CS573 Data Privacy and Security

Secure data outsourcing – Combining encryption and fragmentation

Combining Fragmentation and Encryption for outsourcing

• Breaking sensitive associations between attributes

Confidentiality Constraints

• Example: constraint {DoB, Zip, Illness}– Okay to release {DoB, Zip}, {Zip}, …

Constraint Example

Basic ideas

• Singleton constraints– encryption

• Association constraints– encryption of any one attribute– Fragmentation of the attributes

Example

Fragmentation

• Classical distributed database design problem (vertical fragmentation)

• Total number of possible fragmentations given N attributes?

• What would be an optimal fragmentation?

Optimal fragmentation

• Correctly enforce constraints• Maximal visibility• Minimal fragmentation– Maximal attribute affinity

• Problem is NP hard

Algorithm without confidentiality constraints

• Without confidentiality constraints - Hierarchical clustering

• With confidentiality constraints?– {s}, {n,d}, {n,z}, {n, i}, {n, p}, {d, z, i}, {d, z, p}

References

• Combining fragmentation and encryption to protect privacy in data storage, TISSEC, 2010

• Fragmentation design for efficient query execution over sensitive distributed databases, ICDCS, 2009