Download presentation

Presentation is loading. Please wait.

1
**A Privacy Preserving Index for Range Queries**

Bijit Hore, Sharad Mehrotra, Gene Tsudik

2
**Database as a Service (DAS) [Hacigumus et. al, SIGMOD2002]**

A client wants to store data on a remote server & run queries on it BUT he does not trust the server Solution: Encrypt the data & store it How do you query the encrypted data ? Untrusted Trusted True Results Encrypted Results 1) We start with some background for the present work 2) Hacigumus et. al in their SIGMOD 2002 paper, proposed an system architecture to Implement database as a service. 3) In their model only a limited trust is placed on the service provider. As a result data privacy becomes a key issue to address. 4) The performance criteria is to push as much query-processing as possible to the server side. 5) A simplified version of the proposed architecture is shown in the figure below Query Post Processor Encrypted & Indexed Client Data Server Query Translator Query over Encrypted Data User Original Query Service Provider Client

3
**Data storage in DAS Client side storage Server side data Meta data**

buckets Z Z Z Z Z4 Server side Table (encrypted + indexed) RA Original Table (plain text) R eid name addr shares age sal 345 Tom Maple 5400 32 390K 876 Mary Main 5800 22 423K 234 John River 6000 34 598K 780 Jerry Ocean 6200 48 632K 1) Let us look at the data storage model in the hacigumus architecture 2) A relational table is shown on the left and its server-side representation is shown on the right 3) The idea is to encrypt each row of the table and keep it as a single etuple on the server. 4) for each attribute to be queried, partition The values into buckets in some manner (equidepth or equiwidth) and store the bucket-tags Of these tuples as the indexing information on the server instead of Their true values. 5) Also store this value-to-bucket mapping information on the client, which Is used for translating user queries to server-side queries. (Server side queries can only Distinguish between values belonging to different buckets based on the Corresponding indexing information). etuple sharesA ageA salA X1 Y2 Z1 CH$^*(G#! X2 Y1 ^$*D%L*# X3 Z2 *%GH%&)$ Y3 Z3 Bucket-tags

4
**Select * from R where R.sal [400K, 600K]**

Querying in DAS Select * from R where R.sal [400K, 600K] Client-side query Server-side query Select etuple from RA where RA.salA = z1 ∨ z2 Server side Table (encrypted + indexed) RA Client side Table (plain text) R Client side Table (plain text) R eid name addr shares age sal 345 Tom Maple 5400 32 390K 876 Mary Main 5800 22 426K 234 John River 6000 34 598K 780 Jerry Ocean 6200 48 634K 1) Now let us look at a simple range query where the user wishes To select all records of individuals whose salary falls in the range 400K thousand To 600 thousand 2) Using the metadata, this query is translated to the server-side query where the server returns all rows whose salary value falls in Bucket Z1 or Z2. 3) As a result, 3 rows are selected and returned to the client. Client-side has to discard the one record which is a false positive Before returning the correct result to the user, thus incurring an Overhead. etuple sharesA ageA salA X1 Y2 Z1 CH$^*(G#! X2 Y1 ^$*D%L*# X3 Z2 *%GH%&)$ Y3 Z3 Bucket-tags

5
**Issues in partitioning**

How many buckets should one use ? How to partition the data ? One question is: How many buckets should one use ? One constraint on this is the bound on metadata. We answer these questions in the following slides:- The first one experimentally, the second one analytically.

6
**“Almost total” disclosure of all elements in B**

Data Privacy in DAS Adversary Access to sever-side data + Malicious Intentions Privacy issue in partitioned data Small range of a bucket B 1 sample value from B Privacy goal of client To hide all useful information from A Put all values of an attribute in a single bucket ! Adversary (A) “Almost total” disclosure of all elements in B Now let us look at the privacy issues in DAS An adversary is defined as 1) As we stated earlier, in the DAS model of hacigumus, the server side is Untrusted therefore GOAL is to hide ALL USEFUL INFORMATION from the Adversary. As a result In the partition-based approach, we would like to put all elements in a single bucket hence rendering all records indistinguishable from each other TOTAL PRIVACY 2) But in reality we need multiple buckets to enhance performance (More the # buckets, greater the average precision of queries) Then a scheme like equidepth or equiwidth bucketization might map. Each bucket to a small range of values 3) So if A has domain knowledge + sample values from buckets, He can localize the estimated value of an attribute to a small interval, hence resulting in disclosure of true values within a small margin of error.

7
**Research challenges & our contributions**

Precision: how to partition data Definition Optimal partitioning to maximize precision Privacy: quantifying disclosure Adversary’s goals Measures of information disclosure Privacy-Precision trade-off Controlled diffusion algorithm Experiments & Conclusion 1) In this paper, we restrict the study to the domain of range queries over a static database with a single attribute. 2) The remaining talk is structured as follows: 3) We outline an optimal algorithm for optimally partitioning a dataset Into a specified number of buckets, that maximizes query precision, that is Minimizes the number of false positives. 4) Then we describe our adversarial model Which is relevant to the DAS scenario. We Identify a couple of important adversarial goals And respective measures of information disclosures In view of these goals. We will refer to these as our “ privacy measures” equivalently. 5) Subsequently, we propose a simple algorithm Data re-distribution algorithm that balances privacy And precision of range queries. 6) Finally we end with some experimental results and conclusions. Privacy Precision

8
**Precision of range queries**

Given a partition of data into M parts Precision (q) = 1 – (# false positives / # tuples returned for q) Recall = 1 Workload: All O(N2) range queries are equiprobable (uniform) # false positive α ∑ NB*FB = 5*32 + 5*18 = 250 B Precision = 1 – 20/50 = 0.6 q M = 2 10 10 Frequency NB=5,FB=18 6 4 4 4 4 4 N = 10 (domain size) 2 2 Salary (100K’s)

9
**Query optimal buckets (QOB)**

Optimization problem: For the uniform workload find a partition of the data into M buckets that minimizes total # false positives i.e. 4 Minimize ∑ NB*FB B=1 Optimal solution to a sub-problem Cost of rightmost bucket QOB (1,10,4) = QOB (1,7,3) Cost(8,10) 10 10 1) To keep analysis simple, we consider a discrete Numeric domain of size N for the data. 2) We make the assumption on the query workload; That is all the O(N^2) queries are equi-probable. 3) Let us take the following example where the data Set has 10 distinct values, with the frequencies as shown. 4) Say we want to partition these into 4 buckets. Now the goal is to minimize the TOTAL # of False positives over all queries, which translates To “minimizing the false positives contributed By each bucket” 5) It is shown in the paper that a single bucket cost is proportional to (the range of the bucket) times (the total # elements in it.) 6) This problem has “the optimal substructure property” Which makes it amenable to be solved using dynamic Programming. For this particular example, the optimal cost can be written as the sum of the optimal cost of the smaller left-hand problem using 3 buckets + the cost of the shown rightmost single bucket. Frequency NB*FB = 24 6 4 4 4 4 4 N = 10 (domain size) 2 2 Salary (100K’s)

10
**Optimal cost = ∑NB*FB = 12*3 + 20*2 + 10*2 + 8*3 = 110**

QOB (cont.) 4 Optimal cost = ∑NB*FB = 12*3 + 20*2 + 10*2 + 8*3 = 110 1 B1 B2 B3 B4 10 10 6 Frequency 4 4 4 4 4 2 2 1) Completing the example, this shows The optimal partition of the dataset. Note that this partitioning is not Equidepth or equiwidth in general. 2) The time complexity of the algorithm is O(n^2*M), where n is the # distinct values Occuring in the dataset. 3) The space complexity is O(nM) due to The matrices stored in the DP algorithm 4) Though we made the assumption on Equi-probability of all queries, we can also tackle the case where query workload follows Any distribution. It simply needs an additional linear pre-processing phase to enable computation of bucket costs in the algorithm. Salary(100K’s) Time complexity = O(n2M), Space = O(nM) n = # distinct values in dataset; M = # buckets

