Secure k-nearest neighbor query over encrypted data in outsourced environments

For the past decade, query processing on relational data has been studied extensively, and many theoretical and practical solutions to query processing have been proposed under various scenarios. With the recent popularity of cloud computing, users now have the opportunity to outsource their data as well as the data management tasks to the cloud. However, due to the rise of various privacy issues, sensitive data (e.g., medical records) need to be encrypted before outsourcing to the cloud. In addition, query processing tasks should be handled by the cloud; otherwise, there would be no point to outsource the data at the first place. To process queries over encrypted data without the cloud ever decrypting the data is a very challenging task. In this paper, we focus on solving the k-nearest neighbor (kNN) query problem over encrypted database outsourced to a cloud: a user issues an encrypted query record to the cloud, and the cloud returns the k closest records to the user. We first present a basic scheme and demonstrate that such a naive solution is not secure. To provide better security, we propose a secure kNN protocol that protects the confidentiality of the data, user's input query, and data access patterns. Also, we empirically analyze the efficiency of our protocols through various experiments. These results indicate that our secure protocol is very efficient on the user end, and this lightweight scheme allows a user to use any mobile device to perform the kNN query.

[1]  Ahmad-Reza Sadeghi,et al.  Twin Clouds: An Architecture for Secure Cloud Computing , 2011 .

[2]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[3]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[4]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[5]  S. Rajsbaum Foundations of Cryptography , 2014 .

[6]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[7]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[8]  Ming Li,et al.  Toward Privacy-Assured Cloud Data Services with Flexible Search Functionalities , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[9]  Jianliang Xu,et al.  Processing private queries over untrusted data cloud through privacy homomorphism , 2011, 2011 IEEE 27th International Conference on Data Engineering.

[10]  Tsuyoshi Takagi,et al.  Secure k-NN computation on encrypted cloud data without sharing key with query users , 2013, Cloud Computing '13.

[11]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[12]  Pim Tuyls,et al.  Efficient Binary Conversion for Paillier Encrypted Values , 2006, EUROCRYPT.

[13]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[14]  Qiang Tang,et al.  Efficient verifiable fuzzy keyword search over encrypted data in cloud computing , 2013, Comput. Sci. Inf. Syst..

[15]  Murat Kantarcioglu,et al.  Secure multidimensional range queries over outsourced data , 2012, The VLDB Journal.

[16]  Daniel J. Abadi,et al.  Data Management in the Cloud: Limitations and Opportunities , 2009, IEEE Data Eng. Bull..

[17]  Chris Clifton,et al.  Privacy - preserving top-k queries , 2005, 21st International Conference on Data Engineering (ICDE'05).

[18]  Josep Domingo-Ferrer,et al.  A Provably Secure Additive and Multiplicative Privacy Homomorphism , 2002, ISC.

[19]  Vipin Kumar,et al.  Privacy Preserving Nearest Neighbor Search , 2006, Sixth IEEE International Conference on Data Mining - Workshops (ICDMW'06).

[20]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[21]  Wei Jiang,et al.  An efficient and probabilistic secure bit-decomposition , 2013, ASIA CCS '13.

[22]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[23]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[24]  Mikhail J. Atallah,et al.  Efficient Privacy-Preserving k-Nearest Neighbor Search , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[25]  Nikos Mamoulis,et al.  Secure kNN computation on encrypted databases , 2009, SIGMOD Conference.

[26]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[27]  Sabrina De Capitani di Vimercati,et al.  Managing and accessing data in the cloud: Privacy risks and approaches , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[28]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[29]  Feifei Li,et al.  Secure nearest neighbor revisited , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[30]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[31]  Peter Williams,et al.  Building castles out of mud: practical access pattern privacy and correctness on untrusted storage , 2008, CCS.