secure knn computation on encrypted data base
DESCRIPTION
Secure kNN Computation on Encrypted Data base. B98505024 吳昇峰. 前情提要 (?. 現今網路都放在 service provider 的機房內 (Out source database). SECURITY 越來越重要了 但要怎麼確保 安全 性呢 ?. 加密 !! Encryption. attacker. THE SCONEDB MODEL. Secret key K Database encryption function E t () Query encryption function E D () - PowerPoint PPT PresentationTRANSCRIPT
Secure kNN Computation on Encrypted Data baseB98505024
吳昇峰
前情提要 (?◦ 現今網路都放在 service provider 的機房內 (Out source
database)
加密 !! Encryption
SECURITY 越來越重要了但要怎麼確保安全性呢 ?
EDBMS
Player 1 (Owner) Player 2
THE SCONEDB MODEL
DB
ET()
DB secret key K
qEQ()q
Query processer
Aux
Secret key KDatabase encryption function Et()Query encryption function ED()Result decryption function D()
D()
attacker
Can access EDBMSEncrypted database, queries, resultExcept key
DATA
DB
Attack levels Knowledge(H) ==attacker 所知道的 Level 1: Observes only the encrypted database E(DB) H=(E(DB))
只拿到有加密的 DB
Level 2: Knows a set of plain tuples P in DB don’t know the corresponding encrypt values of those tuples H=(E(DB),P)
◦ 拿到部分未加密的 tuples 但不知道對應到加密過的 DB 的哪些資料 ( 主要目標 )
Level 3: Observes a set of tuples P in DB and knows the corresponding encrypted values I , H=(E(DB),P,I) I(t)=Et(t,K)除了拿到未加密的資料也拿到對應的加密過的地方 (rare)
KNN application in this model Knn query search for k points in a database that are the nearest to a given query point q
為什麼 database 的點上有距離 (?
我們假設一個點上面有很多的值 舉例來說 p(1,2,3.5,3) 這樣就可以構成一個在四維空間的點這跟加密有什麼關係 (?因為他有個性質是可以用 DPT(distance preserving transformation) 去轉換資料的時候還可以保留點到點的距離
BUT!!!! NOT SECURE!!!
如何改進 ?
如何攻擊
在加密的方式下 讓系統算出 d(p1,p2) 在 E(DB) , P1,p2 為在 db上的點
Distance-recoverable encryption
DPT-a example of DRE 如果 E 是 DPT d(E(p1,K),E(p2,K))=d(p1,p2) E= Np+t N,p together form the secret key Resist level-1 attacks Not secure under level-2 or level3
How to attack? 假設 attacker 知道是用什麼算法 ex. 在此他就會知道是 d() 兩個點之間的距離
他想要求得 db 裡面的 y LEVEL3
◦ d(p,q) can be computed by d(E(p,K),E(q,K))◦ If he knows points P ( 未加密 ) {x1, x2, x3..... xd+1) 和他想要得到的點 y’( 加密 )◦ d(xi,y)=d(I(xi),y’) 多個方程式取交集可以得到 y 這個值
How to attack? Level 2 P= {x1, x2, x3..... xd+1) Signature linking attack Construct P’s signature =pairwise distances between every two points in P
(d(x1,x2), d(x1,x3), d(x2,x3)…….)
Try to find an ordered set of encrypted points Q in E(DB) 當 |Q|=|P| 的時候,且當sig(Q)=sig(P)
就可還原出原本的部分 DB( 晉升成 level3 的 attack)
單純的 DRE 是無法擋住 attack 的
因為 DRE 可以讓 attacker 從加密算出他的 signature Can’t reveal distance information Distance computation id not necessary Given tow point p1,p2
Math alert
Still distance recoverable p1’*p1’ 這個 owner 可以自己先乘好放在 DB P1’*p2’ need an encryption !
ASPE Asymmetric scalar product preserving encryption
ET() 和 Eq() 需要不同的加密
pTq=(pTM)(M-1q)=ET(p,K)Eq(q,K) →p’=ET(p,K)=(pTM)
◦ q’=Eq(q,K)=(M-1q)◦ Using the M and M-1 as transformations of query and points
但要是 |p1|*|p1| 被 attacker 得知了 ?
把他藏起來 (? Point
Hide the product in the d+1 dimension of point p
用 -0.5||p||2
Ex. p=(3,4) ||p||2=25
則 pnew=(3,4,-12.5)
Query
必須增加一個 dimension 配合 point 用 1
Ex q=(1,2) qnew=(1,2,1)
Weakness Query will lie on a d-dimensional hyper plane Can get some level-3-like information
補上一個 random factor r to scaleqnew=r(qT,1)T
小結 Scheme1
Scheme 1 is not secure against level-3 attack
If there are d+1 points xi (1 ≤ i ≤ d+1) in P such that the vectors(xi , −0.5||xi||2) are linearly independent, then the attacker can recover DB from E(DB).
How to improve again?
加大 !!! 加複雜 !
How to improve again? Split it!
p splitting p=pa+pb
p=(3,7) pa=(10,2) pb(-7,5)q splittingDouble attacks cost
加複雜 !
General players 1 and 2 secretly agree on which of p[i] and q[i] to split. Share a configuration bit vector, indicates whether p-splitting or q-splitting
Artificial Dimensions 增加 Dimensions 從 d→d‘ 在 dimensions d+1~d’ 亂數產生 且 product over these artificial attributes =0 pnew* qnew=p*q d’>=80 才安全
加大 !!!
Scheme2 Can resist level 3 attack Scheme2=Scheme1+splitting+artificial dimensions
Test to break a DREσ=minimum size of Pn=how many point
σ=4.6 average attack time is 314 seconds Easy to break!
Q&A?