11
**Optimal data partitioning for range queries **

Outline Optimal data partitioning for range queries Adversarial goals & privacy measures Balancing privacy and precision Experiments & conclusion 1) We have an algorithm for optimal data partitioning to answer range queries. 2) Now let us look at the adversarial model And relevant privacy measures

12
**Adversary’s learning model**

Need to learn bucket properties to estimate sensitive values Model A’s Domain knowledge + Sample values from buckets Worst case assumption for Privacy Analysis: A knows exact value distribution for every bucket A learns distribution of values in buckets 1) As is evident from the data representation In DAS, the adversary needs to learn the bucket Properties in order to infer something useful about the sensitive data Values in a bucket. 2) Therefore in our model, the adversary, along With his general domain knowledge, also has access To sample of values belonging to each bucket. Hence enabling the adversary to learn statistical properties of the ensemble of data elements within each bucket. 3) In the most generic case, we assume that A learns The distribution of the values, within each bucket. 4) As a result we are now interested in the information leakage that happens due to A’s learning each bucket Distributions. 5) For our analysis purposes, we assume the worst case Scenario, where the adversary has learned the exact distribution For each bucket. For instance, in the discrete numeric domain, The adversary would no the values in a bucket and their respective Frequencies.

13
**Individual Centric Information: **

Adversarial Goal (I) Individual Centric Information: Eg: “What is the salary of an individual I” Value Estimation Power (VEP) of A Variance of bucket-distribution is an inverse measure of VEP Now Let us see what might comprise of “useful information” for the adversary 2) One type could be individual centric information An example could be as shown:- what is the salary of An individual I. 3) We refer to the adversary’s potential to answer Such queries, by his “Value Estimation Power” (VEP). Equivalently we can ask that when A knows that a random variable follows a specific distribution, how well can he localize the value of an instance of the r.v ? 4) As we show in the paper, the average error in A’s estimation (guess) of this value is bounded below by the Variance of the distribution it comes from, i.e. the bucket-distribution. 5) Therefore variance of the bucket distribution is an Appropriate Measure of the adversary’s Value-estimation-power. 6) Hence more the variance, lesser the chance of disclosure. Average error of value estimation for Adversary Preferred: Large variance Small variance Large Small Bucket range Bucket range

14
**Query Centric Information: **

Adversarial Goal (II) Query Centric Information: Eg: “Which individuals have salary [100k,150k]” Set Estimation Power (SEP) of A Entropy of bucket-distribution is an inverse measure of SEP* Best case: high entropy + large variance 1) We identify a second kind of information that the adversary might be interested in: That we call “Query-Centric Information” 2) A example could be where, “The adversary wants to identify all the records whose salary Value falls in a given range, say [100K, 150K]. 3) We denote the adversary’s ability to answer Such queries by his “Set Estimation Power” (SEP). 4) As it turns out, Entropy is an appropriate measure Of SEP. We show in the extended version of the paper How a notion of partial correctness of query sets can be tied to the average entropy of buckets in this Application. 5) Look at the example on the left, entropy of this distribution is small, though variance is large. But since about half the elements are known by the adversary, to be in the range [100k, 150k], a random classification of elements into the 2 classes: “belongs to this range” and “does not belongs to this range” will have a pretty High accuracy. 6) Besides, entropy is an universal measure of uncertainty associated with a random variable. Therefore we propose the entropy of the bucket Distributions to be our second measure of privacy. Average error of query-set estimation for Adversary low entropy + large variance Large Small 100k 150k 100k 150k H(X) = - ∑ pilogpi Bucket range Bucket range

15
**Optimal data partitioning for range queries **

Outline Optimal data partitioning for range queries Adversarial goals & privacy measures Balancing privacy and precision Experiments & conclusion 1) Now we look at the privacy-precision trade-off in data partitioning scheme and Propose a new algorithm to obtain the desired Degree of balance between the two.

16
**Privacy-Precision Trade-off**

Optimal buckets might offer less privacy than desired Small variance partial disclosure of numeric value Small entropy Total disclosure with high probability (e.g. categorical data) Partial detection of query-sets (for all cases) Algorithm that allows trading-off bounded amount of query precision for greater variance and entropy 1) As is clearly evident from the discussion Up to now, there is a clear trade-off between Privacy attained and precision of range queries. Query optimal buckets might offer a very small Degree of privacy. 2) Small variance of buckets can lead to partial Disclosure of sensitive numeric values. 3) Whereas small entropy can lead to Total disclosure with a high probability (as in Case of categorical data) or atleast detection Of partially correct query sets for even numeric Data. 4) Next we describe our trade-off algorithm that allows the client to partition his data In a controlled manner, thereby achieving the desired degree of balance between privacy and precision. Objective

17
**The controlled diffusion algorithm**

A simple observation Q Let a query Q overlap only with B0 If elements of B0 are distributed into CB1, CB2 & CB3 randomly Now Q overlaps with CB1, CB2 & CB3 With new buckets, the precision for Q drops by factor of (|CB1|+|CB2|+|CB3|) / |B0| Any re-distribution scheme where ∀ Bi this ratio ≤ K precision degradation is bounded above by K B0 1) As is clearly evident from the discussion Up to now, there is a clear trade-off between Privacy attained and precision of range queries. Query optimal buckets might offer a very small Degree of privacy. 2) Small variance of buckets can lead to partial Disclosure of sensitive numeric values. 3) Whereas small entropy can lead to Total disclosure with a high probability (as in Case of categorical data) or atleast detection Of partially correct query sets for even numeric Data. 4) Next we describe our trade-off algorithm that allows the client to partition his data In a controlled manner, thereby achieving the desired degree of balance between privacy and precision. CB1 CB2 CB3

18
**Controlled diffusion Algorithm**

Compute optimal buckets on data set D B1 … BM Fix max degradation factor = K Initialize M empty composite buckets CB1 … CBM Set target size of each CB to fCB = |D|/M (equidepth) ∀ Bi select di CB’s at random, where di = K*|Bi|/fCB Diffuse elements of Bi into these uniformly at random

19
**Controlled Diffusion (Example)**

Query optimal buckets Degradation factor k = 2 Metadata size increases from O(M) to O(KM) Freq 10 10 10 B1 B2 B3 B4 6 Final set of buckets on server 4 4 4 4 4 2 2 Values CB1 CB1 CB2 CB2 CB3 CB3 CB4 CB4 Composite Buckets

20
**Some features of the diffusion algorithm**

Many consecutive optimal buckets might get diffused into common set of CB’s Observed precision degradation < K Elements with same values can go to multiple buckets Giving it an extra degree of freedom compared to hashing Not best for point queries Random choice in the algorithm Each bucket distribution approaches data distribution as K increases reducing information gained by adversary by learning buckets

21
**Optimal data partitioning for range queries **

Outline Optimal data partitioning for range queries Adversarial goals & privacy measures Balancing privacy and precision Experiments & conclusion 1) So now we have given an easy algorithm To partition data, which allows One to trade-off bounded amount of query Precision to enhance data privacy. 2) Let us now see some experimental results To see how effective this method is.

22
**Query workloads (2 of size 104 each)**

Experiments Data sets Synthetic Data: 105 Integers in [0,999] uniformly at random Real Data: 104 Real values in [-0.8,8.0] “Corel Image” dataset (UCI KDD archive) Query workloads (2 of size 104 each) End points chosen uniformly at random from the respective ranges

23
**Relative decrease in precision of composite buckets **

Relative increase in standard deviation in composite buckets Relative increase in entropy in composite buckets 1) The top figure shows the ratio of Average query precision using optimal Buckets to that using composite buckets Using the same # of buckets. Each set of Points is for a fixed value of the “maximum Allowed Degradation factor” K. 2) The bottom left figure shows the average Increase in standard deviation of the Distribution within CBs to that within the optimal Buckets, again for various values of K, against Increasing # of buckets. 3) The bottom right picture shows it for the Entropy ratio

24
**Composite buckets (sample)**

K = 6, M = 350 K = 10, M = 250

25
**Visualizing trade-offs for various bucketization parameters **

Eg: The marked points show the average entropy & precision we get for 100 buckets & degradation factor of 2 The same point in the precision vs standard deviation trade-off space Provides an easy way to visualize the design space and choose parameters of interest 1) These plots show the privacy and Performance in a trade-off space. 2) Each class of points refers to a Fixed value of K and each point in a Class denotes the characteristics of For the total number of buckets used. 3) For example, the marked points show The average entropy against average precision For when 100 composite buckets are used, With a degradation factor of 2. Similarly the lower figure shows the corresponding Average standard deviation for these 100 Buckets.

26
**An optimal algorithm for partitioning data for range queries**

Summary An optimal algorithm for partitioning data for range queries Statistical measures of data privacy Variance Entropy Fast & simple algorithm for re-bucketizing data Bounded amount of precision degradation Substantial increase in privacy level

27
Related work Hacigumus et. al, SIGMOD 2002, “Executing SQL over Encrypted Data in the Database Service Provider Model”. Damiani et. al, ACM CCS 2003, “Balancing Confidentiality and Efficiency in Untrusted Relation DBMS”. Bouganim et. al, VLDB 2002 “Chip-Secured Data Access: Confidential Data on Untrusted Servers”.

28
THANK YOU ! Questions ?

29
**Privacy-preserving DM & Statistical DB**

Privacy in DAS Here goal of “Data Privacy” is not just ensuring “non-disclosure of identity”. It is more general ! Privacy-preserving DM & Statistical DB DAS Privacy criteria: Hide as much information as possible (even at the aggregate level) Utility criteria: Maintain only the necessary information required for server-side query evaluation (at desired degree of accuracy) Privacy criteria: Protect against disclosure of identity Utility criteria: Minimizing information loss i.e. maximize utility for data miners, retain as much aggregate level information as possible

30
**Individual Privacy Measure**

Average Squared Error of Estimation (ASEE) Error in approximating true value of a r.v XB by another r.v XB’ (learned by A) ASEE(XB,XB’) = Var(XB) + Var(XB’) + (E(XB) – E(XB’))2 Variance of bucket distribution, Var(XB) is our measure of individual privacy (lower bound) We first define the term: “Average Squared Error of Estimation” for A: ASEE(X, X’) is simply a measure of the error that A is expected to make when approximating the value of a random variable X by X’ It is shown in the paper that ASEE is given by the following expression when X and X’ are Independent. Var(X) denotes variance of X and E(X) denotes the expected value of X. Therefore we see that ASEE is lower bounded by the variance of the true distribution of X, which We can always compute irrespective of the variance of the estimator random variable ! Intuitively, we are saying that if an element belongs to a diverse, heterogeneous set of elements, then Less information is disclosed regarding the individual. (NOTE: In the single attribute case, X and X’ are independent, but it might not be the case in bucketization over multiple related attributes)

31
**Set oriented Privacy Measure**

Entropy of bucket distribution is our measure for query-centric privacy Measures uncertainty associated with a r.v (Eg. True class of an element for categorical data) An inverse measure of the quality of partial solution sets* that A can derive for a query H(X) = - ∑ pilogpi Pi denotes the proportion of elements from class I Shannon entropy is easy to visualize in terms of discrete variables, say like categorical data Shannon entropy is a well accepted measure of “uncertainty” associated with a random variable. Entropy increases as a distribution approaches uniformity and the increase in domain size. Entropy is also shown to be an inverse measure of A’s average ability to determine “partially correct” query-sets. i.e. on an average how accurately can A select a set of elements which have values from a specified range. * Refer to extended paper for more rigorous definition of entropy and its connection to query centric privacy

32
**Meta data size increase in diffusion**

The meta data increases from O(M) to K*|B1|/fcb + K*|B2|/fcb + … + K*|BM|/fcb = (K/fcb) * (|B1| + |B2| + … + |BM|) = (KM/|D|)*|D| = O(KM)

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google