3,776 research outputs found
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Secret charing vs. encryption-based techniques for privacy preserving data mining
Privacy preserving querying and data publishing has been studied in the context of statistical databases and statistical disclosure control. Recently, large-scale data collection and integration efforts increased privacy concerns which motivated data mining researchers to investigate privacy implications of data mining and how data mining can be performed without violating privacy. In this paper, we first provide an overview of privacy preserving data mining focusing on distributed data sources, then we compare two technologies used in privacy preserving data mining. The first technology is encryption based, and it is used in earlier approaches. The second technology is secret-sharing which is recently being considered as a more efficient approach
Generalized Interference Alignment --- Part I: Theoretical Framework
Interference alignment (IA) has attracted enormous research interest as it
achieves optimal capacity scaling with respect to signal to noise ratio on
interference networks. IA has also recently emerged as an effective tool in
engineering interference for secrecy protection on wireless wiretap networks.
However, despite the numerous works dedicated to IA, two of its fundamental
issues, i.e., feasibility conditions and transceiver design, are not completely
addressed in the literature. In this two part paper, a generalised interference
alignment (GIA) technique is proposed to enhance the IA's capability in secrecy
protection. A theoretical framework is established to analyze the two
fundamental issues of GIA in Part I and then the performance of GIA in
large-scale stochastic networks is characterized to illustrate how GIA benefits
secrecy protection in Part II. The theoretical framework for GIA adopts
methodologies from algebraic geometry, determines the necessary and sufficient
feasibility conditions of GIA, and generates a set of algorithms that can solve
the GIA problem. This framework sets up a foundation for the development and
implementation of GIA.Comment: Minor Revision at IEEE Transactions on Signal Processin
Private Multi-party Matrix Multiplication and Trust Computations
This paper deals with distributed matrix multiplication. Each player owns
only one row of both matrices and wishes to learn about one distinct row of the
product matrix, without revealing its input to the other players. We first
improve on a weighted average protocol, in order to securely compute a
dot-product with a quadratic volume of communications and linear number of
rounds. We also propose a protocol with five communication rounds, using a
Paillier-like underlying homomorphic public key cryptosystem, which is secure
in the semi-honest model or secure with high probability in the malicious
adversary model. Using ProVerif, a cryptographic protocol verification tool, we
are able to check the security of the protocol and provide a countermeasure for
each attack found by the tool. We also give a randomization method to avoid
collusion attacks. As an application, we show that this protocol enables a
distributed and secure evaluation of trust relationships in a network, for a
large class of trust evaluation schemes.Comment: Pierangela Samarati. SECRYPT 2016 : 13th International Conference on
Security and Cryptography, Lisbonne, Portugal, 26--28 Juillet 2016. 201
Entangled cloud storage
Entangled cloud storage (Aspnes et al., ESORICS 2004) enables a set of clients to “entangle” their files into a single clew to be stored by a (potentially malicious) cloud provider. The entanglement makes it impossible to modify or delete significant part of the clew without affecting all files encoded in the clew. A clew keeps the files in it private but still lets each client recover his own data by interacting with the cloud provider; no cooperation from other clients is needed. At the same time, the cloud provider is discouraged from altering or overwriting any significant part of the clew as this will imply that none of the clients can recover their files. We put forward the first simulation-based security definition for entangled cloud storage, in the framework of universal composability (Canetti, 2001). We then construct a protocol satisfying our security definition, relying on an entangled encoding scheme based on privacy-preserving polynomial interpolation; entangled encodings were originally proposed by Aspnes et al. as useful tools for the purpose of data entanglement. As a contribution of independent interest we revisit the security notions for entangled encodings, putting forward stronger definitions than previous work (that for instance did not consider collusion between clients and the cloud provider). Protocols for entangled cloud storage find application in the cloud setting, where clients store their files on a remote server and need to be ensured that the cloud provider will not modify or delete their data illegitimately. Current solutions, e.g., based on Provable Data Possession and Proof of Retrievability, require the server to be challenged regularly to provide evidence that the clients’ files are stored at a given time. Entangled cloud storage provides an alternative approach where any single client operates implicitly on behalf of all others, i.e., as long as one client's files are intact, the entire remote database continues to be safe and unblemishe
Lagrange Coded Computing: Optimal Design for Resiliency, Security and Privacy
We consider a scenario involving computations over a massive dataset stored
distributedly across multiple workers, which is at the core of distributed
learning algorithms. We propose Lagrange Coded Computing (LCC), a new framework
to simultaneously provide (1) resiliency against stragglers that may prolong
computations; (2) security against Byzantine (or malicious) workers that
deliberately modify the computation for their benefit; and (3)
(information-theoretic) privacy of the dataset amidst possible collusion of
workers. LCC, which leverages the well-known Lagrange polynomial to create
computation redundancy in a novel coded form across workers, can be applied to
any computation scenario in which the function of interest is an arbitrary
multivariate polynomial of the input dataset, hence covering many computations
of interest in machine learning. LCC significantly generalizes prior works to
go beyond linear computations. It also enables secure and private computing in
distributed settings, improving the computation and communication efficiency of
the state-of-the-art. Furthermore, we prove the optimality of LCC by showing
that it achieves the optimal tradeoff between resiliency, security, and
privacy, i.e., in terms of tolerating the maximum number of stragglers and
adversaries, and providing data privacy against the maximum number of colluding
workers. Finally, we show via experiments on Amazon EC2 that LCC speeds up the
conventional uncoded implementation of distributed least-squares linear
regression by up to , and also achieves a
- speedup over the state-of-the-art straggler
mitigation strategies
- …