This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Toward Private Joins on Outsourced Data
Sept. 2012 (vol. 24 no. 9)
pp. 1699-1710
Bogdan Carbunar, Florida International University, Miami
Radu Sion, Stony Brook University, Stony Brook
In an outsourced database framework, clients place data management responsibilities with specialized service providers. Of essential concern in such frameworks is data privacy. Potential clients are reluctant to outsource sensitive data to a foreign party without strong privacy assurances beyond policy “fine prints.” In this paper, we introduce a mechanism for executing general binary JOIN operations (for predicates that satisfy certain properties) in an outsourced relational database framework with computational privacy and low overhead—the first, to the best of our knowledge. We illustrate via a set of relevant instances of JOIN predicates, including: range and equality (e.g., for geographical data), Hamming distance (e.g., for DNA matching), and semantics (i.e., in health-care scenarios—mapping antibiotics to bacteria). We experimentally evaluate the main overhead components and show they are reasonable. The initial client computation overhead for 100,000 data items is around 5 minutes and our privacy mechanisms can sustain theoretical throughputs of several million predicate evaluations per second, even for an unoptimized OpenSSL-based implementation.

[1] "Biometrix Int," http:/www.biometrix.at/, 2012.
[2] "International HapMap Project," http:/www.hapmap.org/, 2012.
[3] "TWIRL and RSA Key Size," http://www.rsasecurity.com/rsalabsnode.asp?id=2004 , 2012.
[4] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, "Hippocratic Databases," Proc. Int'l Conf. Very Large Databases (VLDB), pp. 143-154, 2002.
[5] R. Agrawal and R. Srikant, "Privacy-Preserving Data Mining," Proc. ACM SIGMOD Int'l Conf. Management of Data, pp. 439-450, 2000.
[6] E. Bertino, M. Braun, S. Castano, E. Ferrari, and M. Mesiti, "Author-X: A Java-Based System for XML Data Protection," Proc. IFIP Workshop Database Security, pp. 15-26, 2000.
[7] E. Bertino, S. Jajodia, and P. Samarati, "A Flexible Authorization Mechanism for Relational Data Management Systems," ACM Trans. Information Systems, vol. 17, no. 2, pp. 101-140, 1999.
[8] B.H. Bloom, "Space/Time Trade-Offs in Hash Coding with Allowable Errors," Comm. ACM, vol. 13, no. 7, pp. 422-426, 1970.
[9] D. Boneh, G.D. Crescenzo, R. Ostrovsky, and G. Persiano, "Public Key Encryption with Keyword Search," Proc. Ann. Int'l Conf. Theory and Applications Advances in Cryptology (Eurocrypt '04), pp. 506-522, 2004.
[10] A. Broder and M. Mitzenmacher, "Network Applications of Bloom Filters: A Survey," Internet Math., vol. 1, pp. 636-646, 2002.
[11] Y. Chang and M. Mitzenmacher, "Privacy Preserving Keyword Searches on Remote Encrypted Data," Report 2004/051, Cryptology ePrint Archive, http:/eprint.iacr.org/, 2004.
[12] C. Clifton, M. Kantarcioglu, A. Doan, G. Schadow, J. Vaidya, A. Elmagarmid, and D. Suciu, "Privacy-Preserving Data Integration and Sharing," Proc. Ninth ACM SIGMOD Workshop Research Issues in Data Mining and Knowledge Discovery, pp. 19-26, 2004.
[13] C. Clifton and D. Marks, "Security and Privacy Implications of Data Mining," Proc. Workshop Data Mining and Knowledge Discovery, pp. 15-19, 1996.
[14] P.T. Devanbu, M. Gertz, C. Martel, and S.G. Stubblebine, "Authentic Third-Party Data Publication," Proc. IFIP Workshop Database Security, pp. 101-112, 2000.
[15] E. Mykletun, M. Narasimha, and G. Tsudik, "Signature Bouquets: Immutability for Aggregated/Condensed Signatures," Proc. European Symp. Research in Computer Security (ESORICS), pp. 160-176, 2004.
[16] R. Fagin, "Fuzzy Queries in Multimedia Database Systems," PODS '98: Proc. 17th ACM SIGACT-SIGMOD-SIGART Symp. Principles of Database Systems, pp. 1-10, 1998.
[17] L. Fei-Fei, R. Fergus, and P. Perona, "Learning Generative Visual Models from Few Training Examples: An Incremental Bayesian Approach Tested on 101 Object Categories," Proc. IEEE Workshop Generative-Model Based Vision, 2004.
[18] Gartner, Inc. "Server Storage and RAID Worldwide," technical report, Gartner Group/Dataquest, www.gartner.com, 1999.
[19] T. Ge and S.B. Zdonik, "Answering Aggregation Queries in a Secure System Model," Proc. Int'l Conf. Very Large Databases (VLDB), pp. 519-530, 2007.
[20] T. Gevers and A.W.M. Smeulders, "PicToSeek: Combining Color and Shape Invariant Features for Image Retrieval," IEEE Trans. Image Processing, vol. 9, no. 1, pp. 102-119, Jan. 2000.
