1,758 research outputs found
k-Nearest Neighbor Classification over Semantically Secure Encrypted Relational Data
Data Mining has wide applications in many areas such as banking, medicine,
scientific research and among government agencies. Classification is one of the
commonly used tasks in data mining applications. For the past decade, due to
the rise of various privacy issues, many theoretical and practical solutions to
the classification problem have been proposed under different security models.
However, with the recent popularity of cloud computing, users now have the
opportunity to outsource their data, in encrypted form, as well as the data
mining tasks to the cloud. Since the data on the cloud is in encrypted form,
existing privacy preserving classification techniques are not applicable. In
this paper, we focus on solving the classification problem over encrypted data.
In particular, we propose a secure k-NN classifier over encrypted data in the
cloud. The proposed k-NN protocol protects the confidentiality of the data,
user's input query, and data access patterns. To the best of our knowledge, our
work is the first to develop a secure k-NN classifier over encrypted data under
the semi-honest model. Also, we empirically analyze the efficiency of our
solution through various experiments.Comment: 29 pages, 2 figures, 3 tables arXiv admin note: substantial text
overlap with arXiv:1307.482
Secured Data Masking Framework and Technique for Preserving Privacy in a Business Intelligence Analytics Platform
The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify, Map, Apply, Sign, Keep testing, Utilize) for a BI platform to protect the data at rest, preserve the data format, and maintain the data utility on-the-fly querying level. A new reversible data masking technique (COntent BAsed Data masking - COBAD) is developed as an implementation of iMaskU. The masking algorithm in COBAD is based on the statistical content of the extracted dataset, so that, the masked data cannot be linked with specific individuals or be re-identified by any means.
The strength of the re-identification risk factor for the COBAD technique has been computed using a supercomputer where, three security scheme/attacking methods are considered, a) the brute force attack, needs, on average, 55 years to crack the key of each record; b) the dictionary attack, needs 231 days to crack the same key for the entire extracted dataset (containing 50,000 records), c) a data linkage attack, the re-identification risk is very low when the common linked attributes are used. The performance validation of COBAD masking technique has been conducted. A database schema of 1GB is used in TPC-H decision support benchmark. The performance evaluation for the execution time of the selected TPC-H queries presented that the COBAD speed results are much better than AES128 and 3DES encryption. Theoretical and experimental results show that the proposed solution provides a reasonable trade-off between data security and the utility of re-identified data
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
Secure k-Nearest Neighbor Query over Encrypted Data in Outsourced Environments
For the past decade, query processing on relational data has been studied
extensively, and many theoretical and practical solutions to query processing
have been proposed under various scenarios. With the recent popularity of cloud
computing, users now have the opportunity to outsource their data as well as
the data management tasks to the cloud. However, due to the rise of various
privacy issues, sensitive data (e.g., medical records) need to be encrypted
before outsourcing to the cloud. In addition, query processing tasks should be
handled by the cloud; otherwise, there would be no point to outsource the data
at the first place. To process queries over encrypted data without the cloud
ever decrypting the data is a very challenging task. In this paper, we focus on
solving the k-nearest neighbor (kNN) query problem over encrypted database
outsourced to a cloud: a user issues an encrypted query record to the cloud,
and the cloud returns the k closest records to the user. We first present a
basic scheme and demonstrate that such a naive solution is not secure. To
provide better security, we propose a secure kNN protocol that protects the
confidentiality of the data, user's input query, and data access patterns.
Also, we empirically analyze the efficiency of our protocols through various
experiments. These results indicate that our secure protocol is very efficient
on the user end, and this lightweight scheme allows a user to use any mobile
device to perform the kNN query.Comment: 23 pages, 8 figures, and 4 table
Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective
Rapid advances in human genomics are enabling researchers to gain a better
understanding of the role of the genome in our health and well-being,
stimulating hope for more effective and cost efficient healthcare. However,
this also prompts a number of security and privacy concerns stemming from the
distinctive characteristics of genomic data. To address them, a new research
community has emerged and produced a large number of publications and
initiatives.
In this paper, we rely on a structured methodology to contextualize and
provide a critical analysis of the current knowledge on privacy-enhancing
technologies used for testing, storing, and sharing genomic data, using a
representative sample of the work published in the past decade. We identify and
discuss limitations, technical challenges, and issues faced by the community,
focusing in particular on those that are inherently tied to the nature of the
problem and are harder for the community alone to address. Finally, we report
on the importance and difficulty of the identified challenges based on an
online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies
(PoPETs), Vol. 2019, Issue
Articulation Point Based Quasi Identifier Detection for Privacy Preserving in Distributed Environment
These days, huge data size requires high-end resources to be stored in IT organizations premises. They depend on cloud for additional resource necessities. Since cloud is a third-party, we cannot guarantee high security for our information as it might be misused. This necessitates the need of privacy in data before sharing to the cloud. Numerous specialists proposed several methods, wherein they attempt to discover explicit identifiers and sensitive data before distributing it. But, quasi-identifiers are attributes which can spill data of explicit identifiers utilizing background knowledge. Analysts proposed strategies to find quasi- identifiers with the goal that these properties can likewise be considered for implementing privacy. But, these techniques suffer from many drawbacks like higher time consumption and extract more quasi identifiers which decreases data utility. The proposed work overcomes this drawback by extracting minimum required quasi attributes with minimum time complexity
- …