21,678 research outputs found
Data-Oblivious Graph Algorithms in Outsourced External Memory
Motivated by privacy preservation for outsourced data, data-oblivious
external memory is a computational framework where a client performs
computations on data stored at a semi-trusted server in a way that does not
reveal her data to the server. This approach facilitates collaboration and
reliability over traditional frameworks, and it provides privacy protection,
even though the server has full access to the data and he can monitor how it is
accessed by the client. The challenge is that even if data is encrypted, the
server can learn information based on the client data access pattern; hence,
access patterns must also be obfuscated. We investigate privacy-preserving
algorithms for outsourced external memory that are based on the use of
data-oblivious algorithms, that is, algorithms where each possible sequence of
data accesses is independent of the data values. We give new efficient
data-oblivious algorithms in the outsourced external memory model for a number
of fundamental graph problems. Our results include new data-oblivious
external-memory methods for constructing minimum spanning trees, performing
various traversals on rooted trees, answering least common ancestor queries on
trees, computing biconnected components, and forming open ear decompositions.
None of our algorithms make use of constant-time random oracles.Comment: 20 page
Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners
The k-nearest neighbors (k-NN) algorithm is a popular and effective
classification algorithm. Due to its large storage and computational
requirements, it is suitable for cloud outsourcing. However, k-NN is often run
on sensitive data such as medical records, user images, or personal
information. It is important to protect the privacy of data in an outsourced
k-NN system.
Prior works have all assumed the data owners (who submit data to the
outsourced k-NN system) are a single trusted party. However, we observe that in
many practical scenarios, there may be multiple mutually distrusting data
owners. In this work, we present the first framing and exploration of privacy
preservation in an outsourced k-NN system with multiple data owners. We
consider the various threat models introduced by this modification. We discover
that under a particularly practical threat model that covers numerous
scenarios, there exists a set of adaptive attacks that breach the data privacy
of any exact k-NN system. The vulnerability is a result of the mathematical
properties of k-NN and its output. Thus, we propose a privacy-preserving
alternative system supporting kernel density estimation using a Gaussian
kernel, a classification algorithm from the same family as k-NN. In many
applications, this similar algorithm serves as a good substitute for k-NN. We
additionally investigate solutions for other threat models, often through
extensions on prior single data owner systems
Privacy of Outsourced Data
Abstract. Data outsourced to an external storage server are usually encrypted since there is the common assumption that all data are equally sensitive. The encrypted data however cannot be efficiently queried and their selective release is not possible or require the application of specific solutions. To overcome these problems, new proposals have been recently developed, which are based on a fragmentation technique possibly combined with encryption. The main advantage of these proposals is that they limit the use of encryption, thus improving query execution efficiency. In this paper, we describe such fragmentation-based approaches focusing in particular on the different data fragmentation models proposed in the literature. We then conclude the paper with a discussion on some research directions
Privacy-preserving data outsourcing in the cloud via semantic data splitting
Even though cloud computing provides many intrinsic benefits, privacy
concerns related to the lack of control over the storage and management of the
outsourced data still prevent many customers from migrating to the cloud.
Several privacy-protection mechanisms based on a prior encryption of the data
to be outsourced have been proposed. Data encryption offers robust security,
but at the cost of hampering the efficiency of the service and limiting the
functionalities that can be applied over the (encrypted) data stored on cloud
premises. Because both efficiency and functionality are crucial advantages of
cloud computing, in this paper we aim at retaining them by proposing a
privacy-protection mechanism that relies on splitting (clear) data, and on the
distributed storage offered by the increasingly popular notion of multi-clouds.
We propose a semantically-grounded data splitting mechanism that is able to
automatically detect pieces of data that may cause privacy risks and split them
on local premises, so that each chunk does not incur in those risks; then,
chunks of clear data are independently stored into the separate locations of a
multi-cloud, so that external entities cannot have access to the whole
confidential data. Because partial data are stored in clear on cloud premises,
outsourced functionalities are seamlessly and efficiently supported by just
broadcasting queries to the different cloud locations. To enforce a robust
privacy notion, our proposal relies on a privacy model that offers a priori
privacy guarantees; to ensure its feasibility, we have designed heuristic
algorithms that minimize the number of cloud storage locations we need; to show
its potential and generality, we have applied it to the least structured and
most challenging data type: plain textual documents
Dodrant-Homomorphic Encryption for Cloud Databases using Table Lookup
Users of large commercial databases increasingly want to outsource their database operations to a cloud service providers, but guaranteeing the privacy of data in an outsourced database has become the major obstacle to this move. Encrypting all data solves the privacy issue, but makes many operations on the data impossible in the cloud, unless the service provider has the capacity to decrypt data temporarily. Homomorphic encryption would solve this issue, but despite great and on-going progress, it is still far from being operationally feasible. In 2015, we presented what we now call dodrant-homomorphic encryption, a method that encrypts numeric values deterministically using the additively homomorphic Paillier encryption and uses table lookup in order to implement multiplications. We discuss here the security implications of determinism and discuss options to avoid these pitfalls
- …