Skip to main content
SpringerLink
Log in

Exploiting Data Sensitivity on Partitioned Data

  • Chapter
  • First Online:
From Database to Cyber Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11170))

Abstract

Several researchers have proposed solutions for secure data outsourcing on the public clouds based on encryption, secret-sharing, and trusted hardware. Existing approaches, however, exhibit many limitations including high computational complexity, imperfect security, and information leakage. This chapter describes an emerging trend in secure data processing that recognizes that an entire dataset may not be sensitive, and hence, non-sensitivity of data can be exploited to overcome some of the limitations of existing encryption-based approaches. In particular, data and computation can be partitioned into sensitive or non-sensitive datasets – sensitive data can either be encrypted prior to outsourcing or stored/processed locally on trusted servers. The non-sensitive dataset, on the other hand, can be outsourced and processed in the cleartext. While partitioned computing can bring new efficiencies since it does not incur (expensive) encrypted data processing costs on non-sensitive data, it can lead to information leakage. We study partitioned computing in two contexts - first, in the context of the hybrid cloud where local resources are integrated with public cloud resources to form a effective and secure storage and computational platform for enterprise data. In the hybrid cloud, sensitive data is stored on the private cloud to prevent leakage and a computation is partitioned between private and public clouds. Care must be taken that the public cloud cannot infer any information about sensitive data from inter-cloud data access during query processing. We then consider partitioned computing in a public cloud only setting, where sensitive data is encrypted before outsourcing. We formally define a partitioned security criterion that any approach to partitioned computing on public clouds must ensure in order to not introduce any new vulnerabilities to the existing secure solution. We sketch out an approach to secure partitioned computing that we refer to as query binning (QB) and show how QB can be used to support selection queries. We evaluate conditions under which partitioned computing approaches such as QB can improve the performance of cryptographic approaches that are prone to size, frequency-count, and workload attacks.

The full approaches proposed in this chapter may be found in [33, 36]. This material is based on research sponsored by DARPA under agreement number FA8750-16-2-0021. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. This work is partially supported by NSF grants 1527536 and 1545071.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://galois.com/research-development/cryptography/.

  2. 2.

    Some of these assumptions are made primarily for ease of the exposition and will be relaxed in [33].

  3. 3.

    The function \( approx\_sq\_factors \) in Algorithm 1 two factors x and y of a number n, such that either they are equal or close to each other so that the difference between x and y is less than the difference between any two factors of n (and \(x \times y =n\)).

References

  1. http://www.computerworld.com/article/2834193/cloud-computing/5-tips-for-building-a-successful-hybrid-cloud.html

  2. https://digitalguardian.com/blog/expert-guide-securing-sensitive-data-34-experts-reveal-biggest-mistakes-companies-make-data

  3. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD Conference, pp. 563-574. ACM (2004)

    Google Scholar 

  4. Arasu, A., et al.: Orthogonal security with cipherbase. In: CIDR. www.cidrdb.org (2013)

    Google Scholar 

  5. Arasu, A., Kaushik, R.: Oblivious query processing. In: ICDT, pp. 26–37. OpenProceedings.org (2014)

    Google Scholar 

  6. Bajaj, S., Sion, R.: Correctdb: SQL engine with practical query authentication. PVLDB 6(7), 529–540 (2013)

    Google Scholar 

  7. Boyle, E., Gilboa, N., Ishai, Y.: Function secret sharing. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 337–367. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_12

    Chapter  Google Scholar 

  8. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. J. ACM 45(6), 965–981 (1998)

    Article  MathSciNet  Google Scholar 

  9. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Fragmentation and encryption to enforce privacy in data storage. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 171–186. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74835-9_12

    Chapter  Google Scholar 

  10. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04444-1_27

    Chapter  Google Scholar 

  11. Ciriani, V., De Capitani, S., di Vimercati, S., Foresti, S., Jajodia, S.P., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Trans. Inf. Syst. Secur. 13(3), 22:1–22:33 (2010)

