A Privacy-Preserving Index for Range Queries
description
Transcript of A Privacy-Preserving Index for Range Queries
Bijit Hore, Sharad Mehrotra, Gene Tsudik
Keiichi Shimamura
Rise in use of cloud servicesOutsourcing of IT infrastructure Increasing use of Database As a
Service (DAS)
Data is stored at service providerService provider cannot be trustedSecurity perimeter around data
owner Client is secure and trusted Server (service provider) is not trusted
How to maintain security and privacy using DAS?
How to estimate and analyze the effectiveness of the solution?
Split the query into two parts Insecure query that runs on the server Secure query that runs on the client
Bucketization for range queries
Larger buckets → more privacySmaller buckets → more
performance
Want: maximum privacy and performance
Reality: tradeoff between privacy and performance
With knowledge of Bucketization scheme Probability distribution in each bucket
the attacker can form statistical estimates of the values of attributes used in bucketization
Increase variance of values in a bucket More different values in each bucket
weakens statistical estimates Increasing variance of one bucket lowers
the variance of others Add entropy
More values in each bucket weakens statistical estimates
More rows are returned per bucket, decreasing performance
Maximize variance and entropy for most privacy
Specify a maximum performance degradation
Redistribute elements from “optimized buckets” to “composite buckets”
Tradeoff between privacy and performance
Provides a solution for range queries that Maximizes privacy Limits performance degradation