Transcription

1 DEIM Forum 207 H DBaaS m. Database as a ServiceDBaaSDBaaS Amazon Relational Database Service []Google Cloud Bigtable [2] DBaaS DBMS DBaaS [7, 2] DBaaS index B+ [5] [4] Oblivious Secure Index TraversalOSIT [6,7] OSIT, m OSIT Hacigümüş [7]

2 [7] Hore [8] Mykletun [0] Ge [6] k 20 Popa CryptDB [2] CryptDB RND DET Paillier [] CryptDB Stephen CryptDB Monomi [3] 2. CryptDB Index Search Wang [4] R [5] R Hu Oblivious Index Traversal [9] B+ Paillier [4] DBaaS DBaaS DBaaS q DBaaS 3.. DBaaS semi-honest 3. 2 m, m 2 E(m ), E(m 2) E(m + m 2) lifted-elgamal Paillier [] Paillier Paillier Paillier 4 sk = (p, q) pk = (n, g) p, q n g k Z n g = + kn mod n 2 m pk E(m) = g m r n mod n 2 r r Z n 2 r E(m) sk m E(m), E(m ) E(m + m ) E(m ) = g m s n mod n 2 E(m + m ) E(m) E(m ) = g m+m (r s) n mod n 2 = E(m + m ) () 2 E(m) a E(am) E(am) 2 E(m) a = g am r n mod n 2 = E(am) (2)

3 4. OSIT Oblivious Secure Index TraversalOSIT 4. D = {r i} r i = (A, A 2,..., A j) A A Q 3 min max A Q(min, max) := {r i D min < = r i.a < = max} (3) D, min, max Q 3. Q OSIT OSIT D I i E(e i), E(r i) 4 e i r i A e i = r i.ai e I : i h(i) E(e i), E(r i) + (4) E( ) e i r i I = N e i, r i e i E(e i), E(r i) h(i) i h( ) Algorithm ObliviousSecureIndexT raversal (client side) Require: N, h( ), min, max Ensure: Result = Q(min, max) : Result {} 2: i min getrecordindex(n, min, < = ) 3: i max getrecordindex(n, max, > ) 4: for i : i min to i max do 5: h(i) E(r i ) 6: r i D(E(r i )) 7: Result.add(r i ) 8: end for Algorithm 2 getrecordindex (client side) Require: N, q, type Ensure: i q : i q null 2: (l, u) (, N) 3: E(q) 4: while l < (u ) do 5: (l, u) m i (m ) 6: h(i ), h(i 2 ),..., h(i m ) 7: procedure at server 8: for j : i to i m do 9: h(j) E(e j ) 0: E(c) {E(e j ) E(q) } r : E(c) 2: end for 3: end procedure 4: E(c ), E(c 2 ),..., E(c m ) 5: c, c 2,..., c m (l, u) 6: end while 7: if l = N or u = then 8: if type is < = then 9: i q u 20: else if type is > then 2: i q l 22: end if 23: end if I SI EI SI, EI 5 6 SI : i h(i) (5) EI : h(i) E(e i), E(r i) + (6) i h(i) SI h(i) E(e i), E(r i) + EI E(e i), E(r i) + E(e i) 4. 3 I Algorithm OSIT I I

4 E( ) D( ) [min, max) I min A i min max A i max I EI EI i min i max Q(min, max) I Algorithm2 I e q e i, q e i q 4. 2 q (l, u) (m ) h(i ), h(i 2),..., h(i m ) h(i) E(e i) E(c) = {E(e j) E(q) } r Paillier E(r(e i q)) E(e i q) e i 3 E(e i q) r r E(c) c 5. OSIT N e 2 N e 2 N 2 N e 4 N e 4 N 4 N 3 4 N e 2 N [5] 5. m k k 6 k k E(c ), E(c 2),..., E(c k ) 2 m (l, u) m 2 (l, u) m m (l, u) k (m ) m E(c ), E(c 2),..., E(c m ),..., E(c k ) (l, u) 5. 2 A A = (e,..., e i,..., e N ) (7) i j, i < j e i < e j A e i A A 8 A = {e, e 2,..., e N } (8) e i A A A A e A e A < = j < = N j e e j N A AccessLog 9 AccessLog = (e q,..., e qk e qi A ) (9) e AccessLog e i A < = i < = N i N e A AccessLog e A

5 . k e j A e i A P (e j, e i) e q, e q2..., e qk AccessLog e qj e i A 0 P (e qj, e i) = N (0) 2 2 m A m A e e N m e N m i ( < = i < = m ) e j( < = j < = m ) e N m i ( < = i < = m ) i j [, m ], P (e j, e N m i ) = m > N () 2 2 e i( < = i < = N) m P (e, e i) 2 P (e, e i) (2) = m k N l=m N l+ f(l, s, i) N l + e = f(l, s, i) l s m m { if i = l m m f(l, s, i) = j + s ( j, < = j < = m ) 0 if otherwise N l+ 2 f(l, e, i) m e = N l m f(l, e, i) m P (e, e i) < = < = = N l=m N m+2 log() N l + (3) dx (4) x (5) k 6 2 P (e j, e i) < = N k > = N(m ) log() P (e j, e i) < = N (6) 5. 3 m m t comm, t comp, t dec 2 2 t comm t comp t dec Cost 7 Cost = t comm + t comp + t dec (7) m k t comm, t comp, t dec k 2 m t comm, t comp k t dec m m 2 k 2 2 k m k 8 m 2 < = m Cost first (m, k) = k(t comm + t comp + t dec ) (8) Cost otherwise (m, k) = k(t comm + t comp) + (m )t dec 2 m m 2 m N 2 log(n k)/log(m) 2 Cost otherwise (m, k) log(n + )/log(m) 3 3 N 9

6 2 TotalCost(N, m, k) (9) = Cost first (m, k) + log(n k)/log(m) Cost otherwise (m, k) k, m 6 m k t comm, t comp, t dec m, k 9 m, k Mac OS XIntel Core CPU4GB RAM Ubuntu 2.04Intel Xeon 2.3GHz CPU2GB RAM Java JRE 64bit version.8 Paillier [3] 6. 2 m = 2 N = k = m t comm 9.60 t comp 0.02 t dec m m 2 40 k 6 N = 00, 000 m m = 2 7. Oblivious Secure Index TraversalOSIT JSPS (C) JP6K SKY (CPE276K) SKYSEA Client View [] Amazon Relational Database Service. amazon.com/rds/. [2] Google Cloud Bigtable. bigtable/. [3] Google Code Archive (thep).

7 archive/p/thep/. [4] Ian F Blake and Vladimir Kolesnikov. Strong conditional oblivious transfer and computing on intervals. In International Conference on the Theory and Application of Cryptology and Information Security, pp Springer, [5] Alexandra Boldyreva, Nathan Chenette, Younho Lee, AdamO neill. Order-preserving symmetric encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp Springer, [6] Tingjian Ge and Stan Zdonik. Answering aggregation queries in a secure system model. In Proceedings of the 33rd international conference on Very large data bases, pp VLDB Endowment, [7] Hakan Hacigümüş, Bala Iyer, Chen Li, and Sharad Mehrotra. Executing sql over encrypted data in the databaseservice-provider model. In Proceedings of the 2002 ACM SIGMOD international conference on Management of data, pp ACM, [8] Bijit Hore, Sharad Mehrotra, and Gene Tsudik. A privacypreserving index for range queries. In Proceedings of the Thirtieth international conference on Very large data bases- Volume 30, pp VLDB Endowment, [9] Haibo Hu, Jianliang Xu, Xizhong Xu, Kexin Pei, Byron Choi, and Shuigeng Zhou. Private search on key-value stores with hierarchical indexes. In 204 IEEE 30th International Conference on Data Engineering, pp IEEE, 204. [0] Einar Mykletun and Gene Tsudik. Aggregation queries in the database-as-a-service model. In IFIP Annual Conference on Data and Applications Security and Privacy, pp Springer, [] Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In International Conference on the Theory and Applications of Cryptographic Techniques, pp Springer, 999. [2] Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan. Cryptdb: processing queries on an encrypted database. Communications of the ACM, Vol. 55, No. 9, pp. 03, 202. [3] Stephen Tu, M Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich. Processing analytical queries over encrypted data. In Proceedings of the VLDB Endowment, Vol. 6, pp VLDB Endowment, 203. [4] Peng Wang and Chinya V Ravishankar. Secure and efficient range queries on outsourced databases using rp-trees. In Data Engineering (ICDE), 203 IEEE 29th International Conference on, pp IEEE, 203. [5] Wai Kit Wong, David Wai-lok Cheung, Ben Kao, and Nikos Mamoulis. Secure knn computation on encrypted databases. In Proceedings of the 2009 ACM SIGMOD International Conference on Management of data, pp ACM, [6],,. Daas. 7 DEIM 205, 205. [7],,. osit-bs. 8 DEIM 206, 206.