Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wai Kit Wong, Ben Kao, David W. Cheung, Rongbin Li, Siu Ming Yiu.

Published byEllen Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Wai Kit Wong, Ben Kao, David W. Cheung, Rongbin Li, Siu Ming Yiu."— Presentation transcript:

1 Wai Kit Wong, Ben Kao, David W. Cheung, Rongbin Li, Siu Ming Yiu

2 Secure-database-as-a-service DO makes use of the resources from SP for hosting its database But SP should not see the content inside the database DB Service provider (SP)Data Owner (DO) Query Answer DB Database should be encrypted Compute query on encrypted data Return an encrypted answer

3 Homomorphic encryption based approach Fully homomorphic encryption [STOC 2009] Not practical due to high overhead (orders of magnitude slower) Efficient partially homomorphic encryption, e.g., CryptDB [CACM 2012], MONOMI [PVLDB 2013] An individual operation is supported by one specific type of homomorphic encryption Example: Comparison by OPES [SIGMOD 2004] Addition by Paillier's cryptosystem [EUROCRYPT 1999] Multiple encrypted copies of the same data (by different encryptions) Cannot support evaluation of composition of operations E.g., BASIC_SALARY+BONUS> 60K Require encrypting data by Paillier’s encryption Require encrypting data by OPES

4 Hardware based approach, e.g., Trusted DB [SIGMOD 2011], Cipherbase [SIGMOD 2013] Use of secure co-processor (SCPU): all processes related to encrypted data are handled by SCPU Assumption: the SP cannot corrupt SCPU and view the data (e.g., keys) stored in SCPU SCPU is expensive Decrypt-before-query (DBQ) approach, e.g., ODB [SIGMOD 2002, ICDE 2002], MONOMI [PVLDB 2013] When SP cannot process the query solely DO downloads the related encrypted data, decrypt them and compute on plain data Incurs high cost to DO

5 Algorithmic approach No specific hardware required Supports a wide range of queries Our encryption mechanism processes data interoperability (explained later), that facilitates operator composition Compositions of operators can significantly increase supported query expressiveness in our system Delegate majority of query processing jobs to SP Negligible query processing cost to DO

6 Asymmetric secret sharing A 2 4 A E(r)AeAe E(1)9 E(2)22 System parameter: g=2, n=35 Plain data with 1 column DOSP A column key is stored for A Encrypted data v = mg rx v e mod n v: plain value v e : encrypted value 2 * 2 2 * 9 mod 35 = 72 mod 35 = 2 2 * 2 4 * 22 mod 35 = 704 mod 35 = 4 Auxiliary information for facilitating our scheme Security SP cannot recover the column key and plain data w.r.t. CPA (chosen-plaintext attack) Proof sketch: Reduce to RSA problem

7 AB 23 41 DO SP C A B S AeAe BeBe SeSe E(1)9318 E(2)22294 p A = 15 p B = 2 E(r)A’ = q A A e S e p A mod n B’ = q B B e S e p B mod n E(1)2926 E(2)41 q A = 18 q B = 4 C e = A’ + B’ mod n 20 5 Auxiliary column for facilitating our scheme Note: there are 2 columns in total DO operates on column keys Small amount of information in communication SP process on each tuple Check our paper for details C = A + B 5 5 Security Viewed as SMC (secure multiparty computation) protocols SP cannot recover the column keys (DO’ input) in the execution of the protocols Proof sketch: by simulation. An attacker can simulate the computation by the observed items in the protocol

8 The input and the output of our operators are of the same form, so that the output of one operator can be used as input of another operator A AeAe 9 22 B BeBe 31 29 C CeCe 20 5 += E = (A+B)*D C CeCe 20 5 D DeDe 5 8 E EeEe 30 5 *=

9 Numeric: Addition, Multiplication, Power, Comparison Join: Equi-join, Cartesian product Aggregate: Group-by, SUM, COUNT Example supported query SELECT SUM(R.WorkingHour*R.HourlyRate) FROM Factory As F, Rages As R INNER JOIN Employee As E ON R.EID = E.EID WHERE (E.x-F.x)^2+(E.y-F.y)^2 < 1000 AND F.FID = 3 GROUP BY 2014 – E.EntryYear // Looking for employees who live close to factory #3 // #year stayed in the company Note: the above query cannot be computed by CryptDB

10 Comparing SDB with DBQ: Client (DO) downloads the encrypted database, decrypt it and process query on its own MDB (MONOMI): use homomorphic encryptions; the client (DO) takes care the jobs that cannot be computed by homomorphic encryption. Range query varying database size SELECT A, B, C from T WHERE A + B < q If the query is not natively supported by homomorphic encryptions, the client may suffer from a high cost SDB: The cost at SP is a bit higher but the client cost is always low

11 Measuring the overheads against querying on plain data Dataset: TPC-H (only encrypts sensitive data we selected) α: execution time of SDB / execution time of querying on plain data (in MySQL) All TPC-H queries can be computed. Client cost is low. Server cost may be higher due to processing on encrypted data

12 We developed a secure database system (SDB) for the cloud environment The cost to data owner is low Overheads to service provider are manageable Support a wide range of queries

13

Download ppt "Wai Kit Wong, Ben Kao, David W. Cheung, Rongbin Li, Siu Ming Yiu."

Similar presentations

Monomi: Practical Analytical Query Processing over Encrypted Data

Monomi: Practical Analytical Query Processing over Encrypted Data
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7, 2013 1.

Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7,
On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.

On the Amortized Complexity of Zero-Knowledge Proofs Ronald Cramer, CWI Ivan Damgård, Århus University.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
SplitX: High-Performance Private Analytics Ruichuan Chen (Bell Labs / Alcatel-Lucent) Istemi Ekin Akkus (MPI-SWS) Paul Francis (MPI-SWS)

SplitX: High-Performance Private Analytics Ruichuan Chen (Bell Labs / Alcatel-Lucent) Istemi Ekin Akkus (MPI-SWS) Paul Francis (MPI-SWS)
CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.

CS555Topic 191 Cryptography CS 555 Topic 19: Formalization of Public Key Encrpytion.
CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.

CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.
7. Asymmetric encryption-

7. Asymmetric encryption-
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
Computer ArchitectureFall 2007 © August 29, 2007 Karem Sakallah CS 447 – Computer Architecture.

Computer ArchitectureFall 2007 © August 29, 2007 Karem Sakallah CS 447 – Computer Architecture.
1 CIS 5371 Cryptography 8. Asymmetric encryption-.

1 CIS 5371 Cryptography 8. Asymmetric encryption-.

Similar presentations

Ads by Google