Home   >   CSC-OpenAccess Library   >    Manuscript Information
Privacy-Preserving Database System with Hidden Queries
Miaomiao Zhang
Pages - 43 - 58     |    Revised - 30-09-2022     |    Published - 31-10-2022
Volume - 16   Issue - 4    |    Publication Date - October 2022  Table of Contents
Privacy-preserving, Database, Hidden Queries, Hash, Efficiency.
As the increase of adopting database systems as the key data management technology by organizations for day-to-day operations and decision making, the security and privacy issues of these systems becomes crucial. Achieving privacy-preserving range query efficiently is a difficult challenge in practice. Many privacy-preserving protocols use secure multi-party computation (MPC) as building block, which present elegant privacy and security, but brings too much computation and communication overheads at the same time.

In this paper, we consider the three-party database system model: A client performing privacy-preserving range queries through a Proxy (trusted third party, TTP), to a Server’s database. The User does not learn how the query applied on the database, nor any other quarriable attributes that the database may contain. The Proxy does not learn any information about the Server’s private data, though he interacts with the Server directly. The Server on the other hand, learns nothing about the User’s query.

We propose two practical privacy-preserving query schemes for database system. The basic idea of our schemes is to first convert each data entry into a set of concrete numbers, which is called attribute value numericalization. Then combines in a novel way several efficient cryptographic techniques, such as secure hash function, pseudo-random function, XOR, etc. to check whether the records match a query. The experimental evaluation (using the data sets collected by UCI KDD) of our prototype implementation show that our protocols incur reasonable computation and communicating overhead for added privacy-preserving benefit and perform better than those MPC-based solutions.
Agrawal, R., Evfimievski, A. and Srikant, R. (2003). Information sharing across private databases. International Conference on Management of Data, 132-143.
Beimel, A. and Stahl, Y. (2007). Robust Information Theoretic Private Information Retrieval. J. Cryptol., 20(3):295-321.
Chor, B., Goldreich, O., Kushilevitz, E. and Sudan, M. (1995). Private information retrieval. In FOCS, pages 41-50.
Chor, B., Kushilevitz, E., Goldreich, O. and Sudan, M. (1998). Private information retrieval. Journal of the ACM (JACM), 45:965 - 981.
Du, W. (2001). A Study of Several Specific Secure Two-Party Computation Problems. PhD thesis, Purdue University, West Lafayette, Indiana.
Gertner, Y., Goldwasser, S., and Malkin, T. (1998). A random server model for private information retrieval or how to achieve information theoretic PIR avoiding database replication. In Randomization and Approximation Techniques in Computer Science.
Hayata, J. & Schuldt, J. & Hanaoka, G. & Matsuura, K. (2020). On Private Information Retrieval Supporting Range Queries. Computer Security - ESORICS 2020, 25th European Symposium on Research in Computer Security, Proceedings, Part II, pages 674-694.
Hayata, J., Schuldt, J.C.N., Hanaoka, G., Matsuura, K. (2020). On Private Information Retrieval Supporting Range Queries. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security - ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12309. Springer.
Huberman, B. A., Franklin, M. and Hogg, T. (1999). Enhancing privacy and trust in electronic communities. In ACM Conference on Electronic Commerce, pages 78-86.
Kushilevitz, E. and Ostrovsky, R. (1997). Replication is NOT needed: SINGLE database, computationally- private information retrieval. In IEEE 38th Annual Symposium on Foundations of Computer Science, pages 364-373.
Liang, G. and Chawathe, S. S. (2004). Privacy-preserving inter-database operations. In Intelligence and Security Informatics, volume 3073, pages 66-82. Springer Berlin/Heidelberg.
Neuman, B. C. and Tso, T. (1994). Kerberos: an authentication service for computer networks. Communications Magazine, IEEE, 32:33-38.
Reiter, M. K., Franklin, M. K., Lacy, J. B. and Wright, R. N. (1996). The omega key management service. In ACM Conference on Computer and Communications Security, pages 38-47.
Tillem, G., Candan, O.M., Sava ̧s, E., Kaya, K. (2016). Hiding access patterns in range queries using private information retrieval and ORAM. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 253-270. Springer, Heidelberg.
Wang, F., Yun, C., Goldwasser, S., Vaikuntanathan, V., Zaharia, M. (2017). Splinter: practical private queries on public data. In: NSDI, pp. 299-313
Wong, C. K., Gouda, M. and Lam, S. S. (2000). Secure group communications using key graphs. IEEE/ACM Transactions on Networking, 8:16-30.
Yao, A. C. (1986). How to generate and exchange secrets. In Symposium on Foundations of Computer Science, pages 162-167.
Mr. Miaomiao Zhang
Computer Science Department, Manhattan College, Riverdale NY, 10583 - United States of America

View all special issues >>