Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.4028/www.scientific.net/amr.255-260.2224

2011-01-01

Advanced Materials Research

Abstract:Advances in networking technologies and the continued growth of the internet have triggered a new trend towards outsourcing data management and information technology needs to external service providers, and privacy requirements have an increasing impact on such real-world applications. In this paper, we propose a solution to enforce data privacy over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption of attribute partition and the decomposition of SQL queries, the approach allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format, and allows executing queries over encrypted outsourced database efficiently.

Xiaofeng Xu,Li Xiong,Jinfei Liu

DOI: https://doi.org/10.1145/2699026.2699121

2015-01-01

Abstract:Database fragmentation is a promising approach that can be used in combination with encryption to achieve secure data outsourcing which allows clients to securely outsource their data to remote untrusted server(s) while enabling query support using the outsourced data. Given a set of confidentiality constraints, it vertically partitions the database into fragments such that the set of attributes in each constraint do not appear together in any one fragment. The optimal fragmentation problem is to find a fragmentation with minimum cost for query support. In this paper, we propose an efficient graph search based approach which obtains near optimal fragmentation. We model the fragmentation search space as a graph and propose efficient search algorithms on the graph. We present static and dynamic search strategies as well as a novel level-wise graph expansion technique which dramatically reduces the search time. Extensive experiments showed that our method significantly outperforms other state-of-the-art methods.

YongHong Yu,Wenyang Bai

2010-01-01

Journal of Computational Information Systems

Abstract:Privacy requirements have an increasing impact on the real-world applications. Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy, user privacy and access control over outsourced database services. The approach starts from a flexible definition of privacy constraints on a relational schema, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection, the approach allow storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format. Meanwhile, by applying cryptographic technology on the auxiliary random server protocol, the approach can solve the problem of private information retrieval to protect data privacy, user privacy and access control on outsourced database services. The theoretical analysis shows that our new model can provide efficient data privacy protection and query processing, efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control. Copyright © 2010 Binary Information Press.

YongHong Yu,Wenyang Bai

DOI: https://doi.org/10.1109/MEC.2011.6025814

2011-01-01

Abstract:Technical considerations and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy and accountable user privacy in outsourced database services. The approach starts from a flexible definition of privacy constraints, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition, the approach allows storing the outsourced data on un-trusted database server and minimizing the amount of encrypted data. By combining cryptographic with auxiliary random server, the approach can reduce the computational and communication complexity of private information retrieval to provide user privacy protection. By introducing verifiable encryption and revocation of decryption based on event capsule, the approach obtains accountability when the user misbehaves. The theoretical analysis shows that our new approach can provide efficient data privacy, efficient accountable user privacy protection with lower computational complexity and not increase the cost of communication complexity simultaneously. © 2011 IEEE.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2011.00110

2011-01-01

Journal of Computer Applications

Abstract:Currently in outsourced database service,to consider a unilateral protection technology outsourcing is difficult to meet the security requirements of the lack of a database.In this paper,the authors proposed a solution to enforce data confidentiality,data privacy,user privacy and access control over outsourced database services.The approach started from a flexible definition of privacy constraints on a relational schema,applied encryption on information in a parsimonious way and mostly relied on attribute partition to protect sensitive information.Based on the approximation algorithm for the minimal encryption attribute partition with quasi-identifier detection,the approach allowed storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Meanwhile,by applying cryptographic technology on the auxiliary random server protocol,the approach can solve the problem of private information retrieval to protect user privacy and access control.The theoretical analysis shows that the new model can provide efficient data privacy protection and query processing,efficient in computational complexity and does not increase the cost of communication complexity of user privacy protection and access control.

Bai Wen-yang

2011-01-01

Abstract:Previous outsourced database server based on all data encryption can not effectively balance the relationship between data processing properties and the data privacy protection.Aiming at the shortages,this paper presents a privacy protection method based on a single outsourced database server.It combines fragmentation and encryption that can provide both efficient privacy protection and query processing.Based on the approximation algorithm for the minimal encryption attribute fragmentation,the method allows storing the outsourced data on a single database server and minimizing the amount of data represented in encrypted format.Theory analysis shows that this method has efficient privacy protection and query processing.

Yonghong Yu,Wenyang Bai

DOI: https://doi.org/10.1109/MEC.2011.6025814

2011-01-01

Abstract:Notice of Violation of IEEE Publication Principles "Privacy Protection in Outsourced Database Services" by Yonghong Yu and Wenyang Bai in the Proceedings of the International Conference on Mechatronic Science, Electric Engineering and Computer, August 2011, pp. 1726-1731 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles. This paper contains substantial duplication of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission. Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article: "Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 23rd Annula IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec), July 2009 "Fragmentation and Encryption to Enforce Privacy in Data Storage" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), September 2007 "Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases" by Valentina Ciriani, Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano Paraboschi, and Pierangela Samarati in the Proceedings of the 29th International Conference on Distributed Computing Systems (ICDCS), June 2009 Technical consideratio- s and many significant commercial and legal regulations demand that privacy guarantees be provided whenever sensitive information is stored, processed, or communicated to external partied. In this paper, we propose a solution to enforce data confidentiality, data privacy and accountable user privacy in outsourced database services. The approach starts from a flexible definition of privacy constraints, applies encryption on information in a parsimonious way and mostly relies on attribute partition to protect sensitive information. Based on the approximation algorithm for the minimal encryption attribute partition, the approach allows storing the outsourced data on un-trusted database server and minimizing the amount of encrypted data. By combining cryptographic with auxiliary random server, the approach can reduce the computational and communication complexity of private information retrieval to provide user privacy protection. By introducing verifiable encryption and revocation of decryption based on event capsule, the approach obtains accountability when the user misbehaves. The theoretical analysis shows that our new approach can provide efficient data privacy, efficient accountable user privacy protection with lower computational complexity and not increase the cost of communication complexity simultaneously.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.3724/sp.j.1087.2010.02672

2010-01-01

Journal of Computer Applications

Abstract:In privacy protection based on database encryption technology for outsourcing database services,it is difficult to achieve balance between performance of data processing and privacy protection effectively.A new privacy protection method based on distributed outsourcing database service was proposed to provide both efficient privacy protection and query processing.Automatic quasi-identifiers detection and probabilistic anonymity were introduced.The data could be partitioned across many logically independent database servers horizontally or vertically,while only few sensitive data were encrypted or anonymous.According to the type of data fragmentation,the trusted client executed queries by transmitting appropriate sub-queries to different databases,and then pieced the results together at the client side.The theoretical analysis and experimental results show that the proposed method is well-balanced in dealing with the contradiction between data privacy preserving and efficient query processing.

YongHong Yu,Wenyang Bai

2010-01-01

Abstract:The advent of database services has resulted in privacy concerns on the part of the client storing data with third party database service providers. Previous approaches to enabling such a service have been based on data encryption, causing a large overhead in query processing. In this paper we propose a distributed architecture for secure database service which can provide both efficient privacy protection and query processing. Based on the algorithms of automatic quasi-identifiers detection and probabilistic anonymity, the client data can be partitioned across many independent servers horizontally or vertically without being encrypted. The theoretical analysis and experimental results show that our method is well-balanced on dealing with the contradiction between data privacy preserving and efficient query processing.

Zoe L. Jiang,Jiajun Huang,Zechao Liu,Xuan Wang

DOI: https://doi.org/10.1109/spac.2017.8304269

2017-01-01

Abstract:With the rapid popularization of cloud computing, people began to store data in the cloud server, to avoid the cumbersome local data management and to get more convenient services. However, on one hand the cloud server cannot guarantee absolute security, as Hackers will use a variety of unexpected method to intrude the cloud server. On the other hand, the cloud server administrator may leak data in database, which may lead to serious consequence. The data can be stored in the form of ciphertext for the sake of protecting the privacy of user data. One efficient method to prevent data leakage is data encryption. However, this brings a range of problems. For example, in what ways the encrypted data which stored in the cloud server can be searched by authorized data users? Motivated by this question, we proposed Attribute-based Queries over Outsourced Encrypted Database. This method enables a data user, whose attributes satisfy one specific data owners access control policy, search over the data owners outsourced encrypted database.

Tie Hong,SongZhu Mei,ZhiYing Wang,JiangChun Ren

DOI: https://doi.org/10.3390/sym10110637

2018-01-01

Symmetry

Abstract:Many scholars have attempted to use an encryption method to resolve the problem of data leakage in data outsourcing storage. However, encryption methods reduce data availability and are inefficient. Vertical fragmentation perfectly solves this problem. It was first used to improve the access performance of the relational database, and nowadays some researchers employ it for privacy protection. However, there are some problems that remain to be solved with the vertical fragmentation method for privacy protection in the relational database. First, current vertical fragmentation methods for privacy protection require the user to manually define privacy constraints, which is difficult to achieve in practice. Second, there are many vertical fragmentation solutions that can meet privacy constraints; however, there are currently no quantitative evaluation criteria evaluating how effectively solutions can protect privacy more effectively. In this article, we introduce the concept of information entropy to quantify privacy in vertical fragmentation, so we can automatically discover privacy constraints. Based on this, we propose a privacy protection model with a minimum entropy fragmentation algorithm to achieve minimal privacy disclosure of vertical fragmentation. Experimental results show that our method is suitable for privacy protection with a lower overhead.