    Article  Google Scholar 

  12. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016:86 (2016)

    Google Scholar 

  13. Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. J. Comput. Secur. 19(5), 895–934 (2011)

    Article  Google Scholar 

  14. Derbeko, P., Dolev, S., Gudes, E., Sharma, S.: Security and privacy aspects in mapreduce on clouds: a survey. Comput. Sci. Rev. 20, 1–28 (2016)

    Article  MathSciNet  Google Scholar 

  15. De Capitani di Vimercati, S., Erbacher, R.F., Foresti, S., Jajodia, S., Livraga, G., Samarati, P.: Encryption and fragmentation for data confidentiality in the cloud. In: Aldini, A., Lopez, J., Martinelli, F. (eds.) FOSAD 2012-2013. LNCS, vol. 8604, pp. 212–243. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10082-1_8

    Chapter  MATH  Google Scholar 

  16. De Capitani, S., di Vimercati, S., Foresti, S., Jajodia, G., Livraga, S.P., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Sec. Comput. 11(6), 510–523 (2014)

    Article  Google Scholar 

  17. De Capitani, S., di Vimercati, S., Foresti, S., Jajodia, S.P., Samarati, P.: Fragments and loose associations: respecting privacy in data publishing. PVLDB 3(1), 1370–1381 (2010)

    Google Scholar 

  18. Dolev, S., Gilboa, N., Li, X.: Accumulating automata and cascaded equations automata for communicationless information theoretically secure multi-party computation: extended abstract. In: SCC@ASIACCS, pp. 21–29. ACM (2015)

    Google Scholar 

  19. Dolev, S., Li, Y., Sharma, S.: Private and secure secret shared MapReduce - (extended abstract). In: DBSec, pp. 151–160 (2016)

    Google Scholar 

  20. Emekçi, F., Metwally, A., Agrawal, D., El Abbadi, A.: Dividing secrets to secure data outsourcing. Inf. Sci. 263, 198–210 (2014)

    Article  MathSciNet  Google Scholar 

  21. Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)

    Google Scholar 

  22. Gilboa, N., Ishai, Y.: Distributed point functions and their applications. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 640–658. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_35

    Chapter  Google Scholar 

  23. Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: STOC, pp. 182–194. ACM (1987)

    Google Scholar 

  24. Goldreich, O.: The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press, Cambridge (2004)

    MATH  Google Scholar 

  25. Hacigümüs, H., Iyer, B.R., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: SIGMOD Conference, pp. 216–227. ACM (2002)

    Google Scholar 

  26. Hacigümüs, H., Mehrotra, S., Iyer, B.R.: Providing database as a service. In: ICDE, pp. 29–38. IEEE Computer Society (2002)

    Google Scholar 

  27. Ishai, Y., Kushilevitz, E., Lu, S., Ostrovsky, R.: Private large-scale databases with distributed searchable symmetric encryption. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 90–107. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_6

    Chapter  Google Scholar 

  28. Kellaris, G., Kollios, G., Nissim, K., O’Neill, A.: Generic attacks on secure outsourced databases. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1329–1340 (2016)

    Google Scholar 

  29. Ko, S.Y., Jeon, K., Morales, R.: The HybrEx model for confidentiality and privacy in cloud computing. In: 3rd USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2011, Portland, OR, USA, 14–15 June 2011 (2011)

    Google Scholar 

  30. Komargodski, I., Zhandry, M.: Cutting-edge cryptography through the lens of secret sharing. In: TCC, pp. 449–479 (2016)

    MATH  Google Scholar 

  31. Li, L., Militzer, M., Datta, A.: rPIR: ramp secret sharing based communication efficient private information retrieval. IACR Cryptology ePrint Archive 2014:44 (2014)

    Google Scholar 

  32. Lueks, W., Goldberg, I.: Sublinear scaling for multi-client private information retrieval. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 168–186. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_10

