Combining fragmentation and encryption to protect privacy in data storage

The impact of privacy requirements in the development of modern applications is increasing very quickly. Many commercial and legal regulations are driving the need to develop reliable solutions for protecting sensitive information whenever it is stored, processed, or communicated to external parties. To this purpose, encryption techniques are currently used in many scenarios where data protection is required since they provide a layer of protection against the disclosure of personal information, which safeguards companies from the costs that may arise from exposing their data to privacy breaches. However, dealing with encrypted data may make query processing more expensive. In this article, we address these issues by proposing a solution to enforce the privacy of data collections that combines data fragmentation with encryption. We model privacy requirements as confidentiality constraints expressing the sensitivity of attributes and their associations. We then use encryption as an underlying (conveniently available) measure for making data unintelligible while exploiting fragmentation as a way to break sensitive associations among attributes. We formalize the problem of minimizing the impact of fragmentation in terms of number of fragments and their affinity and present two heuristic algorithms for solving such problems. We also discuss experimental results, comparing the solutions returned by our heuristics with respect to optimal solutions, which show that the heuristics, while guaranteeing a polynomial-time computation cost are able to retrieve solutions close to optimum.

[1]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[2]  Shamkant B. Navathe,et al.  Vertical partitioning for database design: a graphical algorithm , 1989, SIGMOD '89.

[3]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[4]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[5]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[6]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[7]  Hanno Lefmann,et al.  Approximating Maximum Independent Sets in Uniform Hypergraphs , 1998, MFCS.

[8]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[9]  Benny Sudakov,et al.  Approximate coloring of uniform hypergraphs , 1998, J. Algorithms.

[10]  Joachim Biskup,et al.  Reducing inference control to access control for normalized database schemas , 2008, Inf. Process. Lett..

[11]  Ravi Sandhu,et al.  ACM Transactions on Information and System Security: Editorial , 2005 .

[12]  Joachim Biskup,et al.  Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control , 2007, ISC.

[13]  Patrick Valduriez,et al.  Principles of Distributed Database Systems , 1990 .

[14]  Sabrina De Capitani di Vimercati,et al.  Maximizing Sharing of Protected Information , 2002, J. Comput. Syst. Sci..

[15]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[16]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[17]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[18]  Patrick Valduriez,et al.  Principles of distributed database systems (2nd ed.) , 1999 .

[19]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[20]  Shamkant B. Navathe,et al.  Vertical partitioning algorithms for database design , 1984, TODS.

[21]  Surajit Chaudhuri,et al.  An overview of query optimization in relational systems , 1998, PODS.