Bijit Hore, Sharad Mehrotra, Gene Tsudik

Keiichi Shimamura

Rise in use of cloud servicesOutsourcing of IT infrastructure Increasing use of Database As a

Service (DAS)

Data is stored at service providerService provider cannot be trustedSecurity perimeter around data

owner Client is secure and trusted Server (service provider) is not trusted

How to maintain security and privacy using DAS?

How to estimate and analyze the effectiveness of the solution?

Split the query into two parts Insecure query that runs on the server Secure query that runs on the client

Bucketization for range queries

Larger buckets → more privacySmaller buckets → more

performance

Want: maximum privacy and performance

Reality: tradeoff between privacy and performance

With knowledge of Bucketization scheme Probability distribution in each bucket

the attacker can form statistical estimates of the values of attributes used in bucketization

Increase variance of values in a bucket More different values in each bucket

weakens statistical estimates Increasing variance of one bucket lowers

the variance of others Add entropy

More values in each bucket weakens statistical estimates

More rows are returned per bucket, decreasing performance

Maximize variance and entropy for most privacy

Specify a maximum performance degradation

Redistribute elements from “optimized buckets” to “composite buckets”

Tradeoff between privacy and performance

Provides a solution for range queries that Maximizes privacy Limits performance degradation