Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE.

Slides:

Advertisements

Similar presentations

Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7,

Advertisements

A Privacy Preserving Index for Range Queries

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 16 Relational Database Design Algorithms and Further Dependencies.

Outline  Introduction  Background  Distributed DBMS Architecture  Distributed Database Design  Semantic Data Control ➠ View Management ➠ Data Security.

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Query Optimization of Frequent Itemset Mining on Multiple Databases Mining on Multiple Databases David Fuhry Department of Computer Science Kent State.

Database Security CS461/ECE422 Spring Overview Database model – Relational Databases Access Control Inference and Statistical Databases Database.

Computer Science CSC 405 Introduction to Computer Security Topic 6.2 Multi-Level Databases.

CryptDB: A Practical Encrypted Relational DBMS Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan MIT CSAIL New England Database Summit 2011.

Database Management System

Advanced Database Systems September 2013 Dr. Fatemeh Ahmadi-Abkenari 1.

CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.

Overview and Roadmap for Microsoft SQL Server Security

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Authentication and Integrity in Outsourced Databases Kanaka Rajanala.

1 Distributed Databases Chapter Two Types of Applications that Access Distributed Databases The application accesses data at the level of SQL statements.

1 SECURE DATABASE OUTSOURCING ALLA LANOVENKO ADVISIOR: DR. HUIPING GUO CALIFORNIA STATE UNIVERSITY LOS ANGELES

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Privacy and Integrity Preserving in Distributed Systems Presented for Ph.D. Qualifying Examination Fei Chen Michigan State University August 25 th, 2009.

Modern Systems Analysis and Design Third Edition

Database Features Lecture 2. Desirable features in an information system Integrity Referential integrity Data independence Controlled redundancy Security.

Research interest: Secure database outsourcing Presented by Alla Lanovenko Thesis Adviser: Professor Huiping Guo 599 A 11 December 2006.

Last time Finish OTR Database Security Introduction to Databases

1 Database Security & Encryption

Chapter 4 Relational Databases Copyright © 2012 Pearson Education 4-1.

Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:

Protecting data privacy and integrity in clouds By Jyh-haw Yeh Computer Science Boise state University.

Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.

Managing key hierarchies for access control enforcement: Heuristic approaches Author: Carlo Blundo, Stelvio Cimato, Sabrina De Capitani di Vimercati, Alfredo.

Privacy Preserving Query Processing in Cloud Computing Wen Jie

Lecture 2 The Relational Model. Objectives Terminology of relational model. How tables are used to represent data. Connection between mathematical relations.

Storage Allocation in Prefetching Techniques of Web Caches D. Zeng, F. Wang, S. Ram Appeared in proceedings of ACM conference in Electronic commerce (EC’03)

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Database Performance Tuning and Query Optimization.

Secure Cloud Database. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment – Adversary corrupts.

Secure Cloud Database using Multiparty Computation.

Chapter 12 Information Systems. 2 Managing Information Information system Software that helps the user organize and analyze data Electronic spreadsheets.

Chapter 16 Methodology – Physical Database Design for Relational Databases.

SEC835 Practical aspects of security implementation Part 1.

Wai Kit Wong 1, Ben Kao 2, David W. Cheung 2, Rongbin Li 2, Siu Ming Yiu 2 1 Hang Seng Management College, Hong Kong 2 University of Hong Kong.

Lecture 12 Designing Databases 12.1 COSC4406: Software Engineering.

Wai Kit Wong, Ben Kao, David W. Cheung, Rongbin Li, Siu Ming Yiu.

Secure Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.

Managing and querying encrypted data Trần Mỹ Giao Huỳnh Mai Thúy.

Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.

Executing SQL over Encrypted Data in Database-Service-Provider Model Hakan Hacigumus University of California, Irvine Bala Iyer IBM Silicon Valley Lab.

Indexes and Views Unit 7.

CS573 Data Privacy and Security Secure data outsourcing – Combining encryption and fragmentation.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Chapter 9 Designing Databases 9.1.

Vigenère Tableau Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

Secure Data Outsourcing

Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.

Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide

Chapter 18 Query Processing and Optimization. Chapter Outline u Introduction. u Using Heuristics in Query Optimization –Query Trees and Query Graphs –Transformation.

Database Systems, 8 th Edition SQL Performance Tuning Evaluated from client perspective –Most current relational DBMSs perform automatic query optimization.

MPC Cloud Database with Sense of Security. Introduction Cloud computing – IT as a service from third party service provider Security in cloud environment.

ACHIEVING k-ANONYMITY PRIVACY PROTECTION USING GENERALIZATION AND SUPPRESSION International Journal on Uncertainty, Fuzziness and Knowledge-based Systems,

Privacy Preserving Similarity Evaluation of Time Series Data

pVault Sharing Architecture

Modern Systems Analysis and Design Third Edition

Using cryptography in databases and web applications

پرس و جو روی داده های رمز شده

A Privacy-Preserving Index for Range Queries

Privacy preserving cloud computing

Presented by : SaiVenkatanikhil Nimmagadda

SQL Server 2016 Security Features

A Privacy – Preserving Index

Presentation transcript:

Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE

Protecting data [1] Kenan, Kevin. Cryptography in the database: the last line of defense. Addison Wesley, Including: Propietary information Health care data Financial data To follow privacy and security regulations, corporate compliance, and trade regulations [1] Mostly from honest- but-curious servers Employing: Encryption CryptDB Fragmentation

Data Owner Client Server Person who accesses the outsourced data User’s front end External third party, stores and manages the data Organization or individual who outsources her data

Data Encryption Provides privacy and integrity Queries must be executed on encrypted data –Create indexes Applied at different granularity levels: –Table or Attribute (whole relation is returned) –Tuple –Cell (many decrypt operations)

The emp table is mapped to a corresponding table at the server: empS(etuple, eidS, enameS, salaryS, addrS, didS) [2]. [2] Hore, Bijit, Sharad Mehrotra, and Hakan Hacigümüç. "Managing and querying encrypted data. " Handbook of Database Security (2008):

Figure 2: Query evaluation process [3] [3] Sabrina De Capitani di Vimercati, Sara Foresti, and Pierangela Samarati. "Protecting data in outsourcing scenarios." Handbook on securing cyber-physical critical infrastructure (2012). User formulates query(q) Client maps q into qs and qc, and sends qs to the server. The server executes query qs The client decrypts the result and evaluates qc to remove spurious tuples.

Indexing techniques: Encryption-based indexes: Support equality queries. Not order preserving (translate range condition into equality condition) Order preserving encryption indexes: Order Preserving Encryption Schema(OPES) and OPESS. Support comparison operations. Privacy homomorphic indexes: Support arithmetic and comparison operations. Arithmetic operations are time consuming. Indexes should not reveal too much information.

Access control Access matrix: a row for each user U and a column for each resource R( relation, tuple, cell). The data owner must create an access control policy Neither the server not client can enforce restrictions. Encryption keys for each user’s data must be managed.

Using one key for each resource would require too many keys. Adopt a key derivation method: each user has only 1 key. The data owner encrypts r1 with a key that {A,B} can derive. Table 2. An example of Access Matrix [4] [4] Yu, WB Yonghong, and Wenyang BAI. "Integrated Privacy Protection and Access Control over Outsourced Database Services. " Journal of Computational Information Systems 6.8 (2010):

DAG hierarchy: –Given two keys k i and k j, to derive k j from k i there exists a public token t i,j and a label l j. –Where t i,j = k j XOR f( k i, l j ). However, the problem of minimizing the # of tokens while remaining equivalent to the access matrix is NP-hard. (Use heuristics). [ 4] Yu, WB Yonghong, and Wenyang BAI. "Integrated Privacy Protection and Access Control over Outsourced Database Services. " Journal of Computational Information Systems 6.8 (2010): NP-hardness results imply that for many combinatorial optimization problems there are no efficient algorithms that find an optimal solution, or even a near optimal solution, on every instance. A heuristic for an NP-hard problem is a polynomial time algorithm that produces optimal or near optimal solutions on some input instances, but may fail on others[4]. [4] Feige, Uriel. "Rigorous analysis of heuristics for NP-hard problems. "Proceedings of the 16th annual ACM-SIAM Symposium on Discrete Algorithms

Drawbacks of encryption Query evaluation is not always possible or efficient. Data which is not sensitive is also encrypted. The user has to decrypt always.

Data fragmentation The association of data is what should be secured. Confidenciality constraint c over relation R(A1,…,An) can be a singleton or an association. c0= {SSN} is a singleton. The values of this attribute should be encrypted. c1= {Name, Ilness} is an association. The attributes should not appear together as plaintext. Fig. 2. An example of plaintext relation (a) and its well defined constraints (b) [5] [5]Ciriani, Valentina, et al. "Combining fragmentation and encryption to protect privacy in data storage.“ ACM Transactions on Information and System Security (TISSEC) 13.3 (2010): 22.

Fig. 3. An example of physical fragments for the relation in Figure 2(a) [5] [5]Ciriani, Valentina, et al. "Combining fragmentation and encryption to protect privacy in data storage.“ ACM Transactions on Information and System Security (TISSEC) 13.3 (2010): 22. Fragment relation R into unlinkable fragments that follow confidenciality constraints. Each fragment contains all data. Encrypt tuples which cannot appear as plaintext with a salt(to prevent frequency attacks). Finding a fragmentation that minimizes client workload is NP-hard.

Querying the data Evaluate query (q) by chosing one fragment Chose a fragment in which is possible to execute the most selective conditions in the server side. Drawbacks of fragmentation Confidenciality constraints are difficult to create. Updating the data is difficult.