Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Cloud Database. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts.

Published byRichard Woods Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Cloud Database. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts."— Presentation transcript:

1 Secure Cloud Database

2 Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts the service provider? – Goal: protect sensitive data

3 Related Work Encryption Approach – NetDB2, IBM (Outsourced database) – Relational Cloud, CryptDB (MIT, CIDR 2011) TrustedDB using secure hardware (VLDB 2011 demo, Radu Sion) Fully homomorphic encryption (STOC 2009) Secure Multi-Party Computation Approach – ShareMind

4 NetDB2 Tuple 1xxxyyy Tuple 2aaabbb Tuple 1!a4a3g Tuple 2L%jm*K Value-level encryption SELECT * WHERE value = `xxx’SELECT * WHERE value = `!a4’ DB Encrypted DB Tuple 1P2 Tuple 2P1 + Partition information Partition: P1: < `m’; otherwise P2 SELECT * WHERE value < `xxx’SELECT * WHERE value in [P1, P2] Simple deterministic encryption

5 CryptDB Onion-encryption: multiple encryption done on 1 data 10 Original data encrypt E 1 (10) = A*65h OPES: numeric comparisons E 2 (A*65h) = BB647 Deterministic encryption Equality can be done Non-deterministic encryption No computation is feasible E 3 (BB647) = %j@9G If the user wants more computation power, decrypt to the desired level (one way!)

6 Weakness of encryption approach Functions supported are not generic – For example: Supported (OPES): SELECT * WHERE SALARY > 6000 Not supported: SELECT * WHERE SALARY + BONUS > 6000

7 TrustedDB Provides generic functionality – Owner puts its keys in a secure hardware – The hardware is given to service provider – When there is computation on sensitive data, it can be done by the secure hardware Weakness – Processing power limited by secure hardware – Hardware management by owner IBM 4764 PCI-X Cryptographic Coprocessor

8 Fully homomorphic encryption Property: (E : encryption function) – E(x) + E(y) = E(x + y) ---- XOR gate for [0, 1] – E(x) E(y) = E(xy) ---- AND gate for [0, 1] Conceptually support any computations that can be represented by circuits – Difference: No branch operation (if-then-else) Weakness – Naturally not supporting select statement – Poor efficiency for large circuit so far

9 ShareMind Key: Secret sharing + recursive processing A B C Service Provider 1 Service Provider 2 Service Provider 3 Query Result D E F D + E + F = Result DB DB = A + B + C

10 Properties of ShareMind Generic operations – Recursive processing: the result of one computation can be the input of another computation, both result and input are hided in shares Weakness – Requires multiple non-colluding parties – Owner has no control (no key), poor sense of security

11 Objective Two party problem: owner and service provider (SP) The owner keeps a `key’ SP keeps an encrypted database Functions to be supported: generic selection Efficient operations

12 Overview of our approach MPC supports generic operations – Data hided in shares In other words: we encrypt by secret sharing Following questions: – How to encrypt exactly? – How to compute queries?

13 Our approach DB ABC SP2SP1SP3 Owner DBA BC SP1SP2 Owner MPC-based approach The owner keeps a copy; but it is large and the owner has to involve in query computation

14 Our approach Owner keeps a small share A (small storage) Without A, SP cannot recover DB (similar security strength as MPC) Owner has minimal involvement in MPC (low cost) DB A B SP Owner Our Model Share compression Message compression Functionality generality inherits from MPC

15 Background

16 Secret sharing (around 1980) 10 Secret 4 6 shares AliceBob 6+4 = 10 What is the secret value? Alice’s share would be 5? 20? -3? The secret is recovered only when the two parties exchange their shares

17 Secret sharing General case s Secret s1s1 s2s2 …snsn The secret can be divided into n parties, for any n s = g(s 1, s 2, …, s n ) Example: Sum of all shares (modular) Bitwise XOR of all shares Product, string concatenation, etc… Security requirement: Given k < n shares, it is hard to recover s

18 To design a generic secure database

19 How secure? The security model Negative result – Ideal security: Querying workflow: user issues query => service providers compute result and return to user Knowledge gained by service providers: NONE. Not even anything about query and result! – A solution achieving ideal security is not more efficient than a non-outsourcing solution (not using cloud)

20 Knowledge gained by service provider Output space of a simple selection query: varies from no tuple to the entire database – Even larger space if we consider joins Example knowledge gain – If the output size is small, the service provider knows it is not the case that the query selects entire table To hide the above information, each returned query result should be at least of size = entire table

