Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE.

Published byDarleen Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE."— Presentation transcript:

1 Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE

2 Protecting data [1] Kenan, Kevin. Cryptography in the database: the last line of defense. Addison Wesley, 2006. Including: Propietary information Health care data Financial data To follow privacy and security regulations, corporate compliance, and trade regulations [1] Mostly from honest- but-curious servers Employing: Encryption CryptDB Fragmentation

3 Data Owner Client Server Person who accesses the outsourced data User’s front end External third party, stores and manages the data Organization or individual who outsources her data

4 Data Encryption Provides privacy and integrity Queries must be executed on encrypted data –Create indexes Applied at different granularity levels: –Table or Attribute (whole relation is returned) –Tuple –Cell (many decrypt operations)

5 The emp table is mapped to a corresponding table at the server: empS(etuple, eidS, enameS, salaryS, addrS, didS) [2]. [2] Hore, Bijit, Sharad Mehrotra, and Hakan Hacigümüç. "Managing and querying encrypted data. " Handbook of Database Security (2008): 163-190.

6 Figure 2: Query evaluation process [3] [3] Sabrina De Capitani di Vimercati, Sara Foresti, and Pierangela Samarati. "Protecting data in outsourcing scenarios." Handbook on securing cyber-physical critical infrastructure (2012). User formulates query(q) Client maps q into qs and qc, and sends qs to the server. The server executes query qs The client decrypts the result and evaluates qc to remove spurious tuples.

7 Indexing techniques: Encryption-based indexes: Support equality queries. Not order preserving (translate range condition into equality condition) Order preserving encryption indexes: Order Preserving Encryption Schema(OPES) and OPESS. Support comparison operations. Privacy homomorphic indexes: Support arithmetic and comparison operations. Arithmetic operations are time consuming. Indexes should not reveal too much information.

8 Access control Access matrix: a row for each user U and a column for each resource R( relation, tuple, cell). The data owner must create an access control policy Neither the server not client can enforce restrictions. Encryption keys for each user’s data must be managed.

9 Using one key for each resource would require too many keys. Adopt a key derivation method: each user has only 1 key. The data owner encrypts r1 with a key that {A,B} can derive. Table 2. An example of Access Matrix [4] [4] Yu, WB Yonghong, and Wenyang BAI. "Integrated Privacy Protection and Access Control over Outsourced Database Services. " Journal of Computational Information Systems 6.8 (2010): 2767-2777.

10 DAG hierarchy: –Given two keys k i and k j, to derive k j from k i there exists a public token t i,j and a label l j. –Where t i,j = k j XOR f( k i, l j ). However, the problem of minimizing the # of tokens while remaining equivalent to the access matrix is NP-hard. (Use heuristics). [ 4] Yu, WB Yonghong, and Wenyang BAI. "Integrated Privacy Protection and Access Control over Outsourced Database Services. " Journal of Computational Information Systems 6.8 (2010): 2767- 2777. NP-hardness results imply that for many combinatorial optimization problems there are no efficient algorithms that find an optimal solution, or even a near optimal solution, on every instance. A heuristic for an NP-hard problem is a polynomial time algorithm that produces optimal or near optimal solutions on some input instances, but may fail on others[4]. [4] Feige, Uriel. "Rigorous analysis of heuristics for NP-hard problems. "Proceedings of the 16th annual ACM-SIAM Symposium on Discrete Algorithms. 2005.

11 Drawbacks of encryption Query evaluation is not always possible or efficient. Data which is not sensitive is also encrypted. The user has to decrypt always.

12 Data fragmentation The association of data is what should be secured. Confidenciality constraint c over relation R(A1,…,An) can be a singleton or an association. c0= {SSN} is a singleton. The values of this attribute should be encrypted. c1= {Name, Ilness} is an association. The attributes should not appear together as plaintext. Fig. 2. An example of plaintext relation (a) and its well defined constraints (b) [5] [5]Ciriani, Valentina, et al. "Combining fragmentation and encryption to protect privacy in data storage.“ ACM Transactions on Information and System Security (TISSEC) 13.3 (2010): 22.

13 Fig. 3. An example of physical fragments for the relation in Figure 2(a) [5] [5]Ciriani, Valentina, et al. "Combining fragmentation and encryption to protect privacy in data storage.“ ACM Transactions on Information and System Security (TISSEC) 13.3 (2010): 22. Fragment relation R into unlinkable fragments that follow confidenciality constraints. Each fragment contains all data. Encrypt tuples which cannot appear as plaintext with a salt(to prevent frequency attacks). Finding a fragmentation that minimizes client workload is NP-hard.

14 Querying the data Evaluate query (q) by chosing one fragment Chose a fragment in which is possible to execute the most selective conditions in the server side. Drawbacks of fragmentation Confidenciality constraints are difficult to create. Updating the data is difficult.

Download ppt "Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE."

Similar presentations

Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7, 2013 1.

Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7,
A Privacy Preserving Index for Range Queries

A Privacy Preserving Index for Range Queries
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 16 Relational Database Design Algorithms and Further Dependencies.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 16 Relational Database Design Algorithms and Further Dependencies.
Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.

Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Query Optimization of Frequent Itemset Mining on Multiple Databases Mining on Multiple Databases David Fuhry Department of Computer Science Kent State.

Query Optimization of Frequent Itemset Mining on Multiple Databases Mining on Multiple Databases David Fuhry Department of Computer Science Kent State.
Database Security CS461/ECE422 Spring 2012. Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.
Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.

Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.
CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.

CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.
Database Management System

Database Management System
Advanced Database Systems September 2013 Dr. Fatemeh Ahmadi-Abkenari 1.

Advanced Database Systems September 2013 Dr. Fatemeh Ahmadi-Abkenari 1.
CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.

CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.
Overview and Roadmap for Microsoft SQL Server Security

Overview and Roadmap for Microsoft SQL Server Security
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.
Authentication and Integrity in Outsourced Databases Kanaka Rajanala.

Authentication and Integrity in Outsourced Databases Kanaka Rajanala.
1 Distributed Databases Chapter 16. 2 Two Types of Applications that Access Distributed Databases The application accesses data at the level of SQL statements.

1 Distributed Databases Chapter Two Types of Applications that Access Distributed Databases The application accesses data at the level of SQL statements.
1 SECURE DATABASE OUTSOURCING ALLA LANOVENKO ADVISIOR: DR. HUIPING GUO CALIFORNIA STATE UNIVERSITY LOS ANGELES 03-19-2007.

1 SECURE DATABASE OUTSOURCING ALLA LANOVENKO ADVISIOR: DR. HUIPING GUO CALIFORNIA STATE UNIVERSITY LOS ANGELES
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.
Modern Systems Analysis and Design Third Edition

Modern Systems Analysis and Design Third Edition

Similar presentations

Ads by Google