. User. Server. Person who accesses the

eljah
Download Presentation

Protection of outsourced data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protection of outsourced data Maria Angel Marquez Andrade

  2. Protecting data [1] Kenan, Kevin. Cryptography in the database: the last line of defense. Addison Wesley, 2006.

  3. Externalthirdparty, stores and manages the data User Server Personwho accessesthe outsourced data Client User’sfront end Data Owner Organizationor individual whooutsourcesher data

  4. Data Encryption • Providesprivacy and integrity • Queriesmustbeexecutedonencrypted data • Create indexes • Applied at differentgranularitylevels: • TableorAttribute (wholerelationisreturned) • Tuple • Cell (manydecryptoperations)

  5. The emp table is mapped to a corresponding table at the server:empS(etuple, eidS, enameS, salaryS, addrS, didS) [2]. [2] Hore, Bijit, SharadMehrotra, and HakanHacigümüç. "Managing and queryingencrypted data. " Handbook of Database Security (2008): 163-190.

  6. Figure 2: Queryevaluationprocess [3] [3] Sabrina De CapitanidiVimercati, Sara Foresti, and PierangelaSamarati. "Protecting data in outsourcingscenarios." Handbookonsecuringcyber-physicalcriticalinfrastructure (2012).

  7. Indexingtechniques:

  8. Access control

  9. Using one key for each resource would require too many keys. • Adopt a key derivation method: each user has only 1 key. • The data owner encrypts r1 with a key that {A,B} can derive. Table 2. Anexample of Access Matrix [4] [4] Yu, WB Yonghong, and Wenyang BAI. "Integrated Privacy Protection and Access Control over Outsourced Database Services. " Journal of Computational Information Systems 6.8 (2010): 2767-2777.

  10. [4] Yu, WB Yonghong, and Wenyang BAI. "Integrated Privacy Protection and Access Control over Outsourced Database Services. " Journal of Computational Information Systems 6.8 (2010): 2767-2777. • DAG hierarchy: • Given two keys ki and kj, to derive kjfrom kithere exists a public token ti,jand a labellj. • Where ti,j= kjXOR f( ki, lj). • However, the problem of minimizing the # of tokens while remaining equivalent to the access matrix is NP-hard. (Use heuristics). NP-hardness results imply that for many combinatorial optimization problems there are no efficient algorithms that find an optimal solution, or even a near optimal solution, on every instance. A heuristic for an NP-hard problem is a polynomial time algorithm that produces optimal or near optimal solutions on some input instances, but may fail on others[4]. [4] Feige, Uriel. "Rigorous analysis of heuristics for NP-hard problems. "Proceedings of the 16th annual ACM-SIAM Symposium on Discrete Algorithms. 2005.

  11. Drawbacks of encryption

  12. Data fragmentation • Theassociation of data iswhatshouldbesecured. • Confidencialityconstraint c overrelation R(A1,…,An) can be a singletonoranassociation. • c0= {SSN} is a singleton. Thevalues of thisattributeshouldbeencrypted. • c1= {Name, Ilness} isanassociation. Theattributesshouldnotappeartogether as plaintext. Fig. 2. An example of plaintext relation (a) and its well defined constraints (b) [5] [5]Ciriani, Valentina, et al. "Combiningfragmentation and encryptiontoprotectprivacy in data storage.“ ACM TransactionsonInformation and System Security (TISSEC) 13.3 (2010): 22.

  13. Fig. 3. An example of physical fragments for the relation in Figure 2(a) [5] [5]Ciriani, Valentina, et al. "Combiningfragmentation and encryptiontoprotectprivacy in data storage.“ ACM TransactionsonInformation and System Security (TISSEC) 13.3 (2010): 22.

  14. Queryingthe data • Evaluatequery (q) bychosingonefragment • Chose a fragment in whichispossibletoexecutethemostselectiveconditions in the server side. Drawbacks offragmentation • Confidencialityconstraints are difficulttocreate. • Updatingthe data isdifficult.

More Related