A Privacy-Preserving Index for Range Queries

1
A Privacy-Preserving Index for Range Queries

• Bijit Hore, Sharad Mehrotra, Gene Tsudik
• Keiichi Shimamura

2
Background

• Rise in use of cloud services
• Outsourcing of IT infrastructure
• Increasing use of Database As a Service (DAS)

3
Database as a Service

• Data is stored at service provider
• Service provider cannot be trusted
• Security perimeter around data owner
• Client is secure and trusted
• Server (service provider) is not trusted

4
Problem

• How to maintain security and privacy using DAS?
• How to estimate and analyze the effectiveness of
  the solution?

5
Solution

• Split the query into two parts
• Insecure query that runs on the server
• Secure query that runs on the client
• Bucketization for range queries

6
Encryption and Bucketization
7
Tradeoff

• Larger buckets ? more privacy
• Smaller buckets ? more performance
• Want maximum privacy and performance
• Reality tradeoff between privacy and performance

8
Optimizing Buckets for Performance
9
Breaking Bucketization

• With knowledge of
• Bucketization scheme
• Probability distribution in each bucket
• the attacker can form statistical estimates of
  the values of attributes used in bucketization

10
Protecting Against Attacks

• Increase variance of values in a bucket
• More different values in each bucket weakens
  statistical estimates
• Increasing variance of one bucket lowers the
  variance of others
• Add entropy
• More values in each bucket weakens statistical
  estimates
• More rows are returned per bucket, decreasing
  performance

11
Variance and Entropy
12
Compromise

• Maximize variance and entropy for most privacy
• Specify a maximum performance degradation
• Redistribute elements from optimized buckets to
  composite buckets

13
Diffusion
14
Precision Results
15
Variance Results
16
Entropy Results
17
Privacy vs. Performance
18
Conclusion

• Tradeoff between privacy and performance
• Provides a solution for range queries that
• Maximizes privacy
• Limits performance degradation