Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient Secure Query Evaluation over Encrypted XML Databases Wendy Hui Wang Laks V.S. Lakshmanan University of British Columbia, Canada.

Similar presentations


Presentation on theme: "Efficient Secure Query Evaluation over Encrypted XML Databases Wendy Hui Wang Laks V.S. Lakshmanan University of British Columbia, Canada."— Presentation transcript:

1 Efficient Secure Query Evaluation over Encrypted XML Databases Wendy Hui Wang Laks V.S. Lakshmanan University of British Columbia, Canada

2 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 2 Outline Introduction Design of metadata Secure and efficient query processing

3 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 3 Database-as-Service (DAS) Model Data owner Small business with limited budget (e. g., an online art gallery owner) Owns an XML database of large size (e. g., a database contains the information of paintings & customers ) Cannot afford a suitable database server More cost effective: hosts the database on a third- party remote server E.g., Caspio web database service provider

4 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 4 Security Concerns in DAS Model Data owner Does NOT trust the server Protects the sensitive information in the database Individual XML element with its content (structure of the subelements, data values, etc..) E.g., the customers financial information Association between data values E.g., the customers name and the paintings he/she purchased FinancialAccount visamastercardvisa ………

5 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 5 Database-as-Service Model (Cont.) Data Owner Stores the encrypted database on the server Keeps decryption keys to himself Server Provides data storage & query engine as services Doesnt have decryption keys

6 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 6 The Queries by Data Owner Remotely sent by data owners handheld devices The answers are a very small portion of the database E.g., The name of paintings that Andy bid for The answers are post-processed on the handheld devices The devices are installed with decryptor and query engine Limited bandwidth Limited memory and processing power

7 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 7 Na ï ve Method of Query Processing Returns the whole encrypted database back to the client Disadvantages Expensive cost of data transportation, decryption and query post- processing May exceed the computational capabilities of handheld devices Encrypted XML Database XML Decryptor Query Executor Answer of Query Client Untrusted Server

8 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 8 Another Option for Query Processing Encrypts tags & data values in the database individually E.g., Tags & values in the query are encrypted as the same as in database E.g., purchase[cname=Andy]/pname Query processing is more efficient than naïve method But there exists security breach! E.g., the attacker knows Andy is the biggest customer of the art gallery. Then the encrypted value on customer that is of the largest # of occurrences must correspond to Andy. purchase cname AndyLily pname purchase cname ALily pname purchase[cname=A]/pname

9 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 9 Our Goals Security Guarantee no leakage of sensitive information to the untrusted server/disk Efficient query evaluation The server returns ONLY the portions of database that is relevant to the data owners query

10 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 10 Our Approach XML Decryptor Query Translator Query Executor Encryption blocks relevant to Q //purchase[//cname= Andy ]/pname Client Untrusted Server QsQs Answer of Query Q Metadata …purchases … purchase cnamepname purchase cnamepname Andy LilyBettyReflection Query Q purchase cnamepname Andy Lily Encrypted XML Database

11 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 11 Our Contributions Security constraints (see paper) Formal definition of attack model and security Construction of the secure encryption scheme (see paper) Finding an optimal secure encryption scheme is NP-hard Design of the metadata on the server Efficient and secure query processing

12 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 12 Outline Introduction Design of metadata Structural index Value index Secure and efficient query processing

13 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 13 Structural Index Purpose: for efficient processing of tags and XPath predicates (/, //,[], sibings, etc..) in the query The interval index of the element Each element is assigned an interval (start; end) For parent u and child v, u:start < v:start < v:end < u:end The intervals of adjacent nodes dont overlap The structural index Index table entry: Encryption block table entry:

14 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 14 Attacks on Structural Index By accessing structural index T and encrypted element E, the attacker constructs the candidates of the original element that have the same structural index T the size of the encrypted candidate is the same as that of E [0, 1] β γ The # of such candidates is 1, i.e., the attacker can reconstruct the structure of the original element! [0.2, 0.25] [0.55, 0.75] δδδ [0.83, 0.84] Tagindex Enc(A)[0, 1] Enc(B)[0.2, 0.25] Enc(C)[0.55, 0.75] Enc(D)[0.8, 0.82], [0.83, 0.84], [0.85, 0.9] [0.8, 0.82] [0.85, 0.9] Index table α

15 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 15 More Secure Structural Index Grouping on the intervals in the index table The intervals of the adjacent nodes with the same tag and encrypted in the same block are grouped together Tagindex Enc(A)[0, 1] Enc(B)[0.2, 0.25] Enc(C)[0.55, 0.75] Enc(D)[0.8, 0.9] Index table before grouping Tagindex Enc(A)[0, 1] Enc(B)[0.2, 0.25] Enc(C)[0.55, 0.75] Enc(D)[0.8, 0.82], [0.83, 0.84], [0.85, 0.9] Index table after grouping

16 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 16 Security Example of Structural Index A [0, 1] B C Original element [0.2,0.25][0.55, 0.75] DDD [0.8, 0.9] A [0, 1] B C Candidate 1 [0.2,0.25][0.55, 0.75] CDD [0.8, 0.9] A [0, 1] B B Candidate 2 [0.2,0.25][0.55, 0.75] CCD [0.8, 0.9] 3 intervals on 5 leaf nodes # of Candidates:

