Efficient Search and Computation on Encrypted Data with Access Control Open Access

Solomon, Michael Glenn (2016)

Permanent URL: https://etd.library.emory.edu/concern/etds/rj4305185?locale=en
Published

Abstract

Outsourcing data and processing to cloud environments often raises security and privacy concerns, which can be addressed through the use of encryption. But current approaches either provide all-or-nothing encryption, or rely on an omniscient third party to handle granular key management and make access control decisions to provide fine-grained access control, and introduce obstacles to searching over ciphertext. We explore the problem of efficiently searching encrypted data and simultaneously providing embedded fine-grained access control, first in a general setting, and then extended to location-based data. We first propose a new framework for generic database data that enforces access control for queries from different classifications of users, while still providing the capability to search over encrypted data. We then extend our research focus to location-based applications by implementing and assessing several existing location privacy solutions to produce concrete recommendations of the best technique for implementors to choose for specific use cases. And finally, we combine the first and second parts of our work to propose another new framework for mutually private proximity detection (MPPD) to efficiently support searching over encrypted data and enforcing fine-grained access control and privacy for data owners (DO) and users for location-based applications. The culmination of our work provides researchers and application developers with a viable framework that provides MPPD in a categorical setting, and is based on current architectures and technologies.

Table of Contents

1 Introduction

1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 Confidentiality in Categorical Settings . . . . . . . . . . . . . . 4 1.1.2 Location Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.1.3 Location Privacy in Categorical Settings . . . . . . . . . . . . . 7 1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.1 Cloud Database Confidentiality with Fine-grained Access Control (Chapter 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.2.2 Mutually Private Proximity Detection (Chapter 4) . . . . . . . 9 1.2.3 Mutually Private Proximity Detection in Categorical Settings (Chapter 5) . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2 Related Work 13 2.1 Encryption Key Management . . . . . . . . . . . . . . . . . . . . . . . 13 2.1.1 Sharing Encryption Keys . . . . . . . . . . . . . . . . . . . . . . 13 2.1.2 Deriving Encryption Keys . . . . . . . . . . . . . . . . . . . . . 14 2.2 Searchable Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.3 Location Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.3.1 Location Perturbation and Transformation . . . . . . . . . . 17 2.3.2 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3.3 Private Information Retrieval . . . . . . . . . . . . . . . . . . . 18 2.3.4 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3 Cloud Database Confidentiality with Fine-grained Access Control 21 3.1 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.1.1 Running Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.1.2 Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.2 ZeroVis Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 3.2.1 Framework Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 28 3.2.2 Data Insertion and Encryption . . . . . . . . . . . . . . . . . . . 29 3.2.3 Data Retrieval and Decryption . . . . . . . . . . . . . . . . . . . 29 3.3 ZeroViz Client Walk-through . . . . . . . . . . . . . . . . . . . . . . . . 32 3.3.1 Attribute Authority Registration . . . . . . . . . . . . . . . . . . 32 3.3.2 INSERT data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.3.3 SELECT data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.3.4 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.4 Performance Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4 Mutually Private Proxmity Detection Evaluation 41 4.1 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.1.1 System Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.1.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.1.3 Security and Privacy Goals . . . . . . . . . . . . . . . . . . . . . . 44 4.2 Method Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 4.2.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 4.2.2 SBF (Technique - Bloom Filter) . . . . . . . . . . . . . . . . . . . 47 4.2.3 SkNN (Technique - Homomorphic Encryption) . . . . . . . . 50 4.2.4 HCT: (Technique - Hilbert Curve) . . . . . . . . . . . . . . . . . 53 4.2.5 Other Methods - Not Implemented . . . . . . . . . . . . . . . . 56 4.3 Privacy Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 4.4 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 4.4.1 SkNN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 4.4.2 HCT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 4.4.3 SBF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 4.4.4 Input variable impact on performance . . . . . . . . . . . . . 62 4.4.5 Performance comparison . . . . . . . . . . . . . . . . . . . . . . 66 4.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5 Mutually Private Proxmity Detection in Categorical Settings 68 5.1 Problem Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 5.1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.2 Problem Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.3 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 5.3.1 Framework Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 5.3.2 Privacy Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 5.3.3 Ciphertext Policy Attribute Based Encryption . . . . . . . . . 74 5.3.4 Hidden Vector Encryption . . . . . . . . . . . . . . . . . . . . . . 75 5.4 Protocol Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 5.4.1 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 5.4.2 InitAOIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 5.4.3 InitUserLoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 5.4.4 Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.5 Security and Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 5.6 Experiments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 5.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 6 Conclusions and Future Work 97 6.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 6.1.1 Confidentiality in Categorical Settings Contributions . . . 97 6.1.2 Location Privacy Contributions . . . . . . . . . . . . . . . . . . 99 6.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 6.3 ZeroVis Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 6.4 PrivProxABE Framework . . . . . . . . . . . . . . . . . . . . . . . . . 101 Bibliography 103

About this Dissertation

Rights statement
  • Permission granted by the author to include this thesis or dissertation in this repository. All rights reserved by the author. Please contact the author for information regarding the reproduction and use of this thesis or dissertation.
School
Department
Degree
Submission
Language
  • English
Research field
Keyword
Committee Chair / Thesis Advisor
Committee Members
Last modified

Primary PDF

Supplemental Files