Towards practical private processing of database queries over public data

Shiyuan Wang, Divyakant Agrawal, Amr El Abbadi

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

Privacy is a major concern when users query public online data services. The privacy of millions of people has been jeopardized in numerous user data leakage incidents in many popular online applications. To address the critical problem of personal data leakage through queries, we enable private querying on public data services so that the contents of user queries and any user data are hidden and therefore not revealed to the online service providers. We propose two protocols for private processing of database queries, namely BHE and HHE. The two protocols provide strong query privacy by using Paillier's homomorphic encryption, and support common database queries such as range and join queries by relying on the bucketization of public data. In contrast to traditional Private Information Retrieval proposals, BHE and HHE only incur one round of client server communication for processing a single query. BHE is a basic private query processing protocol that provides complete query privacy but still incurs expensive computation and communication costs. Built upon BHE, HHE is a hybrid protocol that applies ciphertext computation and communication on a subset of the data, such that this subset not only covers the actual requested data but also resembles some frequent query patterns of common users, thus achieving practical query performance while ensuring adequate privacy levels. By using frequent query patterns and data specific privacy protection, HHE is not vulnerable to the traditional attacks on k-Anonymity that exploit data similarity and skewness. Moreover, HHE consistently protects user query privacy for a sequence of queries in a single query session.

Original languageEnglish
Pages (from-to)65-89
Number of pages25
JournalDistributed and Parallel Databases
Volume32
Issue number1
DOIs
Publication statusPublished - 1 Mar 2014
Externally publishedYes

Fingerprint

Network protocols
Processing
Communication
Data privacy
Query processing
Set theory
Information retrieval
Cryptography
Servers
Query
Data base
Costs
Privacy

Keywords

  • Homomorphic encryption
  • Private querying on public data
  • Query privacy

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Hardware and Architecture
  • Information Systems and Management

Cite this

Towards practical private processing of database queries over public data. / Wang, Shiyuan; Agrawal, Divyakant; El Abbadi, Amr.

In: Distributed and Parallel Databases, Vol. 32, No. 1, 01.03.2014, p. 65-89.

Research output: Contribution to journalArticle

Wang, Shiyuan ; Agrawal, Divyakant ; El Abbadi, Amr. / Towards practical private processing of database queries over public data. In: Distributed and Parallel Databases. 2014 ; Vol. 32, No. 1. pp. 65-89.
@article{a075d10b469742c0957e6507754c7315,
title = "Towards practical private processing of database queries over public data",
abstract = "Privacy is a major concern when users query public online data services. The privacy of millions of people has been jeopardized in numerous user data leakage incidents in many popular online applications. To address the critical problem of personal data leakage through queries, we enable private querying on public data services so that the contents of user queries and any user data are hidden and therefore not revealed to the online service providers. We propose two protocols for private processing of database queries, namely BHE and HHE. The two protocols provide strong query privacy by using Paillier's homomorphic encryption, and support common database queries such as range and join queries by relying on the bucketization of public data. In contrast to traditional Private Information Retrieval proposals, BHE and HHE only incur one round of client server communication for processing a single query. BHE is a basic private query processing protocol that provides complete query privacy but still incurs expensive computation and communication costs. Built upon BHE, HHE is a hybrid protocol that applies ciphertext computation and communication on a subset of the data, such that this subset not only covers the actual requested data but also resembles some frequent query patterns of common users, thus achieving practical query performance while ensuring adequate privacy levels. By using frequent query patterns and data specific privacy protection, HHE is not vulnerable to the traditional attacks on k-Anonymity that exploit data similarity and skewness. Moreover, HHE consistently protects user query privacy for a sequence of queries in a single query session.",
keywords = "Homomorphic encryption, Private querying on public data, Query privacy",
author = "Shiyuan Wang and Divyakant Agrawal and {El Abbadi}, Amr",
year = "2014",
month = "3",
day = "1",
doi = "10.1007/s10619-012-7118-y",
language = "English",
volume = "32",
pages = "65--89",
journal = "Distributed and Parallel Databases",
issn = "0926-8782",
publisher = "Springer Netherlands",
number = "1",

}

TY - JOUR

T1 - Towards practical private processing of database queries over public data

AU - Wang, Shiyuan

AU - Agrawal, Divyakant

AU - El Abbadi, Amr

PY - 2014/3/1

Y1 - 2014/3/1

N2 - Privacy is a major concern when users query public online data services. The privacy of millions of people has been jeopardized in numerous user data leakage incidents in many popular online applications. To address the critical problem of personal data leakage through queries, we enable private querying on public data services so that the contents of user queries and any user data are hidden and therefore not revealed to the online service providers. We propose two protocols for private processing of database queries, namely BHE and HHE. The two protocols provide strong query privacy by using Paillier's homomorphic encryption, and support common database queries such as range and join queries by relying on the bucketization of public data. In contrast to traditional Private Information Retrieval proposals, BHE and HHE only incur one round of client server communication for processing a single query. BHE is a basic private query processing protocol that provides complete query privacy but still incurs expensive computation and communication costs. Built upon BHE, HHE is a hybrid protocol that applies ciphertext computation and communication on a subset of the data, such that this subset not only covers the actual requested data but also