17 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 17 Technical Result of Security of Structural Metadata We prove there exists a large number of candidate databases (including the true hosted database) such that : By applying any query that is captured by any security constraint, only the true database returns the non-empty answer By looking at the structural index, the candidates are pairwise indistinguishable

18 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 18 Related Work of Structural Index Efficient Tree Search in Encrypted XML Database [Brinkman et al. 2004] stores a relational table containing structural information of the database on server compromises security of structural information XML interval index schemes [Al-Khalifa et al.2002, Chien et.al, 2002, etc..] Only focus on efficiency. Dont consider security

19 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 19 Outline Design of metadata Structural index Value index Secure and efficient query processing

20 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 20 Value Index Purpose: for efficient processing of value-based constraints in the queries Every encrypted data value in the database is indexed in format By accessing value index, the attacker counts the # of occurrences of encrypted values Enc(100)Enc(30)Enc(20)Enc(70) Enc(50)Enc(90) 1, 2, 5, 63, 63, 41, 2 Block IDs Encrypted value

21 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 21 Attacks on Value Index Attackers aim: infer mapping between plaintext values and corresponding index, consequently crack the associations between data values E.g., he wants to find out what are the paintings Andy has bought. The names of paintings are not encrypted. But the names of customers are. His prior knowledge: # of occurrences of some data values in the original database E.g., from the newspaper, he knows Andy has bought 10 paintings from the art gallery for charity purpose.

22 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 22 Attacks on Value Index (Cont.) His approach: map the encrypted values with plaintext based on their # of occurrences E.g., A is the only value in index whose occurrences 10. Then A must map to Andy. Consequently the attacker finds out which paintings that Andy has purchased

23 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 23 Our Solution Order preserving encryption with splitting and scaling (OPESS) Order preserving: efficient query processing Splitting and scaling Purpose: change frequency distribution of encrypted data values in value index to be different from that of the frequencies of original values

24 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 24 Splitting Andy Betty Carl Plaintext value of CustomerName # of occurrence # of occurrence Encrypted value of CustomerName KH KA KT = WA WE 4+5 =9 5 SF 5=5 Every plaintext value p is encrypted into multiple distinct ciphertext values {v 1, v 2..v n } by using distinct keys. |v i |=|p|. encrypted value v i, |v i | {m-1, m, m+1} Orders preserved. Encrypted values corresponding to different plaintext values never straddle each other Mapping between encrypted values and plaintext values is unique, i.e., splitting alone is not secure! E.g., for data values on attribute CustomerName

25 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 25 Scaling E.g., for data values on attribute CustomerName Andy Betty Carl Plaintext value of CustomerName # of occurrence # of occurrence Encrypted value of CustomerName KH KA KT 4 5 WA WE 5 SF Every encrypted value replicated multiple times so their occurrences will be scaled up. By scaling, the mapping between encrypted values and plaintext values is not unique! Scale to To map 6 distinct ciphertext values to 3 distinct plaintext values, # of mappings =

26 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 26 Technical Results of Security of Value Index We prove there exists a large number of candidate databases (including the true hosted database) such that : By applying any query that is captured by any security constraint, only the true database returns the non-empty answer By looking at the value index, the candidates are pairwise indistinguishable

27 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 27 Related Work of Value Index Efficient processing of queries on encrypted relational database [Hacigumus et al. 2002] Index on the bucket ID, which represents the partition to which the unencrypted value belongs DO NOT consider occurrence-based distribution model Order-preserving encryption for numeric data [Agrawal et al. 2004] Consider a DIFFERENT histogram-based distribution model Balancing security and efficiency in untrusted relational DBMSs [Damiani et.al 2003] Propose indexing scheme by direct encryption and hashing, and measure the information exposure For the same occurrence-based distribution model as ours, their probability of information exposure can be HIGH The encryption is NOT order-preserving

28 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 28 Outline Introduction Design of metadata Secure and efficient query processing

29 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 29 Example of Query Processing XML Decryptor Query Translator Query Executor //purchase[cname= Andy ]/pname Client Untrusted Server Lily …purchases … purchase cname pname purchase cnamemname AndyLilyBetty Reflection Query Q purchase cnamemname Andy Lily Encrypted XML Database Translated Query Q s Block 1Block 2 Structural index Value index //α [β]/γ [β][β] {Block 1, 2} Block 1 {Block 1}Join {Block 1} // α [βKA AND β KT] /γ [βKA AND β KT]

30 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 30 Technical Results of Security of Query Answering Let A be any query that is captured by the security constraints, and Bel(B(A)) be the attackers belief probability of whether the hosted database satisfies A We prove that by answering queries, Bel(B(A)) does not increase

31 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 31 Experiments Impact of Optimization Compared with na ï ve method, our approach gets > 80% of savings!

32 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 32 Conclusion We consider the problem of efficient and secure evaluation of XPath queries on encrypted XML database We formally define the attack model and security (see paper) We propose The security constraints (see paper) The secure encryption scheme (see paper) The design of secure structural and value index The secure and efficient query evaluation

33 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 33 Future Work More prior knowledge Tag distribution Query workload distribution Correlations between data values Updates on database Definition of security Secure encryption scheme How to design metadata

34 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 34 Thank you ! Questions?

35 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 35 Extra Slides Extra slides

36 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 36 Similar Application Scenario: Untrusted Disk The attacker may install the Trojan virus on the disk where the databases are stored (maybe locally), and spy the operations on the databases The disk is not trusted anymore, which is similar to the untrusted server

37 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 37 More Discussion on Security of Structural Index Attacker still can infer the structural relations (e.g., parent/child, siblings, etc..) between the nodes in the encrypted elements However, he cannot reconstruct the exact content of original element

38 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 38 Other Contributions: Security Constraints Node type constraint For sensitive XML element with its content E.g., //customer//prescription Association type constraint For sensitive associations between data values E.g., //customer: (/name, //purchase//mname)

39 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 39 Security Definitions Query Executor Untrusted Server QsQs Encrypted XML Database Metadata Level 1: Secure Encryption Scheme Level 2: Secure Database System Level 3: Secure Query Answering A set of encryption blocks XML Decryptor Query Translator Query Executor Query Q Client Answer of Query Q

40 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 40 XML Encryption W3C standard Different encryption granularity Info …purchases… purchase cnamepname purchase cnamepname AndyLily BettyLast supper

41 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 41 XML Encryption (Cont.) Tradeoff exists between encryption granularity and efficient query processing Next question is Whats the optimal encryption scheme s.t. (1) it is secure, and (2) it facilitate the query processing?

42 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 42 Secure Encryption Scheme Encryption Scheme S: Every security constraint is enforced node type constraint c, node that c binds to is encrypted E.g., for the security constraint //customer//prescription, encrypt every prescription element association type constraint p:(q1, q2), nodes that binds to either p/q1 or p/q2 are encrypted E.g., for the security constraint //customer: (/name, //purchase//mname), either //customer/name or //customer//purchase//mname is encrypted

43 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 43 Secure Encryption Scheme (Cont.) More protection Every leaf element containing data values is encrypted with encryption decoy Effect: every encrypted value is of unique number of occurrence E.g., original values (AIDS, AIDS, cold) are encrypted to be (CCED, PACS, DAEE) Goal: defense of frequency-based attack

44 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 44 Secure Encryption Scheme (Cont.) Theorem: the encryption scheme is a secure encryption scheme Theorem: Finding an optimal secure encryption scheme is NP-hard in size of security constraints

45 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 45 Unsafety of Continuous Interval Index A [1, 10] B [2,5] B [6, 9] C [3, 4] D [7, 8] TagDSI index Enc(A)[1,10] Enc(B)[2, 9] Enc(C)[3, 4] Enc(D)[7, 8] The original structure is revealed by the gap! Original database A [1, 10] B [2,9] C [3, 4] D [7, 8] B [2,5] B [6, 9]

46 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 46 Safety of Discontinuous Interval Index A [0, 1] B [0.1,0.4] B [0.5,0.9] C [0.2,0.25] D [0.55, 0.75] TagDSI index Enc(A)[0, 1] Enc(B)[0.1, 0.9] Enc(C)[0.2, 0.25] Enc(D)[0.55, 0.75] A [0, 1] B [0.1,0.9] C [0.2,0.25] D [0.55, 0.6] A fake candidate Original database D [0.65, 0.75]

47 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 47 Splitting E.g., for data values on attribute Age K i [m-1, m, m+1], m=6 Plaintext value of Age # of occurrence # of occurrence k i Ciphertext value of Age = *3+6= =5

48 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 48 Scaling Plaintext value of price # of occurrence # of occurrence Ciphertext value of price Scale to To map 8 distinct ciphertext values to 3 distinct plaintext values, # of mappings =

49 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 49 Value Metadata (Cont.)

50 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 50 Query Processing at Client The tags and values are encrypted E.g., original query: //customer[//zipcode=12500]//name … 7000 Translated query: //α [4000 β and β 7000] // γ customer α, zipcode β, name γ [4000 β and β 7000] Zipcode =12500

51 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 51 Query Processing at Server (1)Query tags //α [β] // γ A set of encryption block IDs B s structural index (2) Value-based Constraint s 4000 β and β 7000 A set of encryption block IDs B v value index (3) The blocks corresponding to B s B v are returned to the client. Each returned block contains the answers of the original query

52 Wang, Lakshmanan Efficient Secure Query Evluation over Encrypted XML Databases 52 Experiments (Cont.) Effects of Various Secure Encryption Schemes 1.Optimal encryption scheme always has the best performance of query evaluation 2. The performance of approximate scheme is around times of that by optimal encryption scheme


Download ppt "Efficient Secure Query Evaluation over Encrypted XML Databases Wendy Hui Wang Laks V.S. Lakshmanan University of British Columbia, Canada."

Similar presentations


Ads by Google