    Chapter  Google Scholar 

  33. Mehrotra, S., Sharma, S., Ullman, J.D., Mishra, A.: Partitioned data security on outsourced sensitive and non-sensitive data. In: 34th IEEE International Conference on Data Engineering, ICDE 2019, Macau, China, April 08-12, 2019. Technical report, Department of Computer Science, University of California, Irvine (2018). http://isg.ics.uci.edu/pubs/tr/partitioned.pdf

  34. Naor, M., Pinkas, B.: Oblivious polynomial evaluation. SIAM J. Comput. 35(5), 1254–1281 (2006)

    Article  MathSciNet  Google Scholar 

  35. Naveed, M., Kamara, S., Wright, C.V.: Inference attacks on property-preserving encrypted databases. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12-16 October 2015, pp. 644–655 (2015)

    Google Scholar 

  36. Oktay, K.Y., Kantarcioglu, M., Mehrotra, S.: Secure and efficient query processing over hybrid clouds. In: ICDE, pp. 733–744. IEEE Computer Society (2017)

    Google Scholar 

  37. Oktay, K.Y., Mehrotra, S., Khadilkar, V., Kantarcioglu, M.: SEMROD: secure and efficient MapReduce over hybrid clouds. In: Proceedings of the 2015 ACM SIGMOD International Conference on Management of Data, Melbourne, Victoria, Australia, 31 May–4 June 2015, pp. 153–166 (2015)

    Google Scholar 

  38. Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: SOSP, pp. 85–100. ACM (2011)

    Google Scholar 

  39. Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive, 2005:187 (2005)

    Google Scholar 

  40. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  41. Song, D.X., Wagner, D.A., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp. 44–55. IEEE Computer Society (2000)

    Google Scholar 

  42. Wang, S., Ding, X., Deng, R.H., Bao, F.: Private information retrieval using trusted hardware. IACR Cryptology ePrint Archive, 2006:208 (2006)

    Google Scholar 

  43. Zhang, C., Chang, E., Yap, R.H.C.: Tagged-MapReduce: a general framework for secure computing with mixed-sensitivity data on hybrid clouds. In: 14th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGrid 2014, Chicago, IL, USA, 26–29 May 2014, pp. 31–40 (2014)

    Google Scholar 

  44. Zhang, K., Zhou, X., Chen, Y., Wang, X., Ruan, Y.: Sedic: privacy-aware data intensive computing on hybrid clouds. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, 17–21 October 2011, pp. 515–526 (2011)

    Google Scholar 

  45. Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: NSDI, pp. 283–298. USENIX Association (2017)

    Google Scholar 

  46. Li, Y., Mehrotra, S., Panwar, N., Sharma, S., Almanee, S.: Obscure: information-theoretic oblivious and verifiable aggregation queries. Technical report. Department of Computer Science, University of California, Irvine (2018). http://isg.ics.uci.edu/pubs/tr/Obscure.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Irvine, USA

    Sharad Mehrotra, Kerim Yasin Oktay & Shantanu Sharma

Authors
  1. Sharad Mehrotra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kerim Yasin Oktay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shantanu Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Sharad Mehrotra or Shantanu Sharma .

Editor information

Editors and Affiliations

  1. Università degli Studi di Milano, Milano, Italy

    Pierangela Samarati

  2. Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Colorado State University, Fort Collins, CO, USA

    Indrakshi Ray

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Mehrotra, S., Oktay, K.Y., Sharma, S. (2018). Exploiting Data Sensitivity on Partitioned Data. In: Samarati, P., Ray, I., Ray, I. (eds) From Database to Cyber Security. Lecture Notes in Computer Science(), vol 11170. Springer, Cham. https://doi.org/10.1007/978-3-030-04834-1_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-04834-1_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-04833-4

  • Online ISBN: 978-3-030-04834-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation