Secure Skyline Queries on Encrypted Data CS 573 Data Privacy and - - PowerPoint PPT Presentation

Secure Skyline Queries on Encrypted Data

CS 573 Data Privacy and Security

Jinfei Liu, Juncheng Yang, Li Xiong, and Jian Pei. Secure Skyline Queries on Cloud Platform. ICDE 2017. Jinfei Liu, Juncheng Yang, Li Xiong, and Jian Pei. Secure and Efficient Skyline Queries on Encrypted Data. TKDE 2018.

2018-11-19

Skyline Computation: Hotel Example

hotel p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 distance price 4 24 14 36 26 8 40 20 34 28 16 400 380 340 300 280 260 200 180 140 120 60 10 20 30 40 100 200 300 400 price distance to the destination p1 p6 p3 p2 p8 p11 p5 p4 p7 p9 p10

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation: Hotel Example

hotel

p1

p2 p3 p4 p5

p6

p7 p8 p9 p10

p11

distance price

4

24 14 36 26

8

40 20 34 28

16 400

380 340 300 280

260

200 180 140 120

60

10 20 30 40 100 200 300 400 price distance to the destination

p1 p6

p3 p2 p8

p11

p5 p4 p7 p9 p10

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Motivating Example: Skyline Queries

Table: Sample of heart disease dataset.

(a) Original data. ID age trestbps p1 40 140 p2 39 120 p3 45 130 p4 37 140 (b) Mapped Data. ID age trestbps t1 t2 t3 t4

40 45 35 120 110 130 140 age trestbps

p1 p2 p4 p3

Figure: q(41,125).

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Motivating Example: Skyline Queries

Table: Sample of heart disease dataset.

(a) Original data. ID age trestbps p1 40 140 p2 39 120 p3 45 130 p4 37 140 (b) Mapped Data. ID age trestbps t1 42 140 t2 43 130 t3 45 130 t4 45 140

40 45 35 120 110 130 140 age trestbps

p1 p2 p4 p3 q t1 t4 t2 t3

Figure: q(41,125).

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Motivating Example: Skyline Queries

Table: Sample of heart disease dataset.

(a) Original data. ID age trestbps p1 40 140 p2 39 120 p3 45 130 p4 37 140 (b) Mapped Data. ID age trestbps t1 42 140 t2 43 130 t3 45 130 t4 45 140

40 45 35 120 110 130 140 age trestbps

p1 p2 p4 p3 q t1 t4 t2 t3

Figure: q(41,125).

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Similarity Queries

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Related Work

Fully homomorphic encryption - impractical

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Related Work

Fully homomorphic encryption - impractical Order preserving encryption - subjective to attacks

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Related Work

Fully homomorphic encryption - impractical Order preserving encryption - subjective to attacks Partially homomorphic encryption - limited computation but efficient, many focused on knn queries, challenging for skyline due to complex comparisons

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) skyline result Epk(P)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) skyline result

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

C1 and C2 are non-colluding

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Data owner (e.g., hospital, CDC) sends private key to C2. Data owner sends Epk(pi[j]) for i = 1, ..., n and j = 1, ..., m to cloud server C1.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

An authorized client (e.g., physician) sends Epk(q) to cloud server C1.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Our goal is to enable the cloud server to compute and return the skyline to the client without learning any information about the data and the query.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Our goal is to enable the cloud server to compute and return the skyline to the client without learning any information about the data and the query.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting: Desired Privacy Properties

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Data Privacy. Cloud servers C1 and C2 know nothing about the exact data except the size pattern, the client knows nothing about the dataset except the skyline query result.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting: Desired Privacy Properties

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Data Privacy. Cloud servers C1 and C2 know nothing about the exact data except the size pattern, the client knows nothing about the dataset except the skyline query result.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting: Desired Privacy Properties

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Data Pattern Privacy. Cloud servers C1 and C2 know nothing about the data patterns (indirect data knowledge) due to intermediate result, e.g., which tuple dominates which other tuple.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting: Desired Privacy Properties

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Query Privacy. Data owner, cloud servers C1 and C2 know nothing about the query tuple q.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Problem Setting: Desired Privacy Properties

Client: q, pk C1 :

Epk(P), Epk(q), pk

Data owner : P, pk, sk Epk(q) Epk(P)

C2 :

...

sk

partial skyline result partial skyline result pk, sk

Result Privacy. Cloud servers C1 and C2 know nothing about the query result, e.g., which tuples are in the skyline result.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Paillier Cryptosystem

• Homomorphic addition of plaintexts:

Dsk(Epk(a) × Epk(b) mod N2) = (a + b) mod N

• Homomorphic multiplication of plaintexts:

Dsk(Epk(a)b mod N2) = a × b mod N https://mhe.github.io/jspaillier/

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Basic Security Subprotocols: Secure Multiplication (SM)

Input

C1: encrypted input Epk(a) and Epk(b) C2: private key sk

Output

C1 knows Epk(a × b) C2 knows nothing

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Basic Security Subprotocols: Secure Bit Decomposition (SBD)

Input

C1: encrypted input Epk(a) C2: private key sk

Output

C1 knows encrypted individual bits of the binary representation

• f a, denoted as a = Epk((a)(1)

B ), ..., Epk((a)(l) B ), where l is

the number of bits, (a)(1)

B

and (a)(l)

B denote the most and least

significant bits of a, respectively. C2 knows nothing

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Basic Security Subprotocols

Secure OR (SOR) Secure AND (SAND) Secure NOT (SNOT) Secure Less Than or Equal (SLEQ) Secure Equal (SEQ) Secure Less (SLESS) Secure Minimum (SMIN)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Challenge of Secure Dominance Protocol

For each comparison between two tuples pa and pb, we need to compare all their m attributes and for comparison of each attribute p[j], there are three different outputs, i.e., pa[j] < (= , >) pb[j].

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Challenge of Secure Dominance Protocol

For each comparison between two tuples pa and pb, we need to compare all their m attributes and for comparison of each attribute p[j], there are three different outputs, i.e., pa[j] < (= , >) pb[j]. Therefore, there are 3m different outputs for each comparison between two tuples, based on which we need to determine if

• ne tuple dominates the other.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Dominance Protocol

Algorithm 1 Secure Dominance Protocol.

1: Input: C1 has Epk(a), Epk(b) and C2 has sk. 2: Output: C1 gets Epk(1) if a ≺ b, otherwise, C1 gets Epk(0). 3: C1 and C2: 4: for j = 1 to m do 5:

C1 gets δj = Epk(Bool(a[j] ≤ b[j])) by SLEQ

6: end for 7: use SAND to compute Φ = δ1 ∧ ..., ∧δm 8: C1: 9: compute α = Epk(a[1])×, ..., ×Epk(a[m]) 10: compute β = Epk(b[1])×, ..., ×Epk(b[m]) 11: C1 and C2: 12: C1 gets σ = Epk(Bool(α < β)) by employing SLESS 13: C1 gets Ψ = σ ∧ Φ as the final dominance relationship using

SAND

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Example of Secure Dominance Protocol.

Algorithm 2 Secure Dominance Protocol.

1: Input: C1 has Epk(a), Epk(b) and C2 has sk.a=(2,5); b=(4,5) 2: Output: C1 gets Epk(1) if a ≺ b, otherwise, C1 gets Epk(0). 3: C1 and C2: 4: for j = 1 to m do 5:

C1 gets δj = Epk(Bool(a[j] ≤ b[j])) by SLEQ δ1 = 1; δ2 = 1

6: end for 7: use SAND to compute Φ = δ1 ∧ ..., ∧δm Φ = 1 8: C1: 9: compute α = Epk(a[1])×, ..., ×Epk(a[m]) α = 7 10: compute β = Epk(b[1])×, ..., ×Epk(b[m]) β = 9 11: C1 and C2: 12: C1 gets σ = Epk(Bool(α < β)) by employing SLESS σ = 1 13: C1 gets Ψ = σ ∧ Φ as the final dominance relationship using

SAND Ψ = 1

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 3 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 t2 t3 t4 Skyline Pool

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 4 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 t2 t3 t4 Skyline Pool

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 5 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 t2 t3 t4 Skyline Pool t2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 6 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 t2 t3 t4 Skyline Pool t2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 7 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 t2 Skyline Pool t2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 8 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 t2 Skyline Pool t2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Skyline Computation Algorithm

Algorithm 9 Skyline Computation.

1: Input: A dataset T. 2: Output: Skyline of T. 3: while the dataset T is not empty do 4:

for i = 1 to size of dataset T do

5:

S(ti ) = m

j=1 ti [j]

6:

choose the tuple tmin with smallest S(ti ) as a skyline

7:

add tmin to skyline pool

8:

delete those tuples dominated by tmin from T

9:

delete tuple tmin from T

10:

end for

11: end while 12: return skyline pool

1 2 3 4 5 10 15 t1 Skyline Pool t2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol: in ciphertext

choose the tuple tmin with smallest S(ti) as a skyline Initial case ti

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline Epk(S(ti)) = Epk(ti[1]) × ... × Epk(ti[m]) mod N2

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline Epk(S(ti)) = SBD(Epk(S(ti)))

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline add a ⌈logn⌉ − bit sequence to the end of each Epk(S(ti))

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline perturbed values guaranteed to be different while order is preserved

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline finding smallest S(ti)

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline Epk(S(tmin))N−1 × Epk(S(ti)) mod N2

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76 S(ti) − S(tmin) 67 − 30 30 − 30 37 − 30 76 − 30

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline randomly noise vector r

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76 S(ti) − S(tmin) 67 − 30 30 − 30 37 − 30 76 − 30 r 3 9 31 2

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline permutation sequence π

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76 S(ti) − S(tmin) 67 − 30 30 − 30 37 − 30 76 − 30 r 3 9 31 2 π 2 1 4 3

Party C1 C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline π(Epk(S(tmin))N−1 × Epk(S(ti)))ri

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76 S(ti) − S(tmin) 67 − 30 30 − 30 37 − 30 76 − 30 r 3 9 31 2 π 2 1 4 3

Party C1

β′ 111 92 217

C2

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline if β′

i = 0, Ui = Epk(1)

ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15) S(ti) 16 7 9 19 [[S(ti)]] 1, 0, 0, 0, 0 0, 0, 1, 1, 1 0, 1, 0, 0, 1 1, 0, 0, 1, 1 pert. 1, 1 1, 0 0, 1 0, 0 S(ti) 67 30 37 76 S(ti) − S(tmin) 67 − 30 30 − 30 37 − 30 76 − 30 r 3 9 31 2 π 2 1 4 3

Party C1

β′ U 111 92 217

C2

1

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

choose the tuple tmin with smallest S(ti) as a skyline V = π′(U)

Party C1 C2

V 1 ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

add skyline tuple to skyline pool t′

i[j] = Vi × ti[j]

Party C1 C2

V 1 (ti[1]′, ti[2]′) (0, 0) (0, 0) (0, 0) (2, 5) ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

add skyline tuple to skyline pool p′

i[j] = Vi × pi[j]

Party C1 C2

V 1 (ti[1]′, ti[2]′) (0, 0) (0, 0) (0, 0) (2, 5) (pi[1]′, pi[2]′) (0, 0) (0, 0) (0, 0) (39, 120) ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

eliminate non-skyline tuples C1 and C2 use SOR with V to make Epk(S(tmin)) = Epk(127)

Party C1 C2

V 1 (ti[1]′, ti[2]′) (0, 0) (0, 0) (0, 0) (2, 5) (pi[1]′, pi[2]′) (0, 0) (0, 0) (0, 0) (39, 120) S(ti) 67 127 37 76 ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

eliminate non-skyline tuples secure dominance protocol

Party C1 C2

V 1 (ti[1]′, ti[2]′) (0, 0) (0, 0) (0, 0) (2, 5) (pi[1]′, pi[2]′) (0, 0) (0, 0) (0, 0) (39, 120) S(ti) 67 127 37 76 V 1 1 ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Secure Skyline Protocol

eliminate non-skyline tuples make Epk(S(ti)) = Epk(127), where ti is dominated by tmin

Party C1 C2

V 1 (ti[1]′, ti[2]′) (0, 0) (0, 0) (0, 0) (2, 5) (pi[1]′, pi[2]′) (0, 0) (0, 0) (0, 0) (39, 120) S(ti) 67 127 37 76 V 1 1 S(ti) 67 127 127 127 ti t1 t2 t3 t4 (ti[1], ti[2]) (1, 15) (2, 5) (4, 5) (4, 15)

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Outline

Problem setting Paillier crypto scheme Basic primitive subprotocols Secure dominance protocol Secure skyline protocol Experimental results

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Experiment Setup

Protocols: BSSP: Basic Secure Skyline Protocol FSSP: Fully Secure Skyline Protocol Datasets: NBA: real NBA dataset INDE: independent dataset CORR: correlated dataset ANTI: anti-correlated dataset Goal: evaluate the performance and scalability of our protocols

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

The impact of n (m=2, K=512)

number of tuples n

1000 3000 5000 7000 9000

time(seconds)

100 102 104 BSSP FSSP

(a) time cost of CORR

number of tuples n

1000 3000 5000 7000 9000

time(seconds)

100 102 104 BSSP FSSP

(b) time cost of INDE

number of tuples n

1000 3000 5000 7000 9000

time(seconds)

100 102 104 BSSP FSSP

(c) time cost of ANTI

number of tuples n

1000

time(seconds)

100 102 104 BSSP FSSP

(d) time cost of NBA

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

The impact of m (n=1000, K=512)

number of dimensions m

2 3 4 5

time(seconds)

100 102 104 BSSP FSSP

(e) time cost of CORR

number of dimensions m

2 3 4 5

time(seconds)

100 102 104 BSSP FSSP

(f) time cost of INDE

number of dimensions m

2 3 4 5

time(seconds)

100 102 104 BSSP FSSP

(g) time cost of ANTI

number of dimensions m

2 3 4 5

time(seconds)

100 102 104 BSSP FSSP

(h) time cost of NBA

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

The impact of K (n=1000, m=2)

number of key size K

256 512 1024 2048

time(seconds)

100 102 104 BSSP FSSP

(i) time cost of CORR

number of key size K

256 512 1024 2048

time(seconds)

100 102 104 BSSP FSSP

(j) time cost of INDE

number of key size K

256 512 1024 2048

time(seconds)

100 102 104 BSSP FSSP

(k) time cost of ANTI

number of key size K

256 512 1024 2048

time(seconds)

100 102 104 BSSP FSSP

(l) time cost of NBA

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Conclusion and Future Work

Conclusion Proposed a secure dominance sub-protocol. Proposed a fully secure skyline protocol. Demonstrated practical using simulation. Future work Further optimization of algorithm complexity and running time.

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data

Thank You!!!

CS 573 Data Privacy and Security Secure Skyline Queries on Encrypted Data