WO2010015063A1 - System and method for privacy preserving query verification - Google Patents
System and method for privacy preserving query verification Download PDFInfo
- Publication number
- WO2010015063A1 WO2010015063A1 PCT/CA2008/001436 CA2008001436W WO2010015063A1 WO 2010015063 A1 WO2010015063 A1 WO 2010015063A1 CA 2008001436 W CA2008001436 W CA 2008001436W WO 2010015063 A1 WO2010015063 A1 WO 2010015063A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- client
- query
- node
- query result
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Definitions
- This invention relates to the field of data publishing, and particularly to solutions for the preservation of privacy in query verification of outsourced third-party data publishing models.
- the data publisher's server could be compromised — resulting in the data publisher losing control of the security of their own server.
- the securing of large online data systems has proving to be a daunting task. Therefore, it is most critical for a client to ensure that the query result that is received from a publisher that is not trusted is both authentic and complete.
- the ability to prove the authenticity and completeness of query results can also be very useful in defeating server spoofing attacks, where attackers try to impersonate legitimate servers with their own data servers and feed the clients with malicious information.
- Currently solutions that are implemented to guarantee the authenticity and completeness of the query results may result in unforeseen problems.
- a publisher may inadvertently leak information in regard to data records that are outside of a prescribed query space. This result may conflict with implemented access control policies and a client may obtain information that he or she is not allowed to access — thus the privacy of the data is not preserved within the transaction.
- the shortcomings of the prior art are overcome and additional advantages are provided through the provision of a method for proving the correctness of a query result produced by a data publisher while preserving data privacy.
- the method comprises delivering a public key of a public key/private key pair from a data owner to a client and delivering data and cryptographic metadata to at least one data publisher, wherein the cryptographic metadata is associated both with the data and the public key of the public key/private key pair.
- the method further comprises receiving a query from the client, returning a query result and a verification object from the data publisher to the client in response to the query, and verifying the correctness of the query result, .wherein the correctness of the query result is verified utilizing the verification object and the public key.
- FIG. 1 illustrates one example of a data publishing architecture for outsourced data publishing.
- FIG. 2 illustrates one example of a one-dimensional CRT in accordance with exemplary embodiments of the present invention.
- FIG. 3 illustrates one example of a two-dimensional CRT in accordance with exemplary embodiments of the present invention.
- FIG. 4 shows an exemplary algorithmic function for the insertion of a record into a CRT in accordance with exemplary embodiments of the present invention.
- FIG. 5 shows an exemplary algorithmic function for the deletion of a record from a CRT in accordance with exemplary embodiments of the present invention.
- FIG. 6 shows an exemplary algorithmic function for providing evidence of the existence of a record within a cube in accordance with exemplary embodiments of the present invention.
- FIG. 7 shows an exemplary algorithmic function for providing evidence of the existence of a shell in accordance with exemplary embodiments of the present invention.
- Exemplary embodiments of the present invention provide a solution for proving the correctness of query results that have been produced by data publishers that are not trusted, while preserving the privacy of the published data. Thus ensuring that the procedure that is used to verify the correctness of any query results does not require the disclosure of any information that is outside an access control area that is assigned to a query requester. Further, the exemplary embodiments of the present invention are configured to efficiently process multi-dimensional query results while continuing to preserve the privacy of the published data.
- FIG. 1 a data publishing architecture 100 for the publishing of outsourced data is shown.
- the system of FIG. 1 comprises three parties — a data owner 105, a data publisher 110 and a clientl l5.
- the architecture as shown is exemplary in nature, in actual data publishing environments there can be more than one data owner 105 in addition to multiple data publishers 110.
- data is generated or collected by the data owner 105.
- the data owner 105 delivers the data and any data updates to the data publisher 110.
- the client 115 queries the data publisher 110 to retrieve data instead of directly querying the data owner 105.
- the data owner 105 has possession of a pair of public/private keys.
- the data owner 105 uses the private key of the public/private key pair to perform computational cryptographic techniques over a prescribed dataset wherein cryptographic metadata related to the dataset is produced as a result.
- the data and metadata 106 are delivered to the data publisher 110.
- the data publisher 110 queries 108 the data publisher 110
- the data publisher 110 returns the query result and a proof called a Verification Object (VO) 109 to the client 115.
- the VO being constructed based on the generated metadata.
- the correctness of the query result is verified using the corresponding VO along with the data owner's 105 public key that has been previously transmitted 107 to the client 115.
- each data owner 105 maintains at least one private-public key pair with which the data owner 105 uses to sign data. It is yet further assumed that all data publishers 110 and clients 115 obtain the correct public keys from each data owner 105 via a trusted communication channel. Since the possibility exists that a data publisher 110 could be compromised, a client 115 is assumed to only trust query results that can be verified using the public key of the corresponding data owner's 105. As such, data publishers 110 enforce access control policies to prevent respective clients 115 from gaining access to information that that the client 115 does not have the right to access. Additionally, since various data publishers 110 may operate independently of each other the data publishers have different access control policies; such policies that may be periodically updated.
- Each point in the k-space is equivalent to a record comprised within a dataset.
- A;(r) denote the value of the /th attribute of the record.
- a client 115 may issue a range query Q(L 1 , R 1 , . . . , L k , R k ), wherein the query Q defines a sub-space q of the k-space:
- the query space of the query Q is thereafter referred to as q.
- the client 115 issues Q to get the result:
- the data publisher 110 Upon receiving the query Q 5 the data publisher 110 returns the result T' along with a verification object (VO). The VO is returned along with the result T' in order to guarantee the authenticity and completeness of the query result.
- VO verification object
- the data publisher 110 enforces a prescribed set of access control policies against the client 115. For example, suppose there is a payroll database wherein each record within the payroll database contains the payroll information belonging to specific individuals. As such, each record contains information in regard to the salary, age and additional miscellaneous information about each person contained within the record. Enacted enforced access policies ensure that a client 115 can only have access to the records wherein the salaries are in the range between $10,000 and $15,000 and the age of the individual is in the range between 20 and 30 years old. These series of ranges are defined as the accessible space of the client 115.
- the access policy enforced on a client 115 can be represented as AC(L 1 , R 1 , ...L k , R k ).
- the accessible space ac of a client is a sub-space of the k-space, wherein:
- Authenticity is defined as meaning that every record in a query result should be from the data owner's 105 database. For example, suppose the result of a query is T' and the database is T. The result of the query is authentic In the event that T' e T . This aspect can be assured by having a data owner 105 sign every record in their database.
- Completeness is defined as meaning that every record within a query space should be part of the query result. For example, if we assume that a range query space is q. We will say that the query result is complete in the event that the following equation is satisfied, wherein:
- Privacy preserving or the preservation of privacy is defined as meaning that a client 115 should not have access to or receive any information about the points/records that are outside of the accessible space of the client 115.
- r 0 e [0,N)* ⁇ ac represent some point outside of the client's accessible space.
- Qs be a query sequence and Res(Qs) be the corresponding sequence of query results (which are combined with the corresponding VOs).
- a sub-space of the k-space in the following form is defined as a cube, wherein:
- a query space is a cube. Additionally, the accessible space of a client 115 is also referred to as a cube.
- a sub-space of the k-space in the form C 1 Vc 2 is defined as a shell.
- C 1 and C 2 are both k-dimensional cubes and c 2 C c 1 .
- the data owner 105 can sign every record to guarantee authenticity. Since the client 115 acquired the public key of a private-public key pair from the data owner 105, the client 115 can verify the authenticity of the records within the query results, hi further exemplary embodiments, the data owner 105 can organize the data utilizing data structures such as merkle hash trees, in which case the data owner only needs to sign the root of the hash tree.
- the VO comprises three components: the authentication data structure, which proves the authenticity of the data records in the query result; the number of records in the accessible space of the client 115, which is signed by the data owner 105; and the number of records in the shell which is also authenticated by the data owner 105.
- the shell is a function of the query, the exemplary embodiments do not require that data publishers 110 to contact the data owner for each query.
- the authentication data structure as implemented to allow for data publishers 110 to efficiently prove to a client 115 the number of data records that exist within a particular shell.
- a VO is constructed such that the VO only depends on the records outside of the query space and inside the accessible space of the client 115.
- a range tree is a data structure that is used in computational geometry to store points in k-space.
- a data structure that is a modified version of the range tree is utilized — this structure being referred to as a CRT.
- CRT can be constructed as single (FIG. 2) or multi-dimensional (FIG. 3) computational models.
- the CRT is used to store a list of numbers X 1 ,... x n .
- a one dimensional CRT is a binary tree, wherein each node of the tree corresponds to an interval.
- the CRT node stores the information of interval [node.l, node.r). For each node, there is also a counter to store the number of points in the interval. Further, node.cnt stores the number of points in the interval [node.l, node.r).
- the size of the interval of a node node.r - node.l is always a power of 2.
- n' records out of node.cnt fall in the left sub-interval.
- node will have a left child nodel in the event that n' > 0:
- node will have a right child node 2 :
- node.cl and node.c2 to store the left/right child of node. Each one could be nil, further, if the size of the interval for a node is 1 , the node doesn't have any child node.
- the root node of the tree corresponds to the interval [0, N).
- An exemplary one- dimensional CRT for the value set ⁇ 5, 12, 15 ⁇ is shown in FIG. 2.
- a CRT can also be constructed in multi-dimension.
- a CRT in two-dimensional space initially assume we have a list of points (X 1 , V 1 ),...(x n , y n ).
- a one dimensional CRT is constructed for the list of numbers X 1 ,... x n .
- This tree is referred to as the primary structure.
- node.cnt n'.
- a one dimensional CRT is then built for this node in order to store information for the numbers y' lv ..y' n '- In this way a primary structure is built, and for every node of the primary structure a secondary structure is built. For each node of the primary structure, we use another field node, sec to record the root of the secondary CRT structure.
- Figure 2 shows an example of two-dimensional CRT. Using this technique higher dimensional CRTs can be constructed.
- a node of the primary structure is referred to as a first order node and a node of the secondary structure is referred to as a second order node.
- a first order node stores the number of points in the area [node.l, node.r) x [0, N).
- node' is a node belongs to the secondary structure attached to node, then node' stores the number of points in the area [node.l, node.r) x [node'.l, node'.r).
- a node of a k dimensional CRT stores the number of points in a k-dimensional cube.
- An exemplary two-dimensional CRT for the value set ⁇ (5, 10), (12, 19), (15, 14) ⁇ is shown in FIG. 3.
- Exemplary embodiments of the present invention support a variety of CRT operational functions. For example, assume that it is desired to insert a record r into a CRT. The root of the k-dimensional CRT will be node 0 . If the tree is empty, then a node is constructed such that node 0 comprises the following:
- node 0 .cl nil
- node 0 .c2 nil
- nodeo.sec nil
- FIG. 4 shows an exemplary algorithmic function that can be utilized within exemplary embodiments of the present invention to insert a record into a CRT or to create a new node.
- function CRT Insert(r, node, t) serves as a recursive function to insert a record r to a fth order node that is named node.
- the function CRT Insert(r, nodeO, 1) is initially called within node insertion or creation procedures.
- a list of Mi order nodes is provided as counting proof. Therefore, it is needed for the data owner to sign the node for the Mi order nodes. Assuming that node k is the Mi order node, and nodek is in the secondary structure of (k- l)th order node node k -i. Similarly, nodek-2- . . node!, wherein nodek holds the number of records in the cube:
- the algorithm records the path and has the data owner sign the pair (c, node k .cnt).
- CRT Delete(r, node, t) deletes information in regard to record r in the fth order node that is named node in addition to the secondary structure of the node.
- a CRT can be utilized to provide evidence of the existence of records in a cube.
- the evidence is a list of non-overlapping kth order CRT nodes signed by the data owner.
- a recursive function CRT Count Cube(node, t, c) can be utilized to return a list of CRT nodes as evidence.
- a data owner 105 will maintain a k-dimensional CRT for all the records. For example, if there are n records in the database, the data owner 105 can build an empty CRT and insert all of the data to the CRT. The data owner 105 also signs all the kth order nodes. Additionally, the data owner 105 maintains a counter for each access control space.
- a CRT can use a small number of non-overlapping nodes that are completely within S to prove that there are at least a points in S. This property is very useful for constructing the VO.
- the data owner 105 gives a signed CRT and the signed list of access control counters to the data publisher 110.
- the access control space of the client 115 is ac.
- the data publisher 110 returns the query result to the client 115 with the VO comprising the signature of each record in the query result, the signed number of records in the access control space ac, and the evidence of the existence of all the records in the shell ac ⁇ q.
- a data owner 105 desires to update T
- the data owner- 105 can add a new record into the table, or they could delete a record from the current table.
- the table updating will change counters of some of the nodes within the CRT structure.
- the data owner 105 will communicate to the data publishers 110 the desire to update T.
- the data publishers 110 will receive a set of signed nodes, wherein these signed nodes will be used to replace the existing nodes.
- the data owners 110 would have different versions of the signed nodes, client 115 should be assured the freshness of the data. In the other words, the client should make sure the publisher does not use the outdated VO to verify the query results. Therefore, instead of signing each individual node, the data owner can have a digest scheme (e.g., a Merkle Tree) to have a root hash of the whole CRT, and make the client aware of the root hash. Also, to keep the client 115 aware of the root hash, the data owner 105 can either sign the root hash periodically, or publish the root hash in their own server.
- a digest scheme e.g., a Merkle Tree
- each role will have its own access control space.
- the accessible space for the client 115 is the union of the access control spaces of all the roles.
- the client 115 is assigned with r roles.
- the solution we discussed in previous sections assumes that the accessible space for a client is a cube.
- a way to extend the solution to multiple roles client is to use the same solution as if the client submits r queries and activate one role each time. Thus allowing for the client 115 to combine all the query results to get the final answer.
- a potential limitation in regard to the fore-mentioned approach is that two queries in the series of queries can share the same query result records. This would incur redundant communication and computational operations.
- the client 115 can divide the original query space into a set of smaller (non-overlapping) cube query spaces, which are within different access control spaces. Then the client 115 can submit queries for those smaller cube query spaces, thus ensuring there would be no redundant communication and/or computation.
- the capabilities of the present invention can be implemented in software, firmware, hardware or some combination thereof.
- one or more aspects of the present invention can be included in an article of manufacture (e.g., one or more computer program products) having, for instance, computer usable media.
- the media has embodied therein, for instance, computer readable program code means for providing and facilitating the capabilities of the present invention.
- the article of manufacture can be included as a part of a computer system or sold separately.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2008/001436 WO2010015063A1 (en) | 2008-08-08 | 2008-08-08 | System and method for privacy preserving query verification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CA2008/001436 WO2010015063A1 (en) | 2008-08-08 | 2008-08-08 | System and method for privacy preserving query verification |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010015063A1 true WO2010015063A1 (en) | 2010-02-11 |
Family
ID=41663239
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2008/001436 WO2010015063A1 (en) | 2008-08-08 | 2008-08-08 | System and method for privacy preserving query verification |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2010015063A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ITRM20130114A1 (en) * | 2013-02-28 | 2014-08-29 | Marcello Bertozzi | IT SYSTEM FOR THE MANAGEMENT AND TRANSMISSION OF INFORMATION AND IMAGES IN RELATIONS BETWEEN INSTITUTIONS AND USERS |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070067403A1 (en) * | 2005-07-20 | 2007-03-22 | Grant Holmes | Data Delivery System |
US20070282843A1 (en) * | 2006-04-11 | 2007-12-06 | Medox Exchange, Inc. | Systems and methods of managing specification, enforcement, or auditing of electronic health information access or use |
-
2008
- 2008-08-08 WO PCT/CA2008/001436 patent/WO2010015063A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070067403A1 (en) * | 2005-07-20 | 2007-03-22 | Grant Holmes | Data Delivery System |
US20070282843A1 (en) * | 2006-04-11 | 2007-12-06 | Medox Exchange, Inc. | Systems and methods of managing specification, enforcement, or auditing of electronic health information access or use |
Non-Patent Citations (10)
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ITRM20130114A1 (en) * | 2013-02-28 | 2014-08-29 | Marcello Bertozzi | IT SYSTEM FOR THE MANAGEMENT AND TRANSMISSION OF INFORMATION AND IMAGES IN RELATIONS BETWEEN INSTITUTIONS AND USERS |
WO2014132223A1 (en) * | 2013-02-28 | 2014-09-04 | Giano Telesystems Srl | System for managing and displaying information and/or images |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7979711B2 (en) | System and method for privacy preserving query verification | |
Xu et al. | Enabling efficient and geometric range query with access control over encrypted spatial data | |
Ghinita | Privacy for location-based services | |
Poh et al. | Searchable symmetric encryption: Designs and challenges | |
Pang et al. | Verifying completeness of relational query results in data publishing | |
Chen et al. | An efficient privacy-preserving ranked keyword search method | |
Zheng et al. | VABKS: Verifiable attribute-based keyword search over outsourced encrypted data | |
Jarecki et al. | Outsourced symmetric private information retrieval | |
Yiu et al. | Enabling search services on outsourced private spatial data | |
Rady et al. | Integrity and confidentiality in cloud outsourced data | |
US20220255743A1 (en) | Cryptographic Pseudonym Mapping Method, Computer System, Computer Program And Computer-Readable Medium | |
CN112332979A (en) | Ciphertext searching method, system and equipment in cloud computing environment | |
Kamel et al. | Dynamic spatial index for efficient query processing on the cloud | |
Guo et al. | A provably secure and efficient range query scheme for outsourced encrypted uncertain data from cloud-based Internet of Things systems | |
Najafi et al. | Verifiable ranked search over encrypted data with forward and backward privacy | |
Li et al. | Privacy-preserving reverse nearest neighbor query over encrypted spatial data | |
Wang et al. | Bucket‐based authentication for outsourced databases | |
Papadopoulos et al. | Separating authentication from query execution in outsourced databases | |
Wang et al. | A dynamic-efficient structure for secure and verifiable location-based skyline queries | |
Hong et al. | Privacy protection and integrity verification of aggregate queries in cloud computing | |
Liu et al. | Dissemination of authenticated tree-structured data with privacy protection and fine-grained control in outsourced databases | |
Ghinita et al. | A secure location-based alert system with tunable privacy-performance trade-off | |
Yang et al. | TRQED: Secure and fast tree-based private range queries over encrypted cloud | |
Muhammad et al. | A secure data outsourcing scheme based on Asmuth–Bloom secret sharing | |
Wei et al. | Integrity assurance for outsourced databases without DBMS modification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2011521413 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08876690 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08876690 Country of ref document: EP Kind code of ref document: A1 |