21 Our security model Provides adequate security for practical use – Level 1 model: An attacker observes an instance of encrypted database but not other values. Security is said to be enforced if the attacker cannot recover the original database Example: Hack into the cloud server and copy the instance – Level 2 model: An attacker observes an instance of encrypted database and knows the original values of some of the tuples. Security is said to be enforced if the attacker cannot recover the values of other tuples Example: Hacker plants adversary programs on SP and observes the encrypted value and Similar to chosen-ciphertext attack (CPA)

22 Which level to use? Check which model fits! Example: – Name of 40 students in a class Domain size is small and is assumed to be public Easy to be mapped to the encrypted tuple Level 2 is recommended – Account balance in banks Values are not known to public Level 1 should be good enough At the same time, we will try to hide as much other information as possible

23 Information revealed to SP The service provider can observe – Query content The tables that are related to the query Number of conditions, types of conditions, attributes that are related – Query answer the set of shares of tuples in some query answer

24 Example query SELECT Name FROM Employer WHERE Salary > 6000 Transformed query may look like to one service provider SELECT ATTRIBUTE_7 FROM TABLE_A WHERE ATTRIBUTE_3 - X > 0 WITH PARAM_X = [1234, 3335, 222, 1119] WITH PARAM_CMP_X = [335, 17778]

25 Some basic design – level 2 model To hide the database, we use secret sharing DB = A + B In our case, we use multiplicative secret sharing – To store value v, we have ab = v (mod D) D: domain size The shares are a, b DB A B SP Owner

26 Sharing the sign bit We separate sign bit from the magnitude Example sharing – Sign bit can be recovered by multiplying the shares together Value +1 +2 Owner copy +2 SP copy -2 +1 Magnitude domain size: 3 The shares here are randomly generated

27 Share Compression (Ignore sign bit now) The shares of the DB is generated randomly Who decides the random shares? Lets use a pseudo random function

28 Share compression function Input: – key (secret to owner) – Tuple ID Requirements: – Support generic functionality (show later) – Secure (note: now considering level 2) IDX 118 220 IDShare 11 24 f(ID) = mID k mod n IDShare 118 25 Share A Kept by owner Share B By SP k,m: secret key; n: public key k=2 m=1

29 Storage cost Linear to number of columns – Assuming the IDs are from 1-t Just need to remember t Note on the random function: – To make the input look like random, we have » f(ID) = mh(ID) k mod n h: any one-way hash Storage part is easy, how about computation? IDShare 11 24 …… f(ID) = mID k mod n

30 How to do multiplication? Column-column multiplication – The two values are both in share format AB 1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A X B 200 5 40 (k = 3, m=5) m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=1 resharing 4 50 k=1 m=5 A = a1a2 B = b1b2 C = (a1b1)(a2b2) mID k = 10

31 Recap: operations at the parties A (k = 1, m=5) B (k =2,m=1) Owner SP AB 15 28 109 …… C (k=2,m=1) C 50 … … …

32 Column-constant multiplication A 10 IDA (k = 1, m=1) 22 A 5 Real value Owner SP Constant B = 20 C = A X B 200 5 40 (k = 1, m=20) k = 2 m=5 resharing 20 10 k=-1 m=4 mID k = 2

33 Column-column addition A = a 1 a 2 B = b 1 b 2 – C = A + B => a 1 a 2 + b 1 b 2 – Goal: C = c 1 c 2 = a 1 a 2 + b 1 b 2 c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 Owner: a1, b1 SP: a2, b2 Kept by owner

34 Column-column addition c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 AB 1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 AB 15 Real value Owner SP C = A + B 30 f(ID) = mID k 3.75 A:k=-1 m=2.5 C (k = 2, m = 2) 8 B:k=0 m=0.5 1.25 * 1 + 0.5 * 5

35 Column-constant addition Add a constant to each tuple – Becomes column-column addition A 10 20 30 45 AZ 101 201 301 451

36 Take care of the sign bit Secret sharing How to generate the shares at the owner? – Again, use share compression OwnerSPValue 1(+) 2(-) 1(+)2(-) 1(+) multiplication (mod 3)

