Hiding query access patterns in range queries using private information retrieval and oblivious ram

This work addresses the problem of hiding query access patterns in privacypreserving range queries while guaranteeing data and query con dentiality. We propose two methods, which are based on Private Information Retrieval (PIR) and Oblivious RAM (ORAM) techniques, respectively. For the PIR based search operation, we introduce a new scheme based on Lipmaa's computationally-private information retrieval (CPIR) method. We reduce the computation cost of CPIR by reducing the number of modular exponentiation operations, employing shallow trees and utilizing multi-exponentiation techniques. Furthermore, we improved the performance of CPIR by applying parallel algorithms. For the ORAM based method, we adapted Stefanov's Path ORAM method to the privacy-preserving range search. Our analyses show that, in terms of communication cost, CPIR provides better bandwidth usage especially in large database sizes, while in computational cost, Path ORAM based method performs better due to the negligible cost of server operations. The results imply that, despite some advantageous qualitative aspects of CPIR and its highly parallel implementation, it is still an expensive scheme in terms of computation complexity in comparison with Path ORAM for hiding query access patterns in privacy preserving range queries.

[1]  Brent Waters,et al.  Conjunctive, Subset, and Range Queries on Encrypted Data , 2007, TCC.

[2]  Craig Gentry,et al.  Optimizing ORAM and Using It Efficiently for Secure Computation , 2013, Privacy Enhancing Technologies.

[3]  Chae Hoon Lim,et al.  More Flexible Exponentiation with Precomputation , 1994, CRYPTO.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Chinya V. Ravishankar,et al.  Compromising privacy in precise query protocols , 2013, EDBT '13.

[6]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[7]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[8]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[9]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[10]  Helger Lipmaa,et al.  First CPIR Protocol with Data-Dependent Computation , 2009, ICISC.

[11]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[12]  Jun Li,et al.  Efficiency and Security Trade-Off in Supporting Range Queries on Encrypted Databases , 2005, DBSec.

[13]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[14]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[15]  Murat Kantarcioglu,et al.  Inference attack against encrypted range queries on outsourced databases , 2014, CODASPY '14.

[16]  Gerardo Pelosi,et al.  Efficient and Private Access to Outsourced Data , 2011, 2011 31st International Conference on Distributed Computing Systems.

[17]  Xiaohui Liang,et al.  PaRQ: A Privacy-Preserving Range Query Scheme Over Encrypted Metering Data for Smart Grid , 2013, IEEE Transactions on Emerging Topics in Computing.

[18]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[19]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[20]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[21]  Murat Kantarcioglu,et al.  Secure multidimensional range queries over outsourced data , 2012, The VLDB Journal.

[22]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[23]  Kai-Min Chung,et al.  A Simple ORAM , 2013, IACR Cryptol. ePrint Arch..

[24]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[25]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[26]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..