Zheli Liu,Haoyu Ma,Jin Li,Chunfu Jia,Jingwei Li,Ke Yuan

DOI: https://doi.org/10.1007/978-3-642-38631-2_32

2013-01-01

Abstract:Outsourcing database has attracted much attention recently due to the emergence of Cloud Computing. However, there are still two problems to solve, 1) how to encipher and protect the sensitive information before outsourcing while keeping the database structure, and 2) how to enable better utilization of the database like fuzzy queries over the encrypted information. In this paper we propose a new solution based on format-preserving encryption, which protects the privacy of the sensitive data and keeps the data structure as well in the encrypted database. We also show how to perform fuzzy queries over such enciphered data. Specially, our scheme supports fuzzy queries by simply exploiting the internal storing and query mechanism of the databases, thus the influence on both the inner relation of databases and the construction of applications are minimized. Evaluation indicates that our scheme is able to efficiently perform fuzzy query on encrypted database.

WANG Zheng-fei,WANG Wei,SHI Bo-le

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.28.040

2010-01-01

Computer Engineering and Applications Journal

Abstract:Encryption technology has become an important mechanism of securing data stored in the outsourced database.However,it is a difficulty to query efficiently the encrypted data and many researchers take it into consideration.To solve the problem,an encrypted schema,based on the inner DBMS,is proposed.Through the security dictionary and the extended SQL,the approach implements the encrypted storage and efficient query over the data in the outsourced databases.Results of experiments validate the efficiency and feasibility of the approach.

YU Yong-hong,BAI Wen-yang

DOI: https://doi.org/10.4304/jsw.6.3.404-412

2011-01-01

Abstract:“ Data Privacy and User Privacy over Outsourced Database Service ” by Yonghong Yu, Wenyang Bai Journal of Software Volume 6, Number 3, March 2011, Page(s): 404-412 After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, the above paper has been found to be in violation of Academy Publisher’s Publication Principles. The first author ( Yonghong Yu ) has taken full responsibility and this violation was done without the knowledge of the second author ( Wenyang Bai ). This paper contains significant portions of original text from the papers cited below. The original text was copied without attribution (including appropriate references to the original authors and/or paper title) and without permission: Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following articles: [1] V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Fragmentation and Encryption to Enforce Privacy in Data Storage, in Proc. of the 12th European Symposium On Research In Computer Security (ESORICS 2007), Dresden, Germany, September 24-26, 2007 [2] V. Ciriani, S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati, Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients, in Proc. of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2009), Montreal, Quebec, Canada, July 12-15, 2009 [3] V. Ciriani, S. De Capita ti, S. Jajodia, S. Paraboschi, and P. Samarati, Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases, in Proc. of the 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Quebec, Canada, June 22-26, 2009

Bai Wen-yang

2010-01-01

Abstract:This paper proposed a distributed architecture for secure database service which could provide both efficient privacy protection and query processing. Based on the algorithms of automatic quasi-identifiers detection,partitioned the client data across many logically independent database servers vertically,while only encrypted few sensitive data. The client executed queries by transmitting appropriate sub-queries to different databases based on metadata. The experimental results show that this method is well-balanced on dealing with the contradiction between data privacy protection and efficient query processing.

Xiao Jiang,Jun Gao,Tengjiao Wang,Dongqing Yang

DOI: https://doi.org/10.1007/978-3-642-12098-5_10

2010-01-01

Abstract:With the popularity of the outsourced database, protecting sensitive associations in this environment is greatly desired and receives high attention. Table decomposition based method, which is suited for the current query evaluation of the database engine, provides an alternative to the conventional encryption method. Although some work on table decomposition has been done to handle single sensitive association in data publishing scenario or multiple associations in multiple servers, fewer attempts have been made to deal with multiple associations in single outsourced database. In this paper, we first illustrate that the simple extension of existing work will lead to new kinds of information leakages, and then we propose a novel table decomposition method, which achieves l-diversity, defeats the new information leakages, while at the same time, considers the query efficiency over the decomposed sub-tables. The final experimental results validate the effectiveness and efficiency of our method.

Zhiqiang Yang,Sheng Zhong,Rebecca N. Wright

DOI: https://doi.org/10.1007/11863908_29

2006-01-01

Abstract:Data confidentiality is a major concern in database systems. Encryption is a useful tool for protecting the confidentiality of sensitive data. However, when data is encrypted, performing queries becomes more challenging. In this paper, we study efficient and provably secure methods for queries on encrypted data stored in an outsourced database that may be susceptible to compromise. Specifically, we show that, in our system, even if an intruder breaks into the database and observes some interactions between the database and its users, he only learns very little about the data stored in the database and the queries performed on the data.Our work consists of several components. First, we consider databases in which each attribute has a finite domain and give a basic solution for certain kinds of queries on such databases. Then, we present two enhanced solutions, one with a stronger security guarantee and the other with accelerated queries. In addition to providing proofs of our security guarantees, we provide empirical performance evaluations. Our experiments demonstrate that our solutions are fast on large-sized real data.

Songrui Wu,Qi Li,Guoliang Li,Dong Yuan,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/icde.2019.00062

2019-01-01

Abstract:Data outsourcing to cloud has been a common IT practice nowadays due to its significant benefits. Meanwhile, security and privacy concerns are critical obstacles to hinder the further adoption of cloud. Although data encryption can mitigate the problem, it reduces the functionality of query processing, e.g., disabling SQL queries. Several schemes have been proposed to enable one-dimensional query on encrypted data, but multi-dimensional range query has not been well addressed. In this paper, we propose a secure and scalable scheme that can support multi-dimensional range queries over encrypted data. The proposed scheme has three salient features: (1) Privacy: the server cannot learn the contents of queries and data records during query processing. (2) Efficiency: we utilize hierarchical cubes to encode multi-dimensional data records and construct a secure tree index on top of such encoding to achieve sublinear query time. (3) Verifiability: our scheme allows users to verify the correctness and completeness of the query results to address server's malicious behaviors. We perform formal security analysis and comprehensive experimental evaluations. The results on real datasets demonstrate that our scheme achieves practical performance while guaranteeing data privacy and result integrity.

Jianghong Wei,Xiaofeng Chen,Jianfeng Wang,Xinyi Huang,Willy Susilo

DOI: https://doi.org/10.1109/tpds.2022.3225274

IF: 5.3

2023-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:The wide use of internet-connected services makes massive personal data collected by service providers without the need of our consent. Although the archived data may enable them to provide better service experiences for users, it also presents serious risks to individual privacy, especially when active or unexpected data breaches have become commonplace. To mitigate this issue, several acts and regulations (e.g., the European Union general data protection regulation) have been issued and specified a lot of security requirements for personal data management. Among these various requirements, we mainly focus on the requirement of giving back the access control of personal data to data owners themselves and the right to be forgotten for data erasure. In this article, we provide a cryptographic solution of achieving these two requirements in the setting of outsourced storage. Specifically, we introduce a personal data management framework built upon a novel cryptographic primitive dubbed as forward-secure attribute-based puncturable encryption (FS-DABPE). This primitive simultaneously features of system-wide forward secrecy and practical key management as well as fine-grained access control of the encrypted personal data. Consequently, by locally puncturing, updating and erasing system-wide secret keys, it securely realizes fine-grained personal data sharing and data erasure without interactions. Furthermore, to instantiate the proposed framework, we present a concrete FS-DABPE construction, and prove its security under a well-studied complexity assumption. In addition, we provide a prototype implementation of the concrete construction, and present extensive experimental results that illustrate its feasibility and practicability.

Haixun Wang,Jian Yin,Chang-Shing Perng,Philip S. Yu

DOI: https://doi.org/10.1145/1458082.1458196

2008-01-01

Abstract:ABSTRACTIn database outsourcing, an enterprise contracts its database management tasks to an outside database service provider to eliminate in-house hardware, software, and expertise needs for running DBMSs. This is attractive especially for the parties with limited abilities in managing their own data. Typically, the client applications want to obtain quality assurance (e.g., data authenticity and query completeness) of the outsourced database service at a low cost. Previous work on database outsourcing has focused on issues such as communication overhead, secure data access, and data privacy. Recent work has introduced the issue of query integrity assurance, but usually, to obtain such assurance incurs a high cost. In this paper, we present a new method called dual encryption to provide low-cost query integrity assurance for outsourced database services. Dual encryption enables "cross examination" of the outsourced data, which consists of the original data stored under a certain encryption scheme, and another small percentage of the original data stored under a different encryption scheme. We generate queries against the additional piece of data and analyze their results to obtain integrity assurance. Our scheme is provable secure, that is, it is impossible to break our scheme unless some security primitives can be broken. Experiments on commercial workloads show the effectiveness of our approach.