APM Welcome, APM North West Network Conference, Synergies Across Sectors
Outsourced database
1. Data Outsourcing
Security of DBs course given at Tarbiat Modares University
Lecturer:
Faraz Safarpour
Instructor:
Dr. Sadegh Dorri
Fall Semester 2018-2019
12/31/2018
5. Secure Data
A Naive Approach
• Use standard encryption techniques
• No operations could be performed
6. SSE Scheme
Searchable Symmetric Encryption
• Introduced by Song in 2000
• Fully Homomorphic Encryption (FHE)
• Oblivious RAM (ORAM)
• Secure Multi-Party Computation (SMC)
• Problem ?!
7. Problems
1. Information Leakage
Correlation between the queries and the matched data
Solution :
ORAM and PIR:
To minimize information leakage
Very costly
Not scale well
When dealing with dynamic data
8. Problems
2. Lack of Support for a Full-Fledged Multi-User Access
a) All users share the same key (Single User (SU) schemes)
b) have a read-only key shared among all the users
and one special key for inserting/updating data
(Semi Fledged Multiple User (SFMU) schemes)
Misplacing a key or revoking access
Generation of a new key and re-encryption
9. Solution
A Full-Fledged Multi-User (FFMU) scheme:
• Any authorized user is able to read and write
• Users are able to join and leave the organization at
any time without affecting rest of the users.
LWC !
10. Long White Cloud
• Sub-linear Dynamic SSE
• Supports high throughput of queries
• Minimizes information leakage
• Designed for large organizations
Main Idea:
Using a hybrid private/public cloud approach
• Private part of the infrastructure
to store the encrypted data
Speeding up the query processing
to minimize information leakage
on their local premises
• The rest to a public cloud provider
12. Long White Cloud
• DataBase User (DBU)
• DataBase Administrator (DBA)
• Operations Proxy Server (OPS)
• Private Cloud
• Cloud Server (CS)
• Public Cloud
• Key Management Authority (KMA)
• responsible for issuing encryption keys
13. How to initialize the system?!
Step 1: Set up the OPS
Step 2: Prepare the DB on CS
Step 3: Bringing the KMA online
14. • Encrypting and Sending
queries to OPS
What are the steps?
• Fetching data from CS by
OPS
• Doing calculation in OPS
• Encrypting data and sending
responses to DBU
2
1
3
4
1
2
4
3
15. Details
• (𝐾 𝐷𝐵𝑈, 𝐾 𝑈)
• DBU has Both, OPS has the first
• First encrypted by 𝐾 𝑈 then 𝐾 𝐷𝐵𝑈
• First Encryption : Deterministic and
Symmetric to be searchable ( Just
keywords)
• Second Encryption: Semantically secure
16. Example of Encryptions
The first Encryption:
“select * from Staff WHERE
"𝐾 𝑈 (name) ="𝐾 𝑈 (Alice)
AND "𝐾 𝑈 (age) = "𝐾 𝑈 (25)”
The second Encryption:
All the data
18. Cloud Server
Blocks, Slots ( Records), Cells
B+ Tree:
An encrypted keyword, and a pointer points to
a list of (bi; sj) indicating the record store
location on the CS.
19. Oblivious Access
Problem:
• All users have 𝐾 𝑈
• Revoked users can access CS!
Solution:
• Using a pseudo-random permutation
• Keeping seed in OPS
20. Security Analysis
γ − k blocks are picked randomly
K : needed blocks
γ: random blocks
Fills a number of empty slots with random
bit strings for each block
21. Security Analysis
• Search Pattern Privacy (SPP)
• Distinguishing if two (or more)
queries are the same or not
• Achieved by random blocks
• Access Pattern Privacy (APP)
• Unable to learn if two (or more)
real result sets overlap or not
• Achieved in 2 levels:
• Having Blocks
• Random Blocks
22. Security Analysis
• Size Pattern Privacy (SzPP):
• Unable to learn the size of returned (real)
records.
• Achieved in 2 levels:
• Fetching data in blocks NOT slots
• Having γ
• Operation Pattern Privacy (OPP):
• Unable to tell if the executed query is a
select, update, delete, or insert.
• Achieved by γ
• Deleting by changing the flag
24. Experimental Evaluation
• Intel i5-4670 3:40 GHz processor
• 8 GB of RAM
• Linux Ubuntu 15.04
• Programmed in C
• Compiled using GCC version 4.9.2
• No parallel operations or hyper-threading
• OPS: picked up 2·k blocks
• (k: needed blocks to execute the query)
28. • Shujie Cui, Ming Zhang, Muhammad Rizwan Asghar and Giovanni Russello (The University of
Auckland, New Zealand). Long White Cloud (LWC): A Practical and Privacy-Preserving
Outsourced Database
Reference
• http://www.onlinetech.com/
• D. Cash, P. Grubbs, J. Perry, and T. Ritsenpart. Leakage-abuse attacks against
searchable encryption.
Notas del editor
Notes to presenter:
What is your purpose for sharing this reflection?
Is it at the end of a unit or project?
Are you sharing this reflection, at the attainment of a learning goal you set for yourself?
Is it at the end of a course?
State your purpose for the reflection or even the purpose of the learning experience or learning goal. Be clear and be specific in stating your purpose.
Notes to presenter:
Description of what you learned in your own words on one side.
Include information about the topic
Details about the topic will also be helpful here.
Tell the story of your learning experience. Just like a story there should always be a beginning, middle and an end.
On the other side, you can add a graphic that provides evidence of what you learned.
Feel free to use more than one slide to reflect upon your process. It also helps to add some video of your process.
Notes to presenter:
What did you think at first?
What obstacles did you encounter along the way?
How did you overcome those obstacles?
What images can you add to support your process?
This SmartArt allows you add images and text to help outline your process. If a picture is worth a thousand words, then pictures and words should help you communicate this reflection on learning perfectly! You can always click on Insert>SmartArt to change this graphic or select the graphic and click on the Design contextual menu to change the colors.
Feel free to use more than one slide to reflect upon your process. It also helps to add some video of your process.
Notes to presenter:
What steps will you be taking as a result of this learning experience?
Did you learn from any failed experiences? How will you do things differently?
What advice will you give to others so they can learn from your experiences?
How can you share what you learned with a real-world audience?
Some examples of next steps might be:
After delivering my first persuasive presentation, I am thinking about joining the debate team.
After making my first film, I’m considering entering it in our school film festival or local film festival.
After connecting with this career expert, I’d like to do some research on that career field because it sounds interesting to me.
This SmartArt allows you add images and text to help outline your process. If a picture is worth a thousand words, then pictures and words should help you communicate this reflection on learning perfectly! You can always click on Insert>SmartArt to change this graphic or select the graphic and click on the Design contextual menu to change the colors.
Feel free to use more than one slide to share your next steps. It also helps to add some video content to explain your message.
Notes to presenter:
What was important about this learning experience?
How is it relevant to your course, yourself, or your society or community?
Why is this significant?
This SmartArt allows you add images and text to help outline your process. If a picture is worth a thousand words, then pictures and words should help you communicate this reflection on learning perfectly! You can always click on Insert>SmartArt to change this graphic or select the graphic and click on the Design contextual menu to change the colors.