Abstract
In this paper, we study the problem of supporting multidimensional range queries on encrypted data. The problem is motivated by secure data outsourcing applications where a client may store his/her data on a remote server in encrypted form and want to execute queries using server's computational capabilities. The solution approach is to compute a secure indexing tag of the data by applying bucketization (a generic form of data partitioning) which prevents the server from learning exact values but still allows it to check if a record satisfies the query predicate. Queries are evaluated in an approximate manner where the returned set of records may contain some false positives. These records then need to be weeded out by the client which comprises the computational overhead of our scheme. We develop a bucketization procedure for answering multidimensional range queries on multidimensional data. For a given bucketization scheme, we derive cost and disclosure-risk metrics that estimate client's computational overhead and disclosure risk respectively. Given a multidimensional dataset, its bucketization is posed as an optimization problem where the goal is to minimize the risk of disclosure while keeping query cost (client's computational overhead) below a certain user-specified threshold value. We provide a tunable data bucketization algorithm that allows the data owner to control the trade-off between disclosure risk and cost. We also study the trade-off characteristics through an extensive set of experiments on real and synthetic data.
- AES: Advanced Encryption Standard. FIPS 197, Computer Security Resource Center, National Institute of Standards and Technology (2001). http://en.wikipedia.org/wiki/Advanced_EncryptionStandardGoogle Scholar
- Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: a distributed architecture for secure database services. In: CIDR (2005).Google Scholar
- Agrawal, R., Asonov, D., Kantarcioglu, M., Li, Y.: Sovereign joins. In: ICDE (2006). Google Scholar
- Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD (2004). Google Scholar
- Bayardo, R.J., Agrawal, R.: Data privacy through optimal K-anonymization. In: ICDE (2005). Google Scholar
- Boldyreva, A., Chenette, N., Lee, Y., O'Neill, A.: Order-preserving symmetric encryption. In: EUROCRYPT (2009). Google Scholar
- Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: EUROCRYPT (2004).Google Scholar
- Boneh, D., Crescenzo, G., Ostrovsky, R., Persiano, G.: Public-key encryption with keyword search. In: EUROCRYPT (2004).Google Scholar
- Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: TCC (2007). Google Scholar
- Bouganim, L., Pucheral, P.: Chip-secured data access: confidential data on untrusted servers. In: VLDB (2002). Google Scholar
- Brucker, P.: On the complexity of clustering problems. In: Optimizations and Operations Research. Springer (1978).Google Scholar
- Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: ICDCS (2011). Google Scholar
- Casella, G., Berger, R.L.: Statistical inference. Duxbury Advanced Series (2001).Google Scholar
- Chang, Y., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: ACNS (2005). Google Scholar
- Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, New york (1991). Google Scholar
- Damiani, E., Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS (2003). Google Scholar
- Eavis, T., Lopez, A.: Rk-hist: an r-tree based histogram for multi-dimensional selectivity estimation. In: CIKM (2007). Google Scholar
- Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009). Google Scholar
- Gentry, C.: Computing arbitrary functions of encrypted data. CACM 53(3) (2010). Google Scholar
- Goh, E.: Secure Indexes. Unpubished manuscript (2003).Google Scholar
- Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley, Reading (1988). Google Scholar
- Goldreich, O.: The Foundations of Cryptography, vol. 1. Cambridge University Press, Cambridge (2001). Google Scholar
- Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in database service provider model. In: SIGMOD (2002). Google Scholar
- Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: ICDE (2002).Google Scholar
- Hacigümüs, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: DASFAA (2004).Google Scholar
- Hilbert, D.: Ueber die stetige abbildung einer line auf ein flchenstck. In: Mathematische Annalen (1891).Google Scholar
- Hore, B., Jammalamadaka, R.C., Mehrotra, S.: Flexible anonymization for privacy preserving data publishing: a systematic search based approach. In: Siam Conference on Data Mining (2007).Google Scholar
- Hore, B., Mehrotra, S., Canim, M., Kantarcioglu, M.: Secure Multidimensional Range Queries Over Outsourced Data (extended version). ICS technical report, UCI, http://www.ics.uci.edu/~bhore/papers/range-queries-in-das(journal-extended).pdf.Google Scholar
- Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: VLDB (2004). Google Scholar
- Jones, D.R., Beltramo, M.A.: Solving partitioning problems with genetic algorithms. In: Proceedings of the 4th International Conference of Genetic Algorithms (1991).Google Scholar
- Khanna, S., Muthukrishnan, S., Paterson, M.: On approximating rectangle tiling and packing. In: SODA (1998). Google Scholar
- Khanna, S., Muthukrishnan, S., Skiena, S.: Efficient array partitioning. In: ICALP (1997). Google Scholar
- LeFevre, K., DeWitt, D., Ramakrishnan, R.: Mondrian multidimensional K-Anonymity. In: ICDE (2006). Google Scholar
- Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec (2005). Google Scholar
- Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-Diversity: privacy beyond K-Anonymity. In: ICDE (2006). Google Scholar
- Muthukrishnan, S., Poosala, V., Suel, T.: On rectangular partitionings in two dimensions: algorithms, complexity and applications. In: ICDT (1997). Google Scholar
- Muthukrishnan, S., Suel, T.: Approximation algorithms for array partitioning problems. J. Algorithms 54, 85-104 (2005). Google Scholar
- Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: CRYPTO (2010). Google Scholar
- Poosala, V., Ioannidis, Y.: Selectivity estimation without attribute value independence assumption. In: VLDB (1997). Google Scholar
- Poosala, V., Ioannidis, Y., Haas, P.J., Shekita, E.J.: Improved histograms for selectivity estimation of range predicates. In: SIGMOD (1996). Google Scholar
- Samarati, P.: Protecting respondents' identities in microdata Release. IEEE TKDE 13(6) (2001). Google Scholar
- Samet, H.: Foundations of Multidimensional and Metric Data Structures. Morgan Kaufmann, San Francisco (2005). Google Scholar
- Shi, E., Bethencourt, J., Chan, H.T.-H., Song, D.X., Perrig, A.: Multi-dimensional range query over encrypted data. In: IEEE S&P (2007). Google Scholar
- Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P (2000). Google Scholar
- Sweeney, L.: Achieving K-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzz Knowl Base Syst (2002). Google Scholar
- UCI Machine Learning Repository. http://kdd.ics.uci.eduGoogle Scholar
- Willenborg, L., De Waal, T.: Statistical Disclosure Control in Practice. Springer, New York (1996).Google Scholar
- Williams, P., Sion, R.: Usable PIR. In: NDSS (2008).Google Scholar
- Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: CCS (2008). Google Scholar
- Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005). Google Scholar
- Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN computation on encrypted databases. In: SIGMOD (2009). Google Scholar
- Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography based scheme. In: ICNP (2002). Google Scholar
- Yiu, M.L., Ghinita, G., Jensen, C.S., Kalnis, P.: Enabling search services on outsourced private spatial data. VLDB J. 19(3), 363-384 (2010). Google Scholar
Index Terms
- Secure multidimensional range queries over outsourced data
Recommendations
Efficient and secure exact-match queries in outsourced databases
Data management can now be outsourced to cloud service providers like Amazon Web Services or IBM SmartCloud. This calls for encrypted data-representation schemes that also give way to efficient query processing. State-of-the-art approaches are overly ...
Secure multidimensional range queries in sensor networks
MobiHoc '09: Proceedings of the tenth ACM international symposium on Mobile ad hoc networking and computingMost future large-scale sensor networks are expected to follow a two-tier architecture which consists of resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier. Sensor nodes submit data to nearby master nodes which ...
EMAP: An efficient mutual authentication protocol for passive RFID tags
Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single ...
Comments