Provable and Practical Security for Database Outsourcing

Provable security is one of the greatest achievements of modern cryptography. When proving the security of a cryptographic scheme, its security properties are reduced to problems known or assumed to be hard to solve. Therefore, breaking the security of such a scheme in its security model involves solving the corresponding problem which is deemed infeasible for su ciently large instances. Provable security has many bene ts. For example, it allows to design schemes that provide security against attacks that have not yet been conceived. Furthermore, formal security guarantees allow to compare the security of schemes without comparing the schemes itself which can be a tedious task. A central focus of cryptographic research is to conceive more and more stronger security notions and to nd schemes that ful l such notions. For example, the gold standard for encryption schemes is the notion of semantic security, where an adversary is not allowed to learn even one bit about the plaintext. For many complex applications such as database outsourcing classical, strong security requirements imply methods with large overheads. On the other hand, there are more practical data outsourcing schemes that intuitively provide some security but do not have any proven security properties at all. Relaxing the classical security requirements potentially allows for more e cient schemes while maintaining provable security properties. This implies a trade-o : The resulting security notion should be meaningful in the context of the application while at the same time it should allow for e cient schemes. A eld where such weak security notions play an essential role is database privacy. While the intention of security notions for encryption schemes is to hide all information of the plain text from the adversary, so-called privacy notions describe a trade-o between the con dentiality of the original database and the usefulness of the disclosed database. Database privacy is closely related to data outsourcing. E cient data outsourcing schemes imply leakage of information about the data to the server. Therefore, a security notion for e cient data outsourcing schemes also describes a trade-o , here, between the con dentiality of data and queries and the e ciency of schemes ful lling this notion. The goal of this thesis is to bridge the gap between practical methods for data outsourcing and the eld of cryptographic research that is concerned with formal security notions. Starting in the eld of data privacy, we provide a framework for de ning and reasoning about privacy notions. In contrast to existing notions and frameworks, our framework allows for an intuitive de nition of privacy notions by allowing to de ne sensitive predicates and explicitly limiting what an adversary is allowed to learn about them from a release. Furthermore, we provide meta notions for di erent privacy goals of data outsourcing and establish their relations. As a main contribution of this thesis, we provide a meaningful security notion for database outsourcing and a practical scheme ful lling this notion as well as implementations that demonstrate the viability. Therefore, we capture database outsourcing in a formal model and de ne our scheme with the means of this model. We prove the security of our scheme by a reduction to the security of an internally used encryption scheme. Additionally, we examine the design space for this scheme by discussing extensions and optimisations of this scheme for performance as well as for security.

[1]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.

[2]  Carolyn Turbyfill,et al.  AS/sup 3/AP-a comparative relational database benchmark , 1989, Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage.

[3]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[4]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[5]  David J. DeWitt,et al.  Incognito: efficient full-domain K-anonymity , 2005, SIGMOD '05.

[6]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[7]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[8]  Ivan Damgård,et al.  Perfectly Secure Oblivious RAM Without Random Oracles , 2011, IACR Cryptol. ePrint Arch..

[9]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[10]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[11]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[12]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[13]  Raghav Bhaskar,et al.  Noiseless Database Privacy , 2011, ASIACRYPT.

[14]  Bing-Rong Lin,et al.  A Framework for Extracting Semantic Guarantees from Privacy , 2012, ArXiv.

[15]  Aaron Roth,et al.  A learning theory approach to noninteractive database privacy , 2011, JACM.

[16]  Jian Pei,et al.  Correlation hiding by independence masking , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[17]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[18]  Adam D. Smith,et al.  Composition attacks and auxiliary information in data privacy , 2008, KDD.

[19]  Kaoru Kurosawa,et al.  How to Construct UC-Secure Searchable Symmetric Encryption Scheme , 2015, IACR Cryptol. ePrint Arch..

[20]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[21]  Charalampos Papamanthou,et al.  Parallel and Dynamic Searchable Symmetric Encryption , 2013, Financial Cryptography.

[22]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[23]  Yehuda Lindell,et al.  Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and Network Security Series) , 2007 .

