Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Privacy Enhancing Technologies Symposium

PETS 2009: Privacy Enhancing Technologies pp 185–201Cite as

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5672))

Abstract

Outsourced databases provide a solution for data owners who want to delegate the task of answering database queries to third-party service providers. However, distrustful users may desire a means of verifying the integrity of responses to their database queries. Simultaneously, for privacy or security reasons, the data owner may want to keep the database hidden from service providers. This security property is particularly relevant for aggregate databases, where data is sensitive, and results should only be revealed for queries that are aggregate in nature. In such a scenario, using simple signature schemes for verification does not suffice. We present a solution in which service providers can collaboratively compute aggregate queries without gaining knowledge of intermediate results, and users can verify the results of their queries, relying only on their trust of the data owner. Our protocols are secure under reasonable cryptographic assumptions, and are robust to collusion among k dishonest service providers.

This work has been supported in part by NSF grant CCF-0728937, CNS-0831186, and the Rutgers University Computing Coordination Council Pervasive Computing Initiative Grant. This material is also based upon work supported by the U.S. Department of Homeland Security under grant number 2008-ST-104-000016. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. Department of Homeland Security.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Lee, J.M., Neven, G., Paillier, P., Shi, H.: Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 205–222. Springer, Heidelberg (2005)

    Google Scholar 

  2. Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of the ACM SIGMOD International Conference on Management of Data (May 2000)

    Google Scholar 

  3. Bertino, E., Ooi, B.C., Yang, Y., Deng, R.H.: Privacy and ownership preserving of outsourced medical data. In: Proceedings of the 21st International Conference on Data Engineering (ICDE), pp. 521–532 (2005)

    Google Scholar 

  4. Blakley, G.: Safeguarding cryptographic keys. In: Proceedings of AFIPS National Computer Conference, pp. 313–317 (1979)

    Google Scholar 

  5. Chumash, T., Yao, D.: Detection and prevention of insider threats in database driven web services. In: Proceedings of The Third IFIP WG 11.11 International Conference on Trust Management (IFIPTM) (June 2009)

    Google Scholar 

  6. Cruz, I.F., Tamassia, R., Yao, D.: Privacy-preserving schema matching using mutual information. In: Barker, S., Ahn, G.-J. (eds.) Data and Applications Security 2007. LNCS, vol. 4602, pp. 93–94. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Devanbu, P., Gertz, M., Martel, C., Stubblebine, S.: Authentic third-party data publication. Journal of Computer Security 11(3) (2003)

    Google Scholar 

  8. Dinur, I., Nissim, K.: Revealing information while preserving privacy. In: PODS, pp. 202–210 (2003)

    Google Scholar 

  9. Domingo-Ferrer, J. (ed.): Inference Control in Statistical Databases. LNCS, vol. 2316. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  10. Dwork, C.: Differential privacy: A survey of results. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Ganta, S.R., Kasiviswanathan, S.P., Smith, A.: Composition attacks and auxiliary information in data privacy. CoRR, abs/0803.0032 (2008)

    Google Scholar 

  13. Hacigümüs, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service provider model. In: Proceedings of ACM SIGMOD Conference on Management of Data, pp. 216–227. ACM Press, New York (2002)

    Google Scholar 

  14. Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proceedings of International Conference on Data Engineering (ICDE) (March 2002)

    Google Scholar 

  15. Hacigümüs, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted databases. In: Proceedings of International Conference on Database Systems for Advanced Applications (DASFAA) (2004)

    Google Scholar 

  16. Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)

    Google Scholar 

  17. Jagannathan, G., Wright, R.N.: Private inference control for aggregate database queries. In: ICDM Workshops, pp. 711–716. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  18. Li, F., Hadjieleftheriou, M., Kollios, G., Reyzin, L.: Dynamic authenticated index structures for outsourced databases. In: Chaudhuri, S., Hristidis, V., Polyzotis, N. (eds.) SIGMOD Conference, pp. 121–132. ACM, New York (2006)

    Google Scholar 

  19. Massell, P., Zayatz, L., Funk, J.: Protecting the confidentiality of survey tabular data by adding noise to the underlying microdata: Application to the commodity flow survey. In: Domingo-Ferrer, J., Franconi, L. (eds.) PSD 2006. LNCS, vol. 4302, pp. 304–317. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Merkle, R.: Protocols for public key cryptosystems. In: Proceedings of the 1980 Symposium on Security and Privacy, pp. 122–133. IEEE Computer Society Press, Los Alamitos (1980)

    Google Scholar 

  21. Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: Proceedings of Symposium on Network and Distributed Systems Security (NDSS) (February 2004)

    Google Scholar 

  22. Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec) (July 2006)

    Google Scholar 

  23. Narasimha, M., Tsudik, G.: Authentication of outsourced databases using signature aggregation and chaining. In: International Conference on Database Systems for Advanced Applications (DASFAA) (April 2006)

    Google Scholar 

  24. Pang, H., Jain, A., Ramamritham, K., Tan, K.-L.: Verifying completeness of relational query results in data publishing. In: Proceedings of the ACM SIGMOD International Conference on Management of Data (SIGMOD), pp. 407–418 (2005)

    Google Scholar 

  25. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  26. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  27. Samarati, P.: Protecting respondent’s privacy in microdata release. IEEE Transactions on Knowledge and Data Engineering 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  28. Scannapieco, M., Figotin, I., Bertino, E., Elmagarmid, A.K.: Privacy preserving schema and data matching. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 653–664 (2007)

    Google Scholar 

  29. Shamir, A.: How to share a secret. Communications of the ACM 22(11), 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  30. Sweeney, L.: k-Anonymity, a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  31. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: Proceedings of Symposium on Network and Distributed Systems Security (NDSS 2004) (2004)

    Google Scholar 

  32. Xiao, X., Tao, Y.: Anatomy: Simple and effective privacy preservation. In: Proceedings of the 32nd Very Large Data Bases (VLDB) (2006)

    Google Scholar 

  33. Yao, D., Frikken, K.B., Atallah, M.J., Tamassia, R.: Private information: To reveal or not to reveal. ACM Trans. Inf. Syst. Secur. 12(1) (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Rutgers University, Piscataway, NJ, 08854, USA

    Brian Thompson & Danfeng Yao

  2. Hewlett-Packard Labs, 5 Vaughn Drive, Suite 301, Princeton, NJ, 08540, USA

    Stuart Haber, William G. Horne & Tomas Sander

Authors
  1. Brian Thompson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stuart Haber
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. William G. Horne
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tomas Sander
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Danfeng Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. David R. Cheriton School of Computer Science, University of Waterloo, University Avenue West, N2L 3G1, Waterloo, ON, Canada

    Ian Goldberg

  2. Department of Computer Science, Purdue University, 305 North University Street, IN 47907-2107, West Lafayete, USA

    Mikhail J. Atallah

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Thompson, B., Haber, S., Horne, W.G., Sander, T., Yao, D. (2009). Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases. In: Goldberg, I., Atallah, M.J. (eds) Privacy Enhancing Technologies. PETS 2009. Lecture Notes in Computer Science, vol 5672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03168-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03168-7_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03167-0

  • Online ISBN: 978-3-642-03168-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation