Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases

Outsourced databases provide a solution for data owners who want to delegate the task of answering database queries to third-party service providers. However, distrustful users may desire a means of verifying the integrity of responses to their database queries. Simultaneously, for privacy or security reasons, the data owner may want to keep the database hidden from service providers. This security property is particularly relevant for aggregate databases, where data is sensitive, and results should only be revealed for queries that are aggregate in nature. In such a scenario, using simple signature schemes for verification does not suffice. We present a solution in which service providers can collaboratively compute aggregate queries without gaining knowledge of intermediate results, and users can verify the results of their queries, relying only on their trust of the data owner. Our protocols are secure under reasonable cryptographic assumptions, and are robust to collusion among k dishonest service providers.

[1]  Jeremy Funk,et al.  Protecting the Confidentiality of Survey Tabular Data by Adding Noise to the Underlying Microdata: Application to the Commodity Flow Survey , 2006, Privacy in Statistical Databases.

[2]  Rebecca N. Wright,et al.  Private Inference Control for Aggregate Database Queries , 2007, Seventh IEEE International Conference on Data Mining Workshops (ICDMW 2007).

[3]  Josep Domingo-Ferrer,et al.  Inference Control in Statistical Databases, From Theory to Practice , 2002 .

[4]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[5]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[6]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[7]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[8]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[9]  Michael Gertz,et al.  Authentic Data Publication Over the Internet , 2003, J. Comput. Secur..

[10]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.

[11]  Kian-Lee Tan,et al.  Verifying completeness of relational query results in data publishing , 2005, SIGMOD '05.

[12]  Matthew K. Franklin,et al.  Self-healing key distribution with revocation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[13]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[14]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[15]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[16]  Beng Chin Ooi,et al.  Privacy and ownership preserving of outsourced medical data , 2005, 21st International Conference on Data Engineering (ICDE'05).

[17]  Josep Domingo-Ferrer,et al.  Inference Control in Statistical Databases , 2002, Lecture Notes in Computer Science.

[18]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[19]  Adam D. Smith,et al.  Composition attacks and auxiliary information in data privacy , 2008, KDD.

[20]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[21]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[22]  Roberto Tamassia,et al.  Privacy-Preserving Schema Matching Using Mutual Information , 2007, DBSec.

[23]  Jessica Staddon,et al.  Sliding-window self-healing key distribution , 2003, SSRS '03.

[24]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[25]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[26]  Bruce Schneier,et al.  Protecting secret keys with personal entropy , 2000, Future Gener. Comput. Syst..

[27]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[28]  Rebecca N. Wright,et al.  Private Inference Control for Aggregate Database Queries , 2007 .

[29]  Gail-Joon Ahn,et al.  Data and Applications Security XXI , 2007 .

[30]  Feifei Li,et al.  Dynamic authenticated index structures for outsourced databases , 2006, SIGMOD Conference.

[31]  Yufei Tao,et al.  Anatomy: simple and effective privacy preservation , 2006, VLDB.

[32]  Mikhail J. Atallah,et al.  Private Information: To Reveal or not to Reveal , 2008, TSEC.

[33]  Brent Waters,et al.  Building an Encrypted and Searchable Audit Log , 2004, NDSS.

[34]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[35]  Michael Gertz,et al.  Authentic Third-party Data Publication , 2000, DBSec.

[36]  Anna Lysyanskaya,et al.  How to Securely Outsource Cryptographic Computations , 2005, TCC.

[37]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[38]  Danfeng Yao,et al.  Detection and Prevention of Insider Threats in Database Driven Web Services , 2009, IFIPTM.

[39]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[40]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[41]  Elisa Bertino,et al.  Privacy preserving schema and data matching , 2007, SIGMOD '07.