Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2013: Security and Trust Management pp 33–48Cite as

Maintaining Database Anonymity in the Presence of Queries

  • Conference paper

  • 785 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8203))

Abstract

With the advent of cloud computing there is an increased interest in outsourcing an organization’s data to a remote provider in order to reduce the costs associated with self-hosting. If that database contains information about individuals (such as medical information), it is increasingly important to also protect the privacy of the individuals contained in the database. Existing work in this area has focused on preventing the hosting provider from ascertaining individually identifiable sensitive data from the database, through database encryption or manipulating the data to provide privacy guarantees based on privacy models such as k-anonymity. Little work has been done to ensure that information contained in queries on the data, in conjunction with the data, does not result in a privacy violation. In this work we present a hash based method which provably allows the privacy constraint of an unencrypted database to be extended to the queries performed on the database. In addition, we identify a privacy limitation of such an approach, describe how it could be exploited using a known-query attack, and propose a counter-measure based on oblivious storage.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Samarati, P.: Protecting respondents identities in microdata release. IEEE Transactions on Knowledge and Data Engineering 13(6), 1010–1027 (2001)

    Article  Google Scholar 

  2. Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty Fuzziness and Knowledge Based Systems 10(5), 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  3. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD) 1(1), 3 (2007)

    Article  Google Scholar 

  4. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: IEEE 23rd International Conference on Data Engineering, ICDE 2007, pp. 106–115. IEEE (2007)

    Google Scholar 

  5. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. Journal of the ACM 45(6), 965–981 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  6. Nergiz, A.E., Clifton, C.: Query processing in private data outsourcing using anonymization. In: Li, Y. (ed.) Data and Applications Security and Privacy XXV. LNCS, vol. 6818, pp. 138–153. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. Nergiz, A.E., Clifton, C., Malluhi, Q.M.: Updating outsourced anatomized private databases. In: Proceedings of the 16th International Conference on Extending Database Technology, EDBT 2013, pp. 179–190. ACM, New York (2013)

    Chapter  Google Scholar 

  8. Xiao, X., Tao, Y.: Anatomy: simple and effective privacy preservation. In: Proceedings of the 32nd International Conf. on Very Large Data Bases, pp. 139–150 (2006)

    Google Scholar 

  9. Ajtai, M.: Oblivious rams without cryptogrpahic assumptions. In: Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, pp. 181–190. ACM, New York (2010)

    Chapter  Google Scholar 

  10. Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 502–519. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious RAM with o((logn)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Boneh, D., Mazieres, D., Popa, R.A.: Remote Oblivious Storage: Making Oblivious RAM Practical. Technical Report MIT-CSAIL-TR-2011-018, Computer Science and Aritificial Intelligence Laboratory (March 2011)

    Google Scholar 

  13. Goodrich, M.T., Mitzenmacher, M., Ohrimenko, O., Tamassia, R.: Practical oblivious storage. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy, pp. 13–24 (2012)

    Google Scholar 

  14. Amazon: Amazon Simple Storage Service (S3), http://aws.amazon.com/documentation/s3/

  15. Asonov, D., Freytag, J.-C.: Almost optimal private information retrieval. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 209–223. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Paulet, R., Kaosar, M.G., Yi, X.: K-anonymous private query based on blind signature and oblivious transfer. In: 2nd International Cyber Resilience Conference, pp. 55–62 (2011)

    Google Scholar 

  17. Hacigümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in the database-service-provider model. In: Proceedings of the 2002 ACM SIGMOD International Conference on Management of Data, SIGMOD 2002, pp. 216–227. ACM, New York (2002)

    Chapter  Google Scholar 

  18. Popa, R.A., Redfield, C., Zeldovich, N., Balakrishnan, H.: Cryptdb: protecting confidentiality with encrypted query processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pp. 85–100. ACM (2011)

    Google Scholar 

  19. Farnan, N.L., Lee, A.J., Chrysanthis, P.K., Yu, T.: Don’t reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 628–647. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  20. Moore Jr., R.A.: Controlled data-swapping techniques for masking public use microdata sets. In: Statistical Research Division Report Series RR 96-04, U.S. Bureau of the Census, Washington, DC (1996)

    Google Scholar 

  21. Subcommittee on Disclosure Limitation Methodology, Federal Committee on Statistical Methodology: Report on statistical disclosure limitation methodology. Statistical Policy Working Paper 22 (NTIS PB94-16530), Statistical Policy Office, Office of Information and Regulatory Affairs, Office of Management and Budget, Washington, DC (May 1994)

    Google Scholar 

  22. Ciriani, V., di Vimercati, S.D.C., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Combining fragmentation and encryption to protect privacy in data storage. ACM Transactions on Information and System Security (TISSEC) 13(3), 22:1–22:33 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Qatar University, Qatar

    Ryan Riley & Qutaibah Malluhi

  2. Department of Computer Science, Purdue University, USA

    Chris Clifton

Authors
  1. Ryan Riley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chris Clifton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qutaibah Malluhi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telematics, University of Freiburg, Friedrichstraße 50, 79098, Freiburg, Germany

    Rafael Accorsi

  2. Centre for Information Technology, Fondazione Bruno Kessler ( FBK), via Sommarive 18, 38123, Trento, Italy

    Silvio Ranise

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Riley, R., Clifton, C., Malluhi, Q. (2013). Maintaining Database Anonymity in the Presence of Queries. In: Accorsi, R., Ranise, S. (eds) Security and Trust Management. STM 2013. Lecture Notes in Computer Science, vol 8203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41098-7_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41098-7_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41097-0

  • Online ISBN: 978-3-642-41098-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation