Abstract
In an outsourced database framework, clients place data management with specialized service providers. Of essential concern in such frameworks is data privacy. Potential clients are reluctant to outsource sensitive data to a foreign party without strong privacy assurances beyond policy “fine–prints”. In this paper we introduce a mechanism for executing general binary JOIN operations (for predicates that satisfy certain properties) in an outsourced relational database framework with full computational privacy and low overheads – a first, to the best of our knowledge. We illustrate via a set of relevant instances of JOIN predicates, including: range and equality (e.g., for geographical data), Hamming distance (e.g., for DNA matching) and semantics (i.e., in health-care scenarios – mapping antibiotics to bacteria). We experimentally evaluate the main overhead components and show they are reasonable. For example, the initial client computation overhead for 100000 data items is around 5 minutes. Moreover, our privacy mechanisms can sustain theoretical throughputs of over 30 million predicate evaluations per second, even for an un-optimized OpenSSL based implementation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Biometrix Int., http://www.biometrix.at/
International HapMap Project, http://www.hapmap.org/
TWIRL and RSA Key Size, http://www.rsasecurity.com/rsalabs/node.asp?id=2004
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the International Conference on Very Large Databases VLDB, pp. 143–154 (2002)
Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of the ACM SIGMOD, pp. 439–450 (2000)
Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-Based System for XML Data Protection. In: IFIP DBSec, pp. 15–26 (2000)
Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems 17(2) (1999)
Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)
Boneh, D., Crescenzo, G.D., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004)
Broder, A., Mitzenmacher, M., Mitzenmacher, A.B.I.M.: Network applications of bloom filters: A survey. In: Internet Mathematics, pp. 636–646 (2002)
Chang, Y.-C., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: ACNS (2005)
Clifton, C., Kantarcioglu, M., Doan, A., Schadow, G., Vaidya, J., Elmagarmid, A., Suciu, D.: Privacy-preserving data integration and sharing. In: The 9th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery, pp. 19–26. ACM Press, New York (2004)
Clifton, C., Marks, D.: Security and privacy implications of data mining. In: Workshop on Data Mining and Knowledge Discovery Computer Sciences, Montreal, Canada, pp. 15–19. University of British Columbia (1996)
Devanbu, P.T., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic third-party data publication. In: IFIP Workshop on Database Security, pp. 101–112 (2000)
Fagin, R.: Fuzzy queries in multimedia database systems. In: Proceedings of the 17th PODS, pp. 1–10 (1998)
Fei-Fei, L., Fergus, R., Perona, P.: Learning generative visual models from few training examples. In: Proceedings of IEEE Workshop on Generative-Model Based Vision (2004)
Gartner, Inc., Server Storage and RAID Worldwide. Technical report, Gartner Group/Dataquest (1999), http://www.gartner.com
Ge, T., Zdonik, S.B.: Answering aggregation queries in a secure system model. In: Very Large Databases (VLDB), pp. 519–530 (2007)
Gevers, T., Smeulders, A.W.M.: PicToSeek: Combining Color and Shape Invari- ant Features for Image Retrieval. IEEE Trans. on Image Processing 9(1), 102–119 (2000)
Goh, E.: Secure indexes. Cryptology ePrint Archive, Report 2003/216 (2003), http://eprint.iacr.org/2003/216/
Goldreich, O.: Foundations of Cryptography I. Cambridge University Press, Cambridge (2001)
Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 31–45. Springer, Heidelberg (2004)
Hacigumus, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the ACM SIGMOD international conference on Management of data, pp. 216–227. ACM Press, New York (2002)
Hacigumus, H., Iyer, B.R., Mehrotra, S.: Providing database as a service. In: IEEE International Conference on Data Engineering (ICDE) (2002)
Hale, J., Threet, J., Shenoi, S.: A framework for high assurance security of distributed objects (1997)
Hildebrandt, E., Saake, G.: User Authentication in Multidatabase Systems. In: Proceedings of the Ninth International Workshop on Database and Expert Systems Applications, Vienna, Austria, (August 26-28, 1998)
Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: Proceedings of VLDB (2004)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. IEEE S&P, 31–42 (1997)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: SIGMOD (1997)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.J.: Limiting disclosure in hippocratic databases. In: Proceedings of VLDB, pp. 108–119 (2004)
Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptology 14(4), 255–293 (2001)
Li, Feigenbaum, Grosof: A logic-based knowledge representation for authorization with delegation. In: PCSFW: Proceedings of the 12th CSFW (1999)
Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: ISOC Symposium on Network and Distributed Systems Security NDSS (2004)
Mykletun, E., Narasimha, M., Tsudik, G.: Signature Bouquets: Immutability for Aggregated/Condensed Signatures. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 160–176. Springer, Heidelberg (2004)
Narasimha, M., Tsudik, G.: DSAC: integrity for outsourced databases with signature aggregation and chaining. Technical report (2005)
Nyanchama, M., Osborn, S.L.: Access rights administration in role-based security systems. In: Proceedings of the IFIP DBSec, pp. 37–56 (1994)
Osborn, S.L.: Database security integration using role-based access control. In: Proceedings of the IFIP DBSec, pp. 245–258 (2000)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999)
Rasikan, D., Son, S.H., Mukkamala, R.: Supporting security requirements in multilevel real-time databases (1995), http://citeseer.nj.nec.com/david95supporting.html
Sandhu, R.S.: On five definitions of data integrity. In: Proceedings of the IFIP DBSec, pp. 257–267 (1993)
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. Proceedings of the IEEE S&P (2000)
Russell, B., Freeman, W.T.: LabelMe: the open annotation tool., http://labelme.csail.mit.edu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Carbunar, B., Sion, R. (2010). Joining Privately on Outsourced Data. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2010. Lecture Notes in Computer Science, vol 6358. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15546-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-15546-8_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15545-1
Online ISBN: 978-3-642-15546-8
eBook Packages: Computer ScienceComputer Science (R0)