research-article

Obscure: information-theoretic oblivious and verifiable aggregation queries

Authors:

Sharad Mehrotra,

Shantanu Sharma,

Sumaya AlmaneeAuthors Info & Claims

Proceedings of the VLDB Endowment, Volume 12, Issue 9

Pages 1030 - 1043

https://doi.org/10.14778/3329772.3329779

Published: 01 May 2019 Publication History

Abstract

Despite extensive research on cryptography, secure and efficient query processing over outsourced data remains an open challenge. We develop communication-efficient and information-theoretically secure algorithms for privacy-preserving aggregation queries using multi-party computation (MPC). Specifically, query processing techniques over secret-shared data outsourced by single or multiple database owners are developed. These algorithms allow a user to execute queries on the secret-shared database and also prevent the network and the (adversarial) clouds to learn the user's queries, results, or the database. We further develop (non-mandatory) privacy-preserving result verification algorithms that detect malicious behaviors, and experimentally validate the efficiency of our approach over large datasets, the size of which prior approaches to secret-sharing or MPC systems have not scaled to.

References

[1]

MariaDB, available at:https://mariadb.com/.

[2]

https://shattered.io/.

[3]

Stealth Pulsar, available at:http://www.stealthsoftwareinc.com/.

[4]

https://www.csoonline.com/article/3237685/identity-management/biometrics-and-blockchains-the-horcrux-protocol-part-3.html.

[5]

https://bitcoinexchangeguide.com/binance-pays-6-cent-fee-for-moving-204-million-worth-of-ethereum-eth/.

[6]

https://cryptoslate.com/thailands-democrat-party-holds-first-ever-election-vote-with-blockchain-technology/.

[7]

https://blockonomi.com/coinbase-moves-5-billion-crypto/.

[8]

R. Agrawal and C. M. Johnson. Securing electronic health records without impeding the flow of information. I. J. Medical Informatics, 76(5--6):471--479, 2007.

[9]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order-preserving encryption for numeric data. In Proceedings of the ACM SIGMOD International Conference on Management of Data, Paris, France, June 13--18, 2004, pages 563--574. ACM, 2004.

Digital Library

[10]

D. W. Archer, D. Bogdanov, Y. Lindell, L. Kamm, K. Nielsen, J. I. Pagter, N. P. Smart, and R. N. Wright. From keys to databases - real-world applications of secure multi-party computation. IACR Cryptology ePrint Archive, 2018:450, 2018.

[11]

S. Bajaj and R. Sion. Correctdb: SQL engine with practical query authentication. PVLDB, 6(7):529--540, 2013.

Digital Library

[12]

A. Beimel. Secret-sharing schemes: A survey. In Coding and Cryptology - Third International Workshop, IWCC 2011, Qingdao, China, May 30-June 3, 2011. Proceedings, pages 11--46, 2011.

[13]

D. Bogdanov, S. Laur, and J. Willemson. Sharemind: A framework for fast privacy-preserving computations. In S. Jajodia and J. López, editors, Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, Málaga, Spain, October 6--8, 2008. Proceedings, volume 5283 of Lecture Notes in Computer Science, pages 192--206. Springer, 2008.

Digital Library

[14]

K. Bonawitz, V. Ivanov, B. Kreuter, A. Marcedone, H. B. McMahan, S. Patel, D. Ramage, A. Segal, and K. Seth. Practical secure aggregation for privacy-preserving machine learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, pages 1175--1191. ACM, 2017.

Digital Library

[15]

M. Burkhart, M. Strasser, D. Many, and X. A. Dimitropoulos. SEPIA: privacy-preserving aggregation of multi-domain network events and statistics. In 19th USENIX Security Symposium, Washington, DC, USA, August 11--13, 2010, Proceedings, pages 223--240. USENIX Association, 2010.

[16]

R. Canetti. Security and composition of multiparty cryptographic protocols. J. Cryptology, 13(1):143--202, 2000.

Digital Library

[17]

R. Canetti, U. Feige, O. Goldreich, and M. Naor. Adaptively secure multi-party computation. In Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22--24, 1996, pages 639--648, 1996.

