Advertisement

\({\textsf {SecDM}}\): privacy-preserving data outsourcing framework with differential privacy

  • Gaby G. DagherEmail author
  • Benjamin C. M. Fung
  • Noman Mohammed
  • Jeremy Clark
Regular Paper

Abstract

Data-as-a-service (DaaS) is a cloud computing service that emerged as a viable option to businesses and individuals for outsourcing and sharing their collected data with other parties. Although the cloud computing paradigm provides great flexibility to consumers with respect to computation and storage capabilities, it imposes serious concerns about the confidentiality of the outsourced data as well as the privacy of the individuals referenced in the data. In this paper we formulate and address the problem of querying encrypted data in a cloud environment such that query processing is confidential and the result is differentially private. We propose a framework where the data provider uploads an encrypted index of her anonymized data to a DaaS service provider that is responsible for answering range count queries from authorized data miners for the purpose of data mining. To satisfy the confidentiality requirement, we leverage attribute-based encryption to construct a secure kd-tree index over the differentially private data for fast access. We also utilize the exponential variant of the ElGamal cryptosystem to efficiently perform homomorphic operations on encrypted data. Experiments on real-life data demonstrate that our proposed framework preserves data utility, can efficiently answer range queries, and is scalable with increasing data size.

Keywords

Cloud computing Data outsourcing Search on encrypted data Differential privacy 

Notes

Supplementary material

References

  1. 1.
    Agrawal R, Kiernan J, Srikant R, Xu Y (2004) Order preserving encryption for numeric data. In: Proceedings of the ACM SIGMOD international conference on management of data (SIGMOD), pp 563–574Google Scholar
  2. 2.
    Bache K, Lichman M (2013) UCI machine learning repository. School of Information and Computer Sciences, University of California, IrvineGoogle Scholar
  3. 3.
    Barbaro M, Zeller TJ (2006) A face is exposed for AOL searcher no. 4417749Google Scholar
  4. 4.
    Barouti S, Aljumah F, Alhadidi D, Debbabi M (2014) Secure and privacy-preserving querying of personal health records in the cloud. In: Data and applications security and privacy XXVIII (LNCS), vol 8566, pp 82–97Google Scholar
  5. 5.
    Bayer R, McCreight E (1970) Organization and maintenance of large ordered indices. In: Proceedings of the ACM SIGFIDET workshop on data description, access and control, pp 107–141Google Scholar
  6. 6.
    Bentley JL (1975) Multidimensional binary search trees used for associative searching. Commun ACM 18(9):509–517MathSciNetCrossRefGoogle Scholar
  7. 7.
    Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: Proceedings of the IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC, pp 321–334Google Scholar
  8. 8.
    Blum A, Dwork C, McSherry F, Nissim K (2005) Practical privacy: the SuLQ framework. In: Proceedings of the 24th ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (PODS). ACM, pp 128–138Google Scholar
  9. 9.
    Boneh D, Boyen X, Shacham H (2004) Short group signatures. In: Advances in cryptology—CRYPTO 2004. Volume 3152 of lecture notes in computer science, pp 41–55Google Scholar
  10. 10.
    Boneh D, Franklin M (2003) Identity-based encryption from the Weil pairing. SIAM J Comput 32(3):586–615MathSciNetCrossRefGoogle Scholar
  11. 11.
    Boneh D, Lynn B, Shacham H (2001) Short signatures from the weil pairing. In: Proceedings of the 7th international conference on the theory and application of cryptology and information security: advances in cryptology (ASIACRYPT). Springer, pp 514–532Google Scholar
  12. 12.
    Boneh D, Sahai A, Waters B (2011) Functional encryption: definitions and challenges. In: Proceedings of TCC, pp 253–273Google Scholar
  13. 13.
    Boneh D, Waters B (2007) Conjunctive, subset, and range queries on encrypted data. In: Proceedings of the 4th conference on theory of cryptography (TCC), pp 535–554Google Scholar
  14. 14.
    Bösch C, Hartel P, Jonker W, Peter A (2014) A survey of provably secure searchable encryption. ACM Comput Surv 47(2):18:1–18:51CrossRefGoogle Scholar
  15. 15.
    Bösch C, Tang Q, Hartel P, Jonker W (2012) Selective document retrieval from encrypted database. In: Proceedings of ISC, pp 224–241Google Scholar
  16. 16.
    Chen R, Xiao Q, Zhang Y, Xu J (2015) Differentially private high-dimensional data publication via sampling-based inference. In: Proceedings of the 21th ACM SIGKDD international conference on knowledge discovery and data mining, KDD ’15, pp 129–138Google Scholar
  17. 17.
    Comer D (1979) Ubiquitous B-tree. ACM Comput Surv 11(2):121–137MathSciNetCrossRefGoogle Scholar
  18. 18.
    Cormode G, Procopiuc C, Srivastava D, Shen E, Yu T (2012) Differentially private spatial decompositions. In: Proceedings of the IEEE 28th international conference on data engineering (ICDE). IEEE Computer Society, pp 20–31Google Scholar
  19. 19.
    Cramer R, Gennaro R, Schoenmakers B (1997) A secure and optimally efficient multi-authority election scheme. In: Proceedings of the 16th annual international conference on theory and application of cryptographic techniques (EUROCRYPT). Springer, pp 103–118Google Scholar
  20. 20.
    Dagher GG, Mohler J, Milojkovic M, Marella PB (2018) Ancile: privacy-preserving framework for access control and interoperability of electronic health records using blockchain technology. Sustain Cities Soc (SCS) 39:283–297CrossRefGoogle Scholar
  21. 21.
    Damiani E, Vimercati SDC, Jajodia S, Paraboschi S, Samarati P (2003) Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proceedings of the 10th ACM conference on computer and communications security (CCS). ACM, pp 93–102Google Scholar
  22. 22.
    de Berg M, Cheong O, van Kreveld M, Overmars M (2008) Computational geometry: algorithms and applications, 3rd edn. Springer, BerlinCrossRefGoogle Scholar
  23. 23.
    Dillon T, Wu C, Chang E (2010) Cloud computing: issues and challenges. In: Proceedings of the 24th IEEE conference on advanced information networking and applications (AINA), pp 27–33Google Scholar
  24. 24.
    Dong C, Russello G, Dulay N (2008) Shared and searchable encrypted data for untrusted servers. In: Proceeedings of DBSec, pp 127–143Google Scholar
  25. 25.
    Dwork, C (2006) Differential privacy. In: Proceedings of the international colloquium on automata, languages, and programming (ICALP), pp 1–12Google Scholar
  26. 26.
    Emekci F, Agrawal D, Abbadi A, Gulbeden A (2006) Privacy preserving query processing using third parties. In: Proceedings of the 22nd international conference on data engineering (ICDE), pp 27–36Google Scholar
  27. 27.
    Friedman A, Schuster A (2010) Data mining with differential privacy. In: Proceedings of the 16th ACM SIGKDD. KDD ’10, pp 493–502Google Scholar
  28. 28.
    Fung BCM, Wang K, Chen R, Yu PS (2010) Privacy-preserving data publishing: a survey of recent developments. ACM Comput Surv 42(4):14:1–14:53CrossRefGoogle Scholar
  29. 29.
    Fung BCM, Wang K, Yu PS (2007) Anonymizing classification data for privacy preservation. IEEE Trans Knowl Data Eng (TKDE) 19(5):711–725CrossRefGoogle Scholar
  30. 30.
    Ge T, Zdonik S (2007) Answering aggregation queries in a secure system model. In: Proceedings of the 33rd international conference on very large data bases (PVLDB). VLDB Endowment, pp 519–530Google Scholar
  31. 31.
    Ge T, Zdonik S (2007) Fast, secure encryption for indexing in a column-oriented DBMS. In: Proceedings of the IEEE 23rd international conference on data engineering (ICDE), pp 676–685Google Scholar
  32. 32.
    Gentry C (2009) Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st annual ACM symposium on theory of computing (STOC). ACM, pp 169–178Google Scholar
  33. 33.
    Giannotti F, Lakshmanan L, Monreale A, Pedreschi D, Wang H (2013) Privacy-preserving mining of association rules from outsourced transaction databases. IEEE Syst J (ISJ) 7(3):385–395CrossRefGoogle Scholar
  34. 34.
    Goldreich O (2004) Foundations of cryptography, vol 2. Cambridge University Press, CambridgeCrossRefGoogle Scholar
  35. 35.
    Guttman A (1984) R-trees: a dynamic index structure for spatial searching. In: Proceedings of the ACM SIGMOD international conference on management of data (SIGMOD). ACM, pp 47–57Google Scholar
  36. 36.
    Hacigümüş H, Iyer B, Li C, Mehrotra S (2002) Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the ACM SIGMOD international conference on management of data (SIGMOD). ACM, pp 216–227Google Scholar
  37. 37.
    Hacigümüş H, Iyer B, Mehrotra S (2004) Efficient execution of aggregation queries over encrypted relational databases. In: Proceedings of the database systems for advanced applications (DASFAA), pp 125–136Google Scholar
  38. 38.
    Hore B, Mehrotra S, Tsudik G (2004) A privacy-preserving index for range queries. In: Proceedings of the 13th international conference on very large data bases (PVLDB). VLDB Endowment, pp 720–731Google Scholar
  39. 39.
    Hu H, Xu J, Ren C, Choi B (2011) Processing private queries over untrusted data cloud through privacy homomorphism. In: Proceedings of the IEEE 27th international conference on data engineering (ICDE), pp 601–612Google Scholar
  40. 40.
    Jarecki S, Jutla C, Krawczyk H, Rosu M, Steiner M (2013) Outsourced symmetric private information retrieval. In: Proceedings of the ACM SIGSAC conference on computer & communications security (CCS), pp 875–888Google Scholar
  41. 41.
    Joux A (2000) A one round protocol for tripartite diffie-hellman. In: Proceedings of the 4th international symposium on algorithmic number theory (ANTS), pp 385–394Google Scholar
  42. 42.
    Kamara S, Mohassel P, Raykova M (n.d.) Outsourcing multi-party computation. IACR Cryptology ePrint Archive 2011:272Google Scholar
  43. 43.
    Kifer D, Lin B-R (2010) Towards an axiomatization of statistical privacy and utility. In: Proceedings of the 29th ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (PODS). ACM, pp 147–158Google Scholar
  44. 44.
    Lai J, Deng RH, Li Y (2011) Fully secure cipertext-policy hiding cp-abe. In: Proceedings of the 7th international conference on information security practice and experience (ISPEC). Springer, Berlin, pp 24–39Google Scholar
  45. 45.
    McSherry FD (2009) Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD international conference on management of data, pp 19–30Google Scholar
  46. 46.
    Mohammed N, Chen R, Fung BCM, Yu PS (2011) Differentially private data release for data mining. In: Proceedings of the 17th ACM SIGKDD international conference on knowledge discovery and data mining (SIGKDD). ACM, pp 493–501Google Scholar
  47. 47.
    Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets. In: Proceedings of the IEEE symposium on security and privacy (SP), pp 111–125Google Scholar
  48. 48.
    Popa RA, Redfield CMS, Zeldovich N, Balakrishnan H (2011) Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the 23rd ACM symposium on operating systems principles (SOSP). ACM, pp 85–100Google Scholar
  49. 49.
    Salzberg S (1994) C4.5: programs for machine learning by j. ross quinlan morgan. kaufmann publishers, inc., 1993. Mach Learn 16(3):235–240MathSciNetGoogle Scholar
  50. 50.
    Shabtai A, Elovici Y, Rokach L (2012) A survey of data leakage detection and prevention solutions. SpringerBriefs in computer science. Springer, BerlinCrossRefGoogle Scholar