[21] E. Goh, "Secure Indexes," Report 2003/216, Cryptology ePrint Archive, http://eprint.iacr.org/2003216/, 2003.
[22] O. Goldreich, Foundations of Cryptography. Cambridge Univ. Press, 2001.
[23] P. Golle, J. Staddon, and B. Waters, "Secure Conjunctive Keyword Search over Encrypted Data," Proc. Int'l Conf. Applied Cryptography and Network Security (ACNS), pp. 31-45, 2004.
[24] H. Hacigumus, B. Iyer, C. Li, and S. Mehrotra, "Executing SQL over Encrypted Data in the Database-Service-Provider Model," Proc. ACM SIGMOD Int'l Conf. Management of Data, pp. 216-227, 2002.
[25] H. Hacigumus, B.R. Iyer, and S. Mehrotra, "Providing Database as a Service," Proc. IEEE Int'l Conf. Data Eng. (ICDE), 2002.
[26] J. Hale, J. Threet, and S. Shenoi, "A Framework for High Assurance Security of Distributed Objects," Database Security, Chapman and Hall, 1997.
[27] E. Hildebrandt and G. Saake, "User Authentication in Multidatabase Systems," Proc. Ninth Int'l Workshop Database and Expert Systems Applications, R.R. Wagner, ed., pp. 281-286, 1998.
[28] B. Hore, S. Mehrotra, and G. Tsudik, "A Privacy-Preserving Index for Range Queries," Proc. Int'l Conf. Very Large Databases (VLDB), 2004.
[29] S. Jajodia, P. Samarati, and V.S. Subrahmanian, "A Logical Language for Expressing Authorizations," Proc. IEEE Symp. Security and Privacy, pp. 31-42, 1997.
[30] S. Jajodia, P. Samarati, V.S. Subrahmanian, and E. Bertino, "A Unified Framework for Enforcing Multiple Access Control Policies," Proc. ACM SIGMOD Int'l Conf. Management of Data, 1997.
[31] K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D.J. DeWitt, "Limiting Disclosure in Hippocratic Databases," Proc. Int'l Conf. Very Large Databases (VLDB), pp. 108-119, 2004.
[32] A.K. Lenstra and E.R. Verheul, "Selecting Cryptographic Key Sizes," J. Cryptology, vol. 14, no. 4, pp. 255-293, 2001.
[33] N. Li, J. Feigenbaum, and B. Grosof, "A Logic-Based Knowledge Representation for Authorization with Delegation," CSFW '99: Proc. 12th Computer Security Foundations Workshop, 1999.
[34] M. Narasimha and G. Tsudik, "DSAC: Integrity for Outsourced Databases with Signature Aggregation and Chaining," technical report, 2005.
[35] E. Mykletun, M. Narasimha, and G. Tsudik, "Authentication and Integrity in Outsourced Databases," Proc. ISOC Symp. Network and Distributed Systems Security (NDSS), 2004.
[36] M. Nyanchama and S.L. Osborn, "Access Rights Administration in Role-Based Security Systems," Proc. IFIP Workshop Database Security, pp. 37-56, 1994.
[37] S.L. Osborn, "Database Security Integration Using Role-Based Access Control," Proc. IFIP Workshop Database Security, pp. 245-258, 2000.
[38] P. Paillier, "Public-Key Cryptosystems Based on Composite Degree Residuosity Classes," Proc. Int'l Conf. Theory and Application of Cryptographic Techniques (EuroCrypt), 1999.
[39] D. Rasikan, S.H. Son, and R. Mukkamala, "Supporting Security Requirements in Multilevel Real-Time Databases," technical report, citeseer.nj.nec.comdavid95supporting.html , 1995.
[40] B. Russell, A. Torralba, and W.T. Freeman, "LabelMe: The Open Annotation Tool," http:/labelme.csail.mit.edu/, 2012.
[41] R.S. Sandhu, "On Five Definitions of Data Integrity," Proc. IFIP Workshop Database Security, pp. 257-267, 1993.
[42] R. Sion, "Query Execution Assurance for Outsourced Databases," Proc. Int'l Conf. Very Large Databases (VLDB), 2005.
[43] R. Sion and B. Carbunar, "On the Practicality of Private Information Retrieval," Proc. Network and Distributed Systems Security Symp., 2007.
[44] D.X. Song, D. Wagner, and A. Perrig, "Practical Techniques for Searches on Encrypted Data," SP '00: Proc. IEEE Symp. Security and Privacy, 2000.
[45] Y. Yang, D. Papadias, S. Papadopoulos, and P. Kalnis, "Authenticated Join Processing in Outsourced Databases," Proc. ACM SIGMOD Int'l Conf. Management of Data, pp. 5-18, 2009.

Index Terms:
Servers,Databases,Data models,Encryption,Outsourcing,data encryption,Security and privacy protection
Citation:
Bogdan Carbunar, Radu Sion, "Toward Private Joins on Outsourced Data," IEEE Transactions on Knowledge and Data Engineering, vol. 24, no. 9, pp. 1699-1710, Sept. 2012, doi:10.1109/TKDE.2011.142
Usage of this product signifies your acceptance of the Terms of Use.