37 Multiplication with sign bit AB -1020 IDA’s sign (k = 2, m=1) B’s sign (k =1,m=1) 24 (1, +)2 (2, -) AB 2, - Real value Owner SP C = A X B -200 1, + 8 (2, -) m 1 m 2 x k1 x k2 = m 1 m 2 x k1+k2 k = 2 m=2 resharing 8 (2, -) 1, + k=1 m=2 -1 = 2 k = 3 m=1 mod 3 1, +

38 Addition with sign bit The math is the same A = a 1 a 2 B = b 1 b 2 – C = A + B => a 1 a 2 + b 1 b 2 – Goal: C = c 1 c 2 = a 1 a 2 + b 1 b 2 c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2

39 Addition with sign bit c 2 = a 1 c 1 -1 a 2 + b 1 c 1 -1 b 2 AB -1020 IDA (k = 1, m=5) B (k =2,m=1) 2104 Sign(k=1, m = 2) 4 (1, +) (k=2, m = 2) 8 (2, -) AB Value15 Sign2, - Real value Owner SP C = A + B 10 f(ID) = mID k 1.25 A:k=-1 m=2.5 C (k = 2, m = 2) Value8 Sign(k=1, m=2) 4 (1, +) B:k=0 m=0.5 +1.25 * -1 + (-0.5) * (-5) (k=0, m = 1) => 1 (1, +) (k=1, m = 1) => 2 (2, -)

40 Implication with numeric operations Addition on [0, 1] represents XOR gate Multiplication on [0, 1] represents AND gate The above operations can be applied repeatedly – Function that can be expressed as a function can be computed, theoretically Branch operation, i.e., comparison?

41 Comparison operation Target: Column > 0 – General comparisons can be transformed to above by additions and multiplications Example: SELECT * WHERE X*X + Y+Y – 2* X*Y – 10 > 0 The above can be obtained by looking at the sign bit, shared by the owner and SP

42 Building logic gate Note 1: we represent positive as 1; negative as 2; 0 has no meaning The share compression function is the same for sign bit and magnitude. Multiplication and addition can be done on sign bits.

43 Logical operation Multiplying 2 (at SP) Multiplying two sign bits Sign 1Sign 2Result 1(+) T 2(-) F 1(+) T2(-) F 1(+) T XNOR gate Sign 1Result 1(+) T2(-) F 1(+) T NOT gate XOR gate

44 Logical operation (Sign1 – 1) * (sign2 – 1) + 1 – Sign1 sign2 – sign1 – sign2 + 2 sign1sign2(s1 – 1)(s2 – 1)Result 1(+) T 0 2(-) F01(+) T 2(-) F1(+) T0 2(-) F 1 OR gate NOR gate

45 Logical operation (2Sign1 – 1) * (2sign2 – 1) + 1 = 4Sign1 sign2 – 2sign1 – 2sign2 + 2 sign1sign22sign12sign22s1 – 12s2 – 1 1(+) T 2211 2(-) F2110 1(+) T1201 2(-) F 1100 NAND gate AND gate (2s1 – 1)(2s2 – 1)Result 12(+) F 01(+) T 0 0

46 Summary Logical operations supported – Example SELECT * WHERE X > 100 AND Y < 200 The final predicate result is revealed to SP (owner sends SP its own share function on the final boolean value) Corresponding tuples are sent back to the owner

Download ppt "Secure Cloud Database. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts."

Similar presentations

CS4432: Database Systems II

CS4432: Database Systems II
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Complexity 5-1 Complexity Andrei Bulatov Complexity of Problems.

Complexity 5-1 Complexity Andrei Bulatov Complexity of Problems.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Oblivious Transfer based on the McEliece Assumptions

Oblivious Transfer based on the McEliece Assumptions
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …
CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.

CRYPTOGRAPHY WHAT IS IT GOOD FOR? Andrej Bogdanov Chinese University of Hong Kong CMSC 5719 | 6 Feb 2012.
Computer ArchitectureFall 2008 © August 25, 2008 www.qatar.cmu.edu/~msakr/15447-f08/ CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (1)

Computer ArchitectureFall 2008 © August 25, CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (1)
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Computer ArchitectureFall 2007 © August 29, 2007 Karem Sakallah CS 447 – Computer Architecture.

Computer ArchitectureFall 2007 © August 29, 2007 Karem Sakallah CS 447 – Computer Architecture.
Propositional Calculus Math Foundations of Computer Science.

Propositional Calculus Math Foundations of Computer Science.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Bob can sign a message using a digital signature generation algorithm

Bob can sign a message using a digital signature generation algorithm

Similar presentations

Ads by Google