  51. 51.
    Shmueli E, Tassa T, Wasserstein R, Shapira B, Rokach L (2012) Limiting disclosure of sensitive data in sequential releases of databases. Inf Sci 191:98–127CrossRefGoogle Scholar
  52. 52.
    Song DX, Wagner D, Perrig A (2000) Practical techniques for searches on encrypted data. In: Proceedings of the 2000 IEEE symposium on security and privacy (S&P)Google Scholar
  53. 53.
    Tysowski P, Hasan M (2013) Hybrid attribute- and re-encryption-based key management for secure and scalable mobile applications in clouds. IEEE Trans Cloud Comput (TCC) 1(2):172–186CrossRefGoogle Scholar
  54. 54.
    Wang C, Cao N, Li J, Ren K, Lou W (2010) Secure ranked keyword search over encrypted cloud data. In: Proceedings of the IEEE 30th international conference on distributed computing systems (ICDCS). IEEE Computer Society, pp 253–262Google Scholar
  55. 55.
    Wang H, Lakshmanan LVS (2006) Efficient secure query evaluation over encrypted xml databases. In: Proceedings of the 32nd international conference on very large data bases (PVLDB). VLDB endowment, pp 127–138Google Scholar
  56. 56.
    Wang P, Ravishankar C (2013) Secure and efficient range queries on outsourced databases using \(\widehat{R}\)-trees. In: Proceedings of the IEEE 29th international conference on data engineering (ICDE), pp 314–325Google Scholar
  57. 57.
    Wang S, Agrawal D, El Abbadi A (2011) A comprehensive framework for secure query processing on relational data in the cloud. In: Proceedings of the 8th VLDB international conference on secure data management (SDM). Springer, pp 52–69Google Scholar
  58. 58.
    Wang Y (2014) Privacy-preserving data storage in cloud using array BP-XOR codes. IEEE Trans Cloud Comput 3(4):425–435CrossRefGoogle Scholar
  59. 59.
    Wang Z-F, Dai J, Wang W, Shi B-L (2004) Fast query over encrypted character data in database. In: Proceedings of the 1st international conference on computational and information science (CIS). Springer, pp 1027–1033Google Scholar
  60. 60.
    Wang Z-F, Wang W, Shi B-L (2005) Storage and query over encrypted character and numerical data in database. In: Proceedings of the 5th international conference on computer and information technology (CIT). IEEE Computer Society, pp 77–81Google Scholar
  61. 61.
    Williams P, Sion R, Carbunar B (2008) Building castles out of mud: Practical access pattern privacy and correctness on untrusted storage. In: Proceedings of the 15th ACM conference on computer and communications security (CCS), pp 139–148Google Scholar
  62. 62.
    Wong RC-W, Li J, Fu AW-C, Wang K (2006) (\(\alpha \), k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing. In: Proceedings of the 12th ACM SIGKDD international conference on knowledge discovery and data mining (SIGKDD). ACM, pp 754–759Google Scholar
  63. 63.
    Wong WK, Cheung DW-l, Kao B, Mamoulis N (2009) Secure KNN computation on encrypted databases. In: Proceedings of the ACM SIGMOD international conference on management of data (SIGMOD). ACM, pp 139–152Google Scholar
  64. 64.
    Xiao Y, Xiong L, Yuan C (2010) Differentially private data release through multidimensional partitioning. In: Proceedings of the 7th VLDB conference on secure data management (SDM). Springer, pp 150–168Google Scholar
  65. 65.
    Yi X, Paulet R, Bertino E, Xu G (2016) Private cell retrieval from data warehouses. IEEE Trans Inf Forensics Secur 11(6):1346–1361CrossRefGoogle Scholar

Copyright information

© Springer-Verlag London Ltd., part of Springer Nature 2019

Authors and Affiliations

  • Gaby G. Dagher
    • 1
    Email author
  • Benjamin C. M. Fung
    • 2
  • Noman Mohammed
    • 3
  • Jeremy Clark
    • 4
  1. 1.Boise State UniversityBoiseUSA
  2. 2.McGill UniversityMontréalCanada
  3. 3.University of ManitobaWinnipegCanada
  4. 4.Concordia UniversityMontréalCanada

Personalised recommendations