[24]  Jeroen van de Graaf,et al.  Towards a Publicly-Verifiable Mix-Net Providing Everlasting Privacy , 2013, Financial Cryptography.

[25]  Florian Kerschbaum,et al.  Searchable Encryption with Secure and Efficient Updates , 2014, CCS.

[26]  Weining Zhang,et al.  Extending l-diversity to generalize sensitive data , 2011, Data Knowl. Eng..

[27]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[28]  Kamalika Chaudhuri,et al.  When Random Sampling Preserves Privacy , 2006, CRYPTO.

[29]  Jörn Müller-Quade,et al.  Symmetric searchable encryption for exact pattern matching using directed Acyclic Word Graphs , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[30]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[31]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[32]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[33]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[34]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[35]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[36]  Melissa Chase,et al.  Pattern Matching Encryption , 2014, IACR Cryptol. ePrint Arch..

[37]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[38]  Alexandra Boldyreva,et al.  Provably-Secure Schemes for Basic Query Support in Outsourced Databases , 2007, DBSec.

[39]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[40]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: Improved definitions and efficient constructions , 2011, J. Comput. Secur..

[41]  Adam Meyerson,et al.  On the complexity of optimal K-anonymity , 2004, PODS.

[42]  Sushil Jajodia,et al.  Extending Loose Associations to Multiple Fragments , 2013, DBSec.

[43]  Oliver Günther,et al.  Provable Security for Outsourcing Database Operations , 2010 .

[44]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[45]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[46]  Rasool Jalili,et al.  k-Anonymity-Based Horizontal Fragmentation to Preserve Privacy in Data Outsourcing , 2012, DBSec.

[47]  Chris Clifton,et al.  Security Issues in Querying Encrypted Data , 2005, DBSec.

[48]  Jeroen van de Graaf,et al.  Prêt à Voter Providing Everlasting Privacy , 2013, VoteID.

[49]  Chris Clifton,et al.  Query Processing in Private Data Outsourcing Using Anonymization , 2011, DBSec.

[50]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[51]  Sushil Jajodia,et al.  Fragments and loose associations , 2010, Proc. VLDB Endow..

[52]  Roberto J. Bayardo,et al.  Data privacy through optimal k-anonymization , 2005, 21st International Conference on Data Engineering (ICDE'05).

[53]  Bing-Rong Lin,et al.  Towards an axiomatization of statistical privacy and utility , 2010, PODS.

[54]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[55]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[56]  Melanie Volkamer,et al.  Classifying Privacy and Verifiability Requirements for Electronic Voting , 2009, GI Jahrestagung.

[57]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[58]  Elaine Shi,et al.  Practical Dynamic Searchable Encryption with Small Leakage , 2014, NDSS.

[59]  Yufei Tao,et al.  Anatomy: simple and effective privacy preservation , 2006, VLDB.

[60]  Rafael Pass,et al.  Limits of provable security from standard assumptions , 2011, STOC '11.

[61]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[62]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[63]  Jaap-Henk Hoepman,et al.  Privacy and Identity Management for Emerging Services and Technologies , 2013, IFIP Advances in Information and Communication Technology.

[64]  Yitao Duan Privacy without noise , 2009, CIKM.

[65]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[66]  Giovanni Di Crescenzo,et al.  Privacy-Preserving Range Queries from Keyword Queries , 2015, DBSec.

[67]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[68]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[69]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[70]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[71]  Michael T. Goodrich,et al.  Oblivious RAM simulation with efficient worst-case access overhead , 2011, CCSW '11.

[72]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[73]  Ashwin Machanavajjhala,et al.  A rigorous and customizable framework for privacy , 2012, PODS.

[74]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[75]  Benny Pinkas,et al.  Oblivious RAM Revisited , 2010, CRYPTO.

[76]  Bing-Rong Lin,et al.  An Axiomatic View of Statistical Privacy and Utility , 2012, J. Priv. Confidentiality.

[77]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[78]  Ashwin Machanavajjhala,et al.  Pufferfish , 2014, ACM Trans. Database Syst..

[79]  Nikos Mamoulis,et al.  Privacy Preservation by Disassociation , 2012, Proc. VLDB Endow..

[80]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.