Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7, 2013 1.

Slides:



Advertisements
Similar presentations
FULLY HOMOMORPHIC ENCRYPTION
Advertisements

1 Cryptography: on the Hope for Privacy in a Digital World Omer Reingold VVeizmann and Harvard CRCS.
Using the Set Operators
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
1 Access Control. 2 Objects and Subjects A multi-user distributed computer system offers access to objects such as resources (memory, printers), data.
Monomi: Practical Analytical Query Processing over Encrypted Data
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Fully Homomorphic Encryption over the Integers
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Technische Universität Ilmenau CCSW 2013 Sander Wozniak
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
5.9 + = 10 a)3.6 b)4.1 c)5.3 Question 1: Good Answer!! Well Done!! = 10 Question 1:
Chapter 16: Recovery System
Off-the-Record Communication, or, Why Not To Use PGP
A Privacy Preserving Index for Range Queries
CS4432: Database Systems II
Paper by: Craig Gentry Presented By: Daniel Henneberger.
Query Optimization CS634 Lecture 12, Mar 12, 2014 Slides based on “Database Management Systems” 3 rd ed, Ramakrishnan and Gehrke.
SplitX: High-Performance Private Analytics Ruichuan Chen (Bell Labs / Alcatel-Lucent) Istemi Ekin Akkus (MPI-SWS) Paul Francis (MPI-SWS)
Computational Methods in Physics PHYS 3437
CryptDB: Protecting Confidentiality with Encrypted Query Processing
CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.
 Relational Cloud: A Database-as-a-Service for the Cloud Carlo Curino, Evan Jones, Raluca Ada Popa, Nirmesh Malaviya, Eugene Wu, Sam Madden, Hari Balakrishnan,
Simons Institute, Cryptography Boot Camp
Research interest: Secure database outsourcing Presented by Alla Lanovenko Thesis Adviser: Professor Huiping Guo 599 A 11 December 2006.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Sam Becker. Introduction Why is it important? Security Why is it needed? Solution Schemes Questions.
Homomorphic Encryption: WHAT, WHY, and HOW
1 Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds Mingqiang Li 1, Chuan Qin 1, Patrick P. C. Lee 1, Jin Li 2 1 The Chinese.
Secure Database System. Introduction Database-as-a-Service is gaining popularity – Amazon Relational Database Service (RDS) – Microsoft SQL Azure DB Service.
An XPath-based Preference Language for P3P IBM Almaden Research Center Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu.
Secure Cloud Database. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Mohammad Ahmadian COP-6087 University of Central Florida.
Secure Cloud Database using Multiparty Computation.
Computer Security: Principles and Practice
Wai Kit Wong 1, Ben Kao 2, David W. Cheung 2, Rongbin Li 2, Siu Ming Yiu 2 1 Hang Seng Management College, Hong Kong 2 University of Hong Kong.
Wai Kit Wong, Ben Kao, David W. Cheung, Rongbin Li, Siu Ming Yiu.
1 Information Security – Theory vs. Reality , Winter Lecture 10: Garbled circuits (cont.), fully homomorphic encryption Eran Tromer.
Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.
Data Confidentiality on Clouds Sharad Mehrotra University of California, Irvine.
Executing SQL over Encrypted Data in Database-Service-Provider Model Hakan Hacigumus University of California, Irvine Bala Iyer IBM Silicon Valley Lab.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE.
Secure Query Processing in an Untrusted (Cloud) Environment.
CryptDB: Protecting Confidentiality with Encrypted Query Processing
Secure Data Outsourcing
Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.
1 Overview of Query Evaluation Chapter Outline  Query Optimization Overview  Algorithm for Relational Operations.
Privacy Preserving Outlier Detection using Locality Sensitive Hashing
Fully Homomorphic Encryption (FHE) By: Matthew Eilertson.
Packing Techniques for Homomorphic Encryption Schemes Scott Thompson CSCI-762 4/28/2016.
MPC Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
MPC and Verifiable Computation on Committed Data
Fast Searchable Encryption with Tunable Locality
Attack on Fully Homomorphic Encryption over Principal Ideal Lattice
Using cryptography in databases and web applications
A Privacy-Preserving Index for Range Queries
Hash-Based Indexes Chapter 10
بررسی معماری های امن پایگاه داده از جنبه رمزنگاری
CSCE 715: Network Systems Security
CSCE 715: Network Systems Security
Chapter 11 Instructor: Xin Zhang
Some contents are borrowed from Adam Smith’s slides
Multiplicative data perturbation (2)
Presentation transcript:

Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7,

Scenario 2 Content-Owner (Client) Cloud Service Provider (Content Host) (Has lot of resources) Limited resources (cannot host data) Hand over data Content-Requester (has permission) (could be the content-owner) Request content (Query) Content (Query Results)

Who could be malicious? 3 Content-Owner (Client) (Trusted) Cloud Service Provider (Content Host) Potentially Malicious Client (no permission to view content) (uses the same host) (Could be intentionally or unintentionally malicious) Reference: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, CCS 2009

Approach 4 Can the cloud service provider see only encrypted data and still answer queries? What capabilities are provided by the somewhat recent breakthroughs by the crypto community in Fully Homomorphic Encryption (FHE)?

Comparing some of the state-of-the-art approaches 5 SimpleDB-Enc* -- Amazon SimpleDB where all data is encrypted UCI* -- Approach from UCI where a few distinct values fall into a bucket H. Hacigumus, B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In SIGMOD, OPE (Order Preserving Encryption) R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order-preserving encryption for numeric data. In ACM SIGMOD, A. Boldyreva, N. Chenette, Y. Lee, and A. O'Neill. Order-preserving symmetric encryption. In EUROCRYPT, CryptDB – (Adjustable security) R. A. Popa, H. Balakrishnan, S. Madden et al. Cryptdb: Protecting condentiality with encrypted query processing. In SOSP 2011.

Fully Homomorphic Encryption: An Overview (Craig Gentry et al, 2009+) 6 Any number of additions and multiplications (think bit- wise XOR and AND) can be performed on encrypted data. All computer programs can be written in terms of these operations. Idea: Every addition/multiplication adds some error When error becomes large, re-encrypt with a second public key, while removing the previous encryption – bootstrapping Bootstrapping done in such a way as to decrease the error and more operations can be done on this re-encrypted data

About FHE 7 Cryptographic Security guarantees: C. Gentry. Fully homomorphic encryption using ideal lattices. In STOC, FHE is secure given approximate-GCD is hard Bootstrapping makes assumption that sparse subset sum problem is hard Better security guarantees have been provided since Practicality of FHE Bootstrapping is an extremely time-consuming operation Improvements have been made since original 2009 construction V. Vaikuntanathan. Computing blindfolded: New developments in fully homomorphic encryption. In FOCS, C. Gentry, S. Halevi, and N. P. Smart. Better bootstrapping in fully homomorphic encryption. In PKC, 2012.

FHE for Databases 8 FHE as is can be used for answering queries Translate a query into a circuit (that uses XOR and AND operations) However, translating a query in its entirety into a circuit could be cumbersome We would lose out on algebraic operator-by-operator processing used typically in DB systems. Qn: How do we support algebraic query processing of encrypted data?

Algebraic Processing using FHE: Data Model 9 Every table is appended with a presence bit column. All algebraic operators operate on tables represented in this model. modelspeedramhdprice modelspeedramhdprice p PC

Algebraic Processing using FHE: Computational Model 10 What programming language constructs can be supported on encrypted data? Example: suppose a, b are encrypted if (a > b) x = a; else x = b; flag = a > b; x = (flag * a) + (!flag * b)

Algebraic Processing using FHE: Example Operator Algorithm (SELECT) 11 For illustration, we will use a single equality comparison. Algorithm for (SELECT * FROM R WHERE col = val) using our computational model: (1 XOR x1 XOR y1) AND (1 XOR x2 XOR y2) AND … AND (1 XOR xn XOR yn) for every row (a, p) in R match = (col(a) == val) produce a row in result as (a, p (AND) match) To check x == y, we can use a fixed, combinational circuit (supported by FHE). One simple circuit for x == y, given bits of x are x1, x2, …, xn and bits of y are y1, y2, …, yn is:

Algebraic Processing using FHE: Summary 12

Conclusions 13 We have developed an approach to perform algebraic query processing of encrypted data using FHE Gives us strongest security guarantees as yet, and the server does all query processing. Issues Practicality of FHE is a concern, though crypto community has made substantial progress since 2009 Database style optimization needs investigation Utilizing indexes Cost-based optimization Alternate algorithms for operators …

Thank you !!! Questions?? 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.