Enhancing Access Privacy of Range Retrievals over B+Trees
Users of databases that are hosted on shared servers cannot take for granted that their queries will not be disclosed to unauthorized parties. Even if the database is encrypted, an adversary who is monitoring the I/O activity on the server may still be able to infer some information about a user que...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2012
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/1512 https://ink.library.smu.edu.sg/context/sis_research/article/2511/viewcontent/TKDE12_PBtree.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-2511 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-25112020-03-30T04:48:21Z Enhancing Access Privacy of Range Retrievals over B+Trees PANG, Hwee Hwa ZHANG, Jilian MOURATIDIS, Kyriakos Users of databases that are hosted on shared servers cannot take for granted that their queries will not be disclosed to unauthorized parties. Even if the database is encrypted, an adversary who is monitoring the I/O activity on the server may still be able to infer some information about a user query. For the particular case of a B+-tree that has its nodes encrypted, we identify properties that enable the ordering among the leaf nodes to be deduced. These properties allow us to construct adversarial algorithms to recover the B+-tree structure from the I/O traces generated by range queries. Combining this structure with knowledge of the key distribution (or the plaintext database itself), the adversary can infer the selection range of user queries. To counter the threat, we propose a privacy-enhancing PB+-tree index which ensures that there is high uncertainty about what data the user has worked on, even to a knowledgeable adversary who has observed numerous query executions. The core idea in PB+-tree is to conceal the order of the leaf nodes in an encrypted B+-tree. In particular, it groups the nodes of the tree into buckets, and employs homomorphic encryption techniques to prevent the adversary from pinpointing the exact nodes retrieved by range queries. PB+-tree can be tuned to balance its privacy strength with the computational and I/O overheads incurred. Moreover, it can be adapted to protect access privacy in cases where the attacker additionally knows a priori the access frequencies of key values. Experiments demonstrate that PB+-tree effectively impairs the adversary's ability to recover the B+-tree structure and deduce the query ranges in all considered scenarios. 2012-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/1512 info:doi/10.1109/TKDE.2012.77 https://ink.library.smu.edu.sg/context/sis_research/article/2511/viewcontent/TKDE12_PBtree.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University B+ tree Access privacy range retrieval Databases and Information Systems Numerical Analysis and Scientific Computing |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
B+ tree Access privacy range retrieval Databases and Information Systems Numerical Analysis and Scientific Computing |
| spellingShingle |
B+ tree Access privacy range retrieval Databases and Information Systems Numerical Analysis and Scientific Computing PANG, Hwee Hwa ZHANG, Jilian MOURATIDIS, Kyriakos Enhancing Access Privacy of Range Retrievals over B+Trees |
| description |
Users of databases that are hosted on shared servers cannot take for granted that their queries will not be disclosed to unauthorized parties. Even if the database is encrypted, an adversary who is monitoring the I/O activity on the server may still be able to infer some information about a user query. For the particular case of a B+-tree that has its nodes encrypted, we identify properties that enable the ordering among the leaf nodes to be deduced. These properties allow us to construct adversarial algorithms to recover the B+-tree structure from the I/O traces generated by range queries. Combining this structure with knowledge of the key distribution (or the plaintext database itself), the adversary can infer the selection range of user queries. To counter the threat, we propose a privacy-enhancing PB+-tree index which ensures that there is high uncertainty about what data the user has worked on, even to a knowledgeable adversary who has observed numerous query executions. The core idea in PB+-tree is to conceal the order of the leaf nodes in an encrypted B+-tree. In particular, it groups the nodes of the tree into buckets, and employs homomorphic encryption techniques to prevent the adversary from pinpointing the exact nodes retrieved by range queries. PB+-tree can be tuned to balance its privacy strength with the computational and I/O overheads incurred. Moreover, it can be adapted to protect access privacy in cases where the attacker additionally knows a priori the access frequencies of key values. Experiments demonstrate that PB+-tree effectively impairs the adversary's ability to recover the B+-tree structure and deduce the query ranges in all considered scenarios. |
| format |
text |
| author |
PANG, Hwee Hwa ZHANG, Jilian MOURATIDIS, Kyriakos |
| author_facet |
PANG, Hwee Hwa ZHANG, Jilian MOURATIDIS, Kyriakos |
| author_sort |
PANG, Hwee Hwa |
| title |
Enhancing Access Privacy of Range Retrievals over B+Trees |
| title_short |
Enhancing Access Privacy of Range Retrievals over B+Trees |
| title_full |
Enhancing Access Privacy of Range Retrievals over B+Trees |
| title_fullStr |
Enhancing Access Privacy of Range Retrievals over B+Trees |
| title_full_unstemmed |
Enhancing Access Privacy of Range Retrievals over B+Trees |
| title_sort |
enhancing access privacy of range retrievals over b+trees |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2012 |
| url |
https://ink.library.smu.edu.sg/sis_research/1512 https://ink.library.smu.edu.sg/context/sis_research/article/2511/viewcontent/TKDE12_PBtree.pdf |
| _version_ |
1770571214278885376 |