Selective data outsourcing for enforcing privacy

Existing approaches for protecting sensitive information outsourced at external “honest-but-curious” servers are typically based on an overlying layer of encryption applied to the whole database, or on the combined use of fragmentation and encryption. In this paper, we put forward a novel paradigm for preserving privacy in data outsourcing, which departs from encryption. The basic idea is to involve the owner in storing a limited portion of the data, while storing the remaining information in the clear at the external server. We analyze the problem of computing a fragmentation that minimizes the owner's workload, which is represented using different metrics and corresponding weight functions, and prove that this minimization problem is NP-hard. We then introduce the definition of locally minimal fragmentation that is used to efficiently compute a fragmentation via a heuristic algorithm. The algorithm translates the problem of finding a locally minimal fragmentation in terms of a hypergraph 2-coloring problem. Finally, we illustrate the execution of queries on fragments and provide experimental results comparing the fragmentations returned by our heuristics with respect to optimal fragmentations. The experiments show that the heuristics guarantees a low computation cost and is able to compute a fragmentation close to optimum.

[1]  Shamkant B. Navathe,et al.  Vertical partitioning for database design: a graphical algorithm , 1989, SIGMOD '89.

[2]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[3]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[4]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[5]  Shamkant B. Navathe,et al.  Vertical partitioning algorithms for database design , 1984, TODS.

[6]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[7]  Joachim Biskup,et al.  Combining Consistency and Confidentiality Requirements in First-Order Databases , 2009, ISC.

[8]  Joachim Biskup,et al.  Reducing inference control to access control for normalized database schemas , 2008, Inf. Process. Lett..

[9]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[10]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[11]  Sushil Jajodia,et al.  Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients , 2009, DBSec.

[12]  Wei Wang,et al.  Storage and Query over Encrypted Character and Numerical Data in Database , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[13]  Joachim Biskup,et al.  Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control , 2007, ISC.

[14]  Sabrina De Capitani di Vimercati,et al.  Maximizing Sharing of Protected Information , 2002, J. Comput. Syst. Sci..

[15]  Stelvio Cimato,et al.  Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[16]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[17]  Sushil Jajodia,et al.  Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[18]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[19]  M. Gamassi,et al.  Accuracy and performance of biometric systems , 2004, Proceedings of the 21st IEEE Instrumentation and Measurement Technology Conference (IEEE Cat. No.04CH37510).

[20]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[21]  Marco Gamassi,et al.  Robust fingerprint detection for access control , 2005 .

[22]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[23]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[25]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[26]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[27]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[28]  Sushil Jajodia,et al.  Secure Data Management in Decentralized Systems , 2014, Secure Data Management in Decentralized Systems.

[29]  Stefano Ceri,et al.  Distributed Databases: Principles and Systems , 1984 .