Digital Library

[18]

C. Chu and W. Tzeng. Efficient k-out-of-n oblivious transfer schemes with adaptive and non-adaptive queries. In Public Key Cryptography - PKC 2005, 8th International Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets, Switzerland, January 23--26, 2005, Proceedings, pages 172--183, 2005.

Digital Library

[19]

R. M. Corless and N. Fillion. A graduate introduction to numerical methods. AMC, 10:12, 2013.

Digital Library

[20]

H. Corrigan-Gibbs and D. Boneh. Prio: Private, robust, and scalable computation of aggregate statistics. In 14th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2017, Boston, MA, USA, March 27--29, 2017, pages 259--282, 2017.

Digital Library

[21]

R. Cramer, I. Damgård, and J. B. Nielsen. Secure Multiparty Computation and Secret Sharing. Cambridge University Press, 2015.

Digital Library

[22]

I. Damgård, M. Fitzi, E. Kiltz, J. B. Nielsen, and T. Toft. Unconditionally secure constant-rounds multi-party computation for equality, comparison, bits and exponentiation. In Theory of Cryptography, Third Theory of Cryptography Conference, TCC 2006, New York, NY, USA, March 4--7, 2006, Proceedings, pages 285--304, 2006.

Digital Library

[23]

S. Dolev, N. Gilboa, and X. Li. Accumulating automata and cascaded equations automata for communicationless information theoretically secure multi-party computation: Extended abstract. In Proceedings of the 3rd International Workshop on Security in Cloud Computing, SCC@ASIACCS '15, Singapore, Republic of Singapore, April 14, 2015, pages 21--29, 2015.

Digital Library

[24]

S. Dolev, Y. Li, and S. Sharma. Private and secure secret shared MapReduce (extended abstract). In Data and Applications Security and Privacy XXX - 30th Annual IFIP WG 11.3 Conference, DBSec 2016, Trento, Italy, July 18--20, 2016. Proceedings, pages 151--160, 2016.

[25]

F. Emekçi, D. Agrawal, A. El Abbadi, and A. Gulbeden. Privacy preserving query processing using third parties. In Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, 3--8 April 2006, Atlanta, GA, USA, page 27, 2006.

Digital Library

[26]

F. Emekçi, A. Metwally, D. Agrawal, and A. El Abbadi. Dividing secrets to secure data outsourcing. Inf. Sci., 263:198--210, 2014.

Digital Library

[27]

J. Frankle, S. Park, D. Shaar, S. Goldwasser, and D. J. Weitzner. Practical accountability of secret processes. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018., pages 657--674, 2018.

Digital Library

[28]

M. J. Freedman, Y. Ishai, B. Pinkas, and O. Reingold. Keyword search and oblivious pseudorandom functions. In Theory of Cryptography, Second Theory of Cryptography Conference, TCC 2005, Cambridge, MA, USA, February 10--12, 2005, Proceedings, pages 303--324, 2005.

Digital Library

[29]

C. Gentry. A fully homomorphic encryption scheme. PhD thesis, Stanford University, 2009.

Digital Library

[30]

D. M. Goldschlag, M. G. Reed, and P. F. Syverson. Onion routing. Commun. ACM, 42(2):39--41, 1999.

Digital Library

[31]

S. Goldwasser and S. Micali. Probabilistic encryption. J. Comput. Syst. Sci., 28(2):270--299, 1984.

[32]

P. Gupta, Y. Li, S. Mehrotra, N. Panwar, S. Sharma, and S. Almanee. Obscure: Information-theoretic oblivious and verifiable aggregation queries. Technical Report, UCI, 2019. https://isg.ics.uci.edu/publications/.

Digital Library

[33]

H. Hacigümüs, B. R. Iyer, C. Li, and S. Mehrotra. Executing SQL over encrypted data in the database-service-provider model. In Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, USA, June 3--6, 2002, pages 216--227, 2002.

Digital Library

[34]

M. A. Hadavi, E. Damiani, R. Jalili, S. Cimato, and Z. Ganjei. AS5: A secure searchable secret sharing scheme for privacy preserving database outsourcing. In Data Privacy Management and Autonomous Spontaneous Security, 7th International Workshop, DPM 2012, and 5th International Workshop, SETOP 2012, Pisa, Italy, September 13--14, 2012. Revised Selected Papers, pages 201--216, 2012.

[35]

W. Jiang, C. Clifton, and M. Kantarcioglu. Transforming semi-honest protocols to ensure accountability. Data Knowl. Eng., 65(1):57--74, 2008.

Digital Library

[36]

M. Naveed, S. Kamara, and C. V. Wright. Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12--6, 2015, pages 644--655, 2015.

Digital Library

[37]

C. Orlandi. Is multiparty computation any good in practice? In Proceedings of the IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2011, May 22--27, 2011, Prague Congress Center, Prague, Czech Republic, pages 5848--5851, 2011.

[38]

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. CryptDB: processing queries on an encrypted database. Commun. ACM, 55(9):103--111, 2012.

Digital Library

[39]

A. Rajan, L. Qin, D. W. Archer, D. Boneh, T. Lepoint, and M. Varia. Callisto: A cryptographic approach to detecting serial perpetrators of sexual misconduct. In Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies, COMPASS 2018, Menlo Park and San Jose, CA, USA, June 20--22, 2018, pages 49:1--49:4, 2018.

Digital Library

[40]

A. Shamir. How to share a secret. Commun. ACM, 22(11):612--613, 1979.

Digital Library

[41]

D. X. Song, D. A. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In IEEE Symposium on Security and Privacy, pages 44--55. IEEE Computer Society, 2000.

Digital Library

[42]

B. Thompson, S. Haber, W. G. Horne, T. Sander, and D. Yao. Privacy-preserving computation and verification of aggregate queries on outsourced databases. In Privacy Enhancing Technologies, 9th International Symposium, PETS 2009, Seattle, WA, USA, August 5--7, 2009. Proceedings, pages 185--201, 2009.

Digital Library

[43]

S. Tu, M. F. Kaashoek, S. Madden, and N. Zeldovich. Processing analytical queries over encrypted data. PVLDB, 6(5):289--300, 2013.

Digital Library

[44]

C. Wang, N. Cao, J. Li, K. Ren, and W. Lou. Secure ranked keyword search over encrypted cloud data. In 2010 International Conference on Distributed Computing Systems, ICDCS 2010, Genova, Italy, June 21--25, 2010, pages 253--262, 2010.

Digital Library

[45]

T. Xiang, X. Li, F. Chen, S. Guo, and Y. Yang. Processing secure, verifiable and efficient SQL over outsourced database. Inf. Sci., 348:163--178, 2016.

Digital Library

[46]

S. Yu, C. Wang, K. Ren, and W. Lou. Attribute based data sharing with attribute revocation. In D. Feng, D. A. Basin, and P. Liu, editors, Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, Beijing, China, April 13--16, 2010, pages 261--270. ACM, 2010.

Digital Library

Cited By

Sharma SLi YMehrotra SPanwar NKumari KRoychoudhury S(2023)Information-Theoretically Secure and Highly Efficient Search and Row RetrievalProceedings of the VLDB Endowment10.14778/3603581.360358216:10(2391-2403)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.14778/3603581.3603582
Kurnia FVenkataramani A(2023)Oblivious PaxosProceedings of the 2023 ACM Symposium on Cloud Computing10.1145/3620678.3624647(65-80)Online publication date: 30-Oct-2023
https://dl.acm.org/doi/10.1145/3620678.3624647
Mirval JBouganim LSandu Popa I(2023)Federated Learning on Personal Data Management Systems: Decentralized and Reliable Secure Aggregation ProtocolsProceedings of the 35th International Conference on Scientific and Statistical Database Management10.1145/3603719.3603730(1-12)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3603719.3603730
Show More Cited By

Index Terms

Obscure: information-theoretic oblivious and verifiable aggregation queries
1. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Database query processing and optimization (theory)

Index terms have been assigned to the content through auto-classification.

Recommendations

Obscure: Information-Theoretically Secure, Oblivious, and Verifiable Aggregation Queries
CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

We develop a secret-sharing-based prototype, entitled Obscure that provides communication-efficient and information-theoretically secure algorithms for aggregation queries using multi-party computation (MPC). The query execution algorithms over secret-...
<sc>Obscure</sc>: Information-Theoretically Secure, Oblivious, and Verifiable Aggregation Queries on Secret-Shared Outsourced Data
Despite exciting progress on cryptography, secure and efficient query processing over outsourced data remains an open challenge. We develop a communication-efficient and information-theoretically secure system, entitled <sc>Obscure</sc> for aggregation ...
Profile Aware ObScure Logging (PaOSLo): A Web Search Privacy-Preserving Protocol to Mitigate Digital Traces
Web search querying is an inevitable activity of any Internet user. The web search engine (WSE) is the easiest way to search and retrieve data from the Internet. The WSE stores the user’s search queries to retrieve the personalized search result in a form ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the VLDB Endowment

Proceedings of the VLDB Endowment Volume 12, Issue 9

May 2019

110 pages

ISSN:2150-8097

Editors:
Lei Chen
HKUST
,
Fatma Özcan
IBM Research - Almaden

Issue’s Table of Contents

Publisher

VLDB Endowment

Publication History

Published: 01 May 2019

Published in PVLDB Volume 12, Issue 9

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
229
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sharma SLi YMehrotra SPanwar NKumari KRoychoudhury S(2023)Information-Theoretically Secure and Highly Efficient Search and Row RetrievalProceedings of the VLDB Endowment10.14778/3603581.360358216:10(2391-2403)Online publication date: 1-Jun-2023
https://dl.acm.org/doi/10.14778/3603581.3603582
Kurnia FVenkataramani A(2023)Oblivious PaxosProceedings of the 2023 ACM Symposium on Cloud Computing10.1145/3620678.3624647(65-80)Online publication date: 30-Oct-2023
https://dl.acm.org/doi/10.1145/3620678.3624647
Mirval JBouganim LSandu Popa I(2023)Federated Learning on Personal Data Management Systems: Decentralized and Reliable Secure Aggregation ProtocolsProceedings of the 35th International Conference on Scientific and Statistical Database Management10.1145/3603719.3603730(1-12)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3603719.3603730
Sharma SMehrotra S(2022)Cryptographic Techniques for Data ProcessingProceedings of the 5th Joint International Conference on Data Science & Management of Data (9th ACM IKDD CODS and 27th COMAD)10.1145/3493700.3493771(344-347)Online publication date: 8-Jan-2022
https://dl.acm.org/doi/10.1145/3493700.3493771
Li YGhosh DGupta PMehrotra SPanwar NSharma SLi GLi ZIdreos SSrivastava D(2021)PRISM: Private Verifiable Set Computation over Multi-Owner Outsourced DatabasesProceedings of the 2021 International Conference on Management of Data10.1145/3448016.3452839(1116-1128)Online publication date: 9-Jun-2021
https://dl.acm.org/doi/10.1145/3448016.3452839
Mehrotra SSharma SVerma RKhan LMohan C(2020)Recent Advances in Information-Theoretically Secure Data OutsourcingProceedings of the Sixth International Workshop on Security and Privacy Analytics10.1145/3375708.3382736(31-32)Online publication date: 16-Mar-2020
https://dl.acm.org/doi/10.1145/3375708.3382736
Gupta PLi YMehrotra SPanwar NSharma SRoussev VThuraisingham BCarminati BKantarcioglu M(2020)ObscureProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3379533(165-167)Online publication date: 16-Mar-2020
https://dl.acm.org/doi/10.1145/3374664.3379533

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents