Jiu-Ru Gao,Wei Chen,Jia-Jie Xu,An Liu,Zhi-Xu Li,Hongzhi Yin,Lei Zhao

DOI: https://doi.org/10.1007/s11390-019-1969-x

IF: 1.871

2019-01-01

Journal of Computer Science and Technology

Abstract:With the popularity of storing large data graph in cloud, the emergence of subgraph pattern matching on a remote cloud has been inspired. Typically, subgraph pattern matching is defined in terms of subgraph isomorphism, which is an NP-complete problem and sometimes too strict to find useful matches in certain applications. And how to protect the privacy of data graphs in subgraph pattern matching without undermining matching results is an important concern. Thus, we propose a novel framework to achieve the privacy-preserving subgraph pattern matching in cloud. In order to protect the structural privacy in data graphs, we firstly develop a k -automorphism model based method. Additionally, we use a cost-model based label generalization method to protect label privacy in both data graphs and pattern graphs. During the generation of the k -automorphic graph, a large number of noise edges or vertices might be introduced to the original data graph. Thus, we use the outsourced graph, which is only a subset of a k -automorphic graph, to answer the subgraph pattern matching. The efficiency of the pattern matching process can be greatly improved in this way. Extensive experiments on real-world datasets demonstrate the high efficiency of our framework.

Huang Kai,Hu Haibo,Zhou Shuigeng,Guan Jihong,Ye Qingqing,Zhou Xiaofang

DOI: https://doi.org/10.1007/s00778-021-00706-0

2021-01-01

The VLDB Journal

Abstract:Due to the increasing cost of data storage and computation, more and more graphs (e.g., web graphs, social networks) are outsourced and analyzed in the cloud. However, there is growing concern on the privacy of these outsourced graphs at the hands of untrusted cloud providers. Unfortunately, simple label anonymization cannot protect nodes from being re-identified by adversary who knows the graph structure. To address this issue, existing works adopt the k -automorphism model, which constructs ( k - 1 ) symmetric vertices for each vertex. It has two disadvantages. First, it significantly enlarges the graphs, which makes graph mining tasks such as subgraph matching extremely inefficient and sometimes infeasible even in the cloud. Second, it cannot protect the privacy of attributes in each node. In this paper, we propose a new privacy model ( k , t )-privacy that combines the k -automorphism model for graph structure with the t -closeness privacy model for node label generalization. Besides a stronger privacy guarantee, the paper also optimizes the matching efficiency by (1) an approximate label generalization algorithm TOGGLE with ( 1 + ϵ ) approximation ratio and (2) a new subgraph matching algorithm PGP on succinct k -automorphic graphs without decomposing the query graph.

Songlei Wang,Yifeng Zheng,Xiaohua Jia,Cong Wang

DOI: https://doi.org/10.1109/tifs.2024.3409089

IF: 7.231

2024-06-14

IEEE Transactions on Information Forensics and Security

Abstract:It is increasingly common for enterprises/ organizations to outsource graph analytics services to the cloud. For example, enterprises may leverage the cloud to store and query large attributed graphs. Among others, subgraph matching over a large attributed graph is a common and fundamental query functionality for graph analytics. It aims to retrieve all isomorphic subgraphs for a small query graph and greatly benefits various application domains like cheminformatics, social network analysis, and anti-money laundering. Deploying subgraph matching service in the cloud, however, poses a threat to the privacy of the information-rich graph data as the cloud gains access to the attributed graph, query graph, and query result. Given this, several works have been proposed for supporting privacy-aware subgraph matching. However, prior works only consider a weak semi-honest threat model and cannot provide integrity guarantees for the subgraph matching results in case of malicious adversary. In light of this, we design, implement, and evaluate eGrass, a new system enabling maliciously secure attributed subgraph matching service outsourced to the cloud. In addition to offer protection for graph data confidentiality, eGrass is also designed to hide search access patterns as well as defend against malicious cloud server attempting to compromise the result integrity. We conduct extensive experiments on a real-world dataset. The results demonstrate that compared to the state-of-the-art previous protocol with semi-honest security, eGrass is only slower in query latency, uses more communication, and does not require extra cloud-side storage.

computer science, theory & methods,engineering, electrical & electronic

Yixiao Zhu,Hui Li,Jiangtao Cui,Yong Ma

DOI: https://doi.org/10.1109/access.2019.2955243

IF: 3.9

2019-01-01

IEEE Access

Abstract:Due to the rapid development of social networks, bio-informatics, internet-of-things etc. , subgraph matching query can be found in various applications. Meanwhile, the increasing popularity of storing graph data in the cloud drives demands for graph query processing on a remote cloud server. However, the query results in this scenario may not be guaranteed to be correct, especially when the cloud service provider (CSP) is malicious or compromised by some adversaries, for example, a CSP might omit some edges of the graph so that its search cost would be substantially reduced. Besides, various software bugs and unintended errors are also inevitable. All current generic verifiable computation (VC) schemes applied in this scenario are not only too impractical to be implemented but also need a lot of space to locally store their auxiliary data. To that end, we have put forth both public and designated verification schemes which focus on subgraph matching problems for outsourced graph data. They utilize a modified cryptographic primitive called accumulator to realize fast verification and low local storage overhead. In addition to the two main constructions, we have proposed an optimization to make the scheme more applicable, namely, supporting dynamic updates of the graph. At last, rigorous security proofs and efficiency analysis are given, which justify that our proposed schemes are secure and efficient, satisfying the requirements of general verifiable computation protocols.

Yuchuan Luo,Dongsheng Wang,Shaojing Fu,Ming Xu,Yingwen Chen,Kai Huang

DOI: https://doi.org/10.1109/msn57253.2022.00056

2022-01-01

Abstract:Understanding graph characteristics is of great importance for graph analytics. Among the many properties, shortest path distance is the fundamental and widely used one. With the advent of cloud computing, it is a natural choice for the data owners to host their massive graphs on the cloud and outsource the shortest distance querying service to it. However, the new paradigm brings serious security concerns as graph data and shortest distance queries may contain sensitive information of data owners and users. In this paper, we propose a novel scheme to support privacy-preserving approximate shortest distance queries with advanced graph analytics over large-scale encrypted graphs, which enables an untrusted cloud to answer shortest distance queries as well as advanced graph metrics (e.g., node centrality) without knowing the content of queries and the sensitive information of outsourced graphs. Compared with the state-of-the-art solutions, our design can support not only efficient and accurate shortest distance approximation, but also advanced graph analytics. We prove that our scheme is secure under the chosen-plaintext model. Experimental results over real-world datasets show that our scheme achieves high approximation accuracy with practical efficiency.

Xiaofeng Ding,Cui Wang,Kim-Kwang Raymond Choo,Hai Jin

DOI: https://doi.org/10.1109/tkde.2019.2931903

IF: 9.235

2019-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:The need to efficiently store and query large scale graph datasets is evident in the growing number of data-intensive applications, particularly to maximize the mining of intelligence from these data (e.g., to inform decision making). However, directly releasing graph dataset for analysis may leak sensitive information of an individual even if the graph is anonymized, as demonstrated by the re-identification attacks on the DBpedia datasets. A key challenge in the design of graph sanitization methods is scalability, as existing execution models generally have significant memory requirements. In this paper, we propose a novel $k$<math>k</math>-decomposition algorithm and define a new information loss matrix designed for utility measurement in massively large graph datasets. We also propose a novel privacy preserving framework that can be seamlessly integrated with graph storage, anonymization, query processing, and analysis. Our experimental studies show that the proposed solution achieves privacy-preserving, utility, and efficiency.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Jinjing Huang,Wei Chen,Zhixu Li,Pengpeng Zhao,Weiqing Wang,Hongzhi Yin,Lei Zhao

DOI: https://doi.org/10.1007/s11280-020-00784-0

2020-01-01

World Wide Web

Abstract:Graph pattern matching (GPM) is an important operation on graph computation. Most existing work assumes that query graph or data graph is static, which is contrary to the fact that graphs in real life are intrinsically dynamic. Therefore, time-constrained graph pattern matching has been introduced. However, querying time-constrained graph pattern in a temporal graph is not an easy work because of the high computation complexity. Query outsourcing, with the help of cloud computing, is adopted in this paper. Outsourcing of data storage and query becomes increasingly popular due to the prevalence of cloud computing. However, sensitive data need to be encrypted before outsourcing for various privacy concerns. To execute queries over encrypted data is a very challenging problem and has received much attention recently. However, most existing approaches only support limited kinds of queries, moreover, they cannot be completely outsourced. In this paper, a Somewhat Homomorphic Encryption ($\mathcal {S}{\mathscr{H}}\mathcal {E}$) approach is adopted to design a protocol which enables general queries on encrypted data and query outsourcing as well. The key issue in the paper is to (1) enable the query provider to filter data rows with homomorphic encrypted result of comparison operators; (2) completely relieve the data owner of partaking of the process of queries. An effective dualcloud protocol (DCP) which enables the cloud to understand the result of comparisons though homomorphic encrypted values is proposed. Moreover, The efficiency of the baseline approach is greatly improved by packing and GPU-accelerating technologies. Experimental study shows that the optimized approach outperforms the baseline approach and the recently reported similar approaches.

Ning Cao,Zhenyu Yang,Cong Wang,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/ICDCS.2011.84

2011-01-01

Abstract:In the emerging cloud computing paradigm, data owners become increasingly motivated to outsource their complex data management systems from local sites to the commercial public cloud for great flexibility and economic savings. For the consideration of users' privacy, sensitive data have to be encrypted before outsourcing, which makes effective data utilization a very challenging task. In this paper, for the first time, we define and solve the problem of privacy-preserving query over encrypted graph-structured data in cloud computing (PPGQ), and establish a set of strict privacy requirements for such a secure cloud data utilization system to become a reality. Our work utilizes the principle of "filtering-and-verification". We prebuild a feature-based index to provide feature-related information about each encrypted data graph, and then choose the efficient inner product as the pruning tool to carry out the filtering procedure. To meet the challenge of supporting graph query without privacy breaches, we propose a secure inner product computation technique, and then improve it to achieve various privacy requirements under the known-background threat model.

Bo Suo,Zhanhuai Li,Qun Chen,Wei Pan

DOI: https://doi.org/10.1109/icpads.2016.0147

2016-01-01

Abstract:Big graph-structured data pervade our world, ranging from microworld such as gene regulatory networks to macroworld such as social networks. Subgraph matching is a fundamental operation for many graph applications, such as graph database and graph mining. However, existing sequential algorithms have limited applicability on large graphs because of the inherent NP-completeness of subgraph isomorphism and distributed graph storage. Therefore, there is a need to parallelize subgraph matching over big graph data in a distributed environment. With MapReduce as the backdrop, this paper proposes a new approach, named ParMa, for efficient subgraph matching on distributed platforms. It consists of alternate computation and communication phases. We first build a cost model and then propose approaches to optimize the execution process. Instead of existing parallel approaches which only considers intermediate result size, the proposed cost model takes the number of iteration invocations as the primary cost. Based on this, our optimizations mainly focus on the aspects that affects iteration number throughout the execution of matching. One is query decomposition. We propose an effective query decomposition approach to minimize the number of subqueries and their matches. The other is join processing. We introduce a suite of mechanisms, including join plan making, local join processing and join cost estimation, to join partial matches in an appropriate way to reduce its cost. Finally, our extensive experiments on both synthetic and real graphs demonstrated that ParMa outperforms the state-of-the-art solutions by considerable margins.

Pengtao Xie,Eric Xing

DOI: https://doi.org/10.48550/arXiv.1409.5021

2015-03-19

Abstract:Many graph mining and analysis services have been deployed on the cloud, which can alleviate users from the burden of implementing and maintaining graph algorithms. However, putting graph analytics on the cloud can invade users' privacy. To solve this problem, we propose CryptGraph, which runs graph analytics on encrypted graph to preserve the privacy of both users' graph data and the analytic results. In CryptGraph, users encrypt their graphs before uploading them to the cloud. The cloud runs graph analysis on the encrypted graphs and obtains results which are also in encrypted form that the cloud cannot decipher. During the process of computing, the encrypted graphs are never decrypted on the cloud side. The encrypted results are sent back to users and users perform the decryption to obtain the plaintext results. In this process, users' graphs and the analytics results are both encrypted and the cloud knows neither of them. Thereby, users' privacy can be strongly protected. Meanwhile, with the help of homomorphic encryption, the results analyzed from the encrypted graphs are guaranteed to be correct. In this paper, we present how to encrypt a graph using homomorphic encryption and how to query the structure of an encrypted graph by computing polynomials. To solve the problem that certain operations are not executable on encrypted graphs, we propose hard computation outsourcing to seek help from users. Using two graph algorithms as examples, we show how to apply our methods to perform analytics on encrypted graphs. Experiments on two datasets demonstrate the correctness and feasibility of our methods.

Cryptography and Security

Jun Gao,Jeffrey Xu Yu,Ruoming Jin,Jiashuai Zhou,Tengjiao Wang,Dongqing Yang

DOI: https://doi.org/10.1145/1989323.1989367

2011-01-01

Abstract:With the advent of cloud computing, it becomes desirable to utilize cloud computing to efficiently process complex operations on large graphs without compromising their sensitive information. This paper studies shortest distance computing in the cloud, which aims at the following goals: i) preventing outsourced graphs from neighborhood attack, ii) preserving shortest distances in outsourced graphs, iii) minimizing overhead on the client side. The basic idea of this paper is to transform an original graph G into a link graph Gl kept locally and a set of outsourced graphs Go. Each outsourced graph should meet the requirement of a new security model called 1-neighborhood-d-radius. In addition, the shortest distance query can be answered using Gl and Go. Our objective is to minimize the space cost on the client side when both security and utility requirements are satisfied. We devise a greedy method to produce Gl and Go, which can exactly answer the shortest distance queries. We also develop an efficient transformation method to support approximate shortest distance answering under a given additive error bound. The final experimental results illustrate the effectiveness and efficiency of our method.

Bo Suo,Zhanhuai Li,Wei Pan

DOI: https://doi.org/10.1109/cisp-bmei.2016.7853034

2016-01-01

Abstract:While numerous applications, such as social networks, protein-protein interaction networks, and bibliographic networks, mainly consist of graph-structured data, massive graphs, of which the scales range from million nodes to billion nodes, are common-place. Searching within these kinds of graphs is urged to be efficient. Unfortunately, since the subgraph isomorphism problem is NP-complete, querying on large graphs is still challenging.

Siyu Li,Zhiwei Zhang,Meihui Zhang,Ye Yuan,Guoren Wang

DOI: https://doi.org/10.1109/icde60146.2024.00159

2024-01-01

Abstract:Graphs serve as an essential data structure to model complex relationships in a variety of applications, such as social networks, web graphs, and chemical informatics. Due to the high cost of maintaining large-scale graph data and executing graph queries, data owners often outsource their graph data to a third-party service provider for graph processing. In this scenario, it is crucial to ensure the integrity of query results, as the provider may have the incentive to return only partial or tampered results to save computing resources or serve their own interests. Blockchain, as a promising solution for secure data storage and retrieval, opens up new opportunities for data management in such scenarios. To scale the blockchain, many works have been conducted using off-chain storage while ensuring the integrity of query results for key-value data in hybrid-storage blockchain architectures. To our knowledge, there is no work to enable the blockchain to support subgraph matching queries. In this paper, we present a novel approach to support authenticated subgraph matching queries for large graphs kept off-chain. We first design the authenticated data structure as MELTree and keep the digests of the roots on-chain. We propose the verification object (VO) construction algorithm AMatching for queries to ensure the completeness and soundness of the results. To further reduce the cost, we propose AMatching* based on a bidirectional search including forward search and reverse search. Moreover, we further optimize the on-chain storage cost by proposing MVPTree, which organizes the structures for vertices and only needs to keep one root digest on-chain for verification. Experimental results show that the proposed algorithms and the optimizations improve the performance significantly.

Yifeng Luo,Jihong Guan,Shuigeng Zhou

DOI: https://doi.org/10.1007/978-3-642-20244-5_2

2011-01-01

Abstract:This paper proposes an efficient approach to subgraph search over a large graph database under the MapReduce framework. The main idea is first to build inverted edge indexes for graphs in the database, and then to retrieve data only related to the query subgraph by using the built indexes to answer the query. Experimental results show that the proposed approach has good performance and scalability.

Chang Liu,Liehuang Zhu,Jinjun Chen

DOI: https://doi.org/10.1109/tsusc.2017.2704163

2017-01-01

IEEE Transactions on Sustainable Computing

Abstract:Driven by the growing security demands of data outsourcing applications in sustainable smart cities, encrypting clients’ data has been widely accepted by academia and industry. Data encryptions should be done at the client side before outsourcing, because clouds and edges are not trusted. Therefore, how to properly encrypt data in a way that the encrypted and remotely stored data can still be queried has become a challenging issue. Though keyword searches over encrypted textual data have been extensively studied, approaches for encrypting graph-structured data with support for answering graph queries are still lacking in the literature. In this paper, we specially investigate graph encryption method for an important graph query type, called top-k Nearest Keyword (kNK) searches. We design several indexes to store necessary information for answering queries and guarantee that private information about the graph such as vertex identifiers, keywords and edges are encrypted or excluded. Security and efficiency of our graph encryption scheme are demonstrated by theoretical proofs and experiments on real-world datasets, respectively.

Yanli Yuan,Dian Lei,Chuan Zhang,Ximeng Liu,Zehui Xiong,Liehuang Zhu

DOI: https://doi.org/10.1109/icc51166.2024.10622439

2024-01-01

Abstract:Graph neural networks (GNNs) have been widely applied in various graph analysis tasks. To provide more convenient and faster predictive services, many enterprises are choosing to deploy GNNs in cloud environments. However, given the increasing privacy concerns about GNNs models and graph data, as well as the need to quickly generate embeddings for new nodes in real-world applications, a critical issue in this emerging paradigm is to ensure the security and scalability of GNN predictions. In this paper, we propose a privacy-preserving and scalable GNN prediction scheme, named PS-GNN, to address the privacy issues in cloud environments. Specifically, PS-GNN utilizes a customized array structure to store graph data and employs secret sharing to preserve the confidentiality of both the GNN model and graph data. Besides, the scalability of PS-GNN is achieved by aggregating feature information from local node neighborhoods in parallel. Through a detailed analysis, we demonstrate the security of PS-GNN. Extensive experiments on real-world datasets demonstrate that PS-GNN outperforms existing schemes in terms of computational and communication overhead, and reaches state-of-the-art performance on large graphs.

Guowei Qiu,Yingliang Zhao,Xiaolin Gui

DOI: https://doi.org/10.1016/j.ins.2024.120687

IF: 8.1

2024-01-01

Information Sciences

Abstract:Today, more and more data is collected and stored by different organizations. When the data is distributed among multiple users who wish to perform data mining on the joint data, outsourcing the task to cloud servers becomes an attractive solution for users who lack professional skills. However, privacy concerns make users reluctant to adopt such solutions. In this paper, we propose a privacy-preserving outsourced k-means clustering (PPOKC) algorithm on distributed data. Our system consists of multiple users and two non-colluding servers. Each user submits their data to the servers, which perform k-means clustering over the joint data without compromising data privacy. Unlike existing solutions, which typically include a cryptographic server and a computing server, each server in our system provides both services. Based on this architecture, we first design several important sub-protocols, including secure comparison, secure minimum and secure division. We then use these protocols to construct an efficient and highly secure PPOKC algorithm. The implementation of our algorithm relies heavily on secret sharing techniques, complemented by homomorphic encryption. We also conduct theoretical analysis and experiments. Security analysis shows that our scheme guarantees the security of the input/output data, the intermediate results and the data access pattern under the semi-honest model. Complexity analysis and numerical experiments show that our algorithm has good efficiency and is suitable for practical applications.

Haotian Wu,Zecheng Li,Rui Song,Bin Xiao

DOI: https://doi.org/10.1109/tkde.2023.3249279

IF: 9.235

2023-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Prior research has introduced a new scenario of blockchain-assisted clouds where the data owner outsources original data to cloud servers and stores some metadata on the blockchain. Despite some research on key-value query and range query in this hybrid-storage scenario, other more complicated data types are not yet supported. In this article, we conduct pioneering research on authenticated queries for graph data, which is a popular data type such as the knowledge graph data, on the blockchain-assisted cloud. The primary challenge is how to design an authenticated data structure (ADS) that supports authenticated queries and can be easily maintained by the blockchain. To this end, we propose a novel ADS, named PAGB, based on the RSA accumulator and completeness set. It can also prevent the original data from being revealed to the public through blockchain or irrelevant queries. We further optimize our design to be more efficient in terms of communication and computation. The effectiveness and efficiency of PAGB are verified through theoretical analysis and extensive experiments.

Lei Zou,Lei Chen,Yansheng Lu

DOI: https://doi.org/10.1145/1316874.1316897

2007-01-01

Abstract:ABSTRACTRecently, due to its wide applications, subgraph search has attracted a lot of attention from database and data mining community. Sub-graph search is defined as follows: given a query graph Q, we report all data graphs containing Q in the database. However, there is little work about sub-graph search in a single large graph, which has been used in many applications, such as biological network and social network. In this paper, we address top-k sub-graph matching query problem, which is defined as follows: given a query graph Q, we locate top-k matchings of Q in a large data graph G according to a score function. The score function is defined as the sum of the pairwise similarity between a vertex in Q and its matching vertex in G. Specifically, we first design a balanced tree (that is G-Tree) to index the large data graph. Then, based on G-Tree, we propose an efficient query algorithm (that is Ranked Matching algorithm). Our extensive experiment results show that, due to efficiency of pruning strategy, given a query with up to 20 vertices, we can locate the top-100 matchings in less than 10 seconds in a large data graph with 100K vertices. Furthermore, our approach outperforms the alternative method by orders of magnitude.

Kunlong Liu,Trinabh Gupta

2024-04-02

Abstract:Privacy-preserving federated graph analytics is an emerging area of research. The goal is to run graph analytics queries over a set of devices that are organized as a graph while keeping the raw data on the devices rather than centralizing it. Further, no entity may learn any new information except for the final query result. For instance, a device may not learn a neighbor's data. The state-of-the-art prior work for this problem provides privacy guarantees for a broad set of queries in a strong threat model where the devices can be malicious. However, it imposes an impractical overhead: each device locally requires over 8.79 hours of cpu time and 5.73 GiBs of network transfers per query. This paper presents Colo, a new, low-cost system for privacy-preserving federated graph analytics that requires minutes of cpu time and a few MiBs in network transfers, for a particular subset of queries. At the heart of Colo is a new secure computation protocol that enables a device to securely and efficiently evaluate a graph query in its local neighborhood while hiding device data, edge data, and topology data. An implementation and evaluation of Colo shows that for running a variety of COVID-19 queries over a population of 1M devices, it requires less than 8.4 minutes of a device's CPU time and 4.93 MiBs in network transfers - improvements of up to three orders of magnitude.

Cryptography and Security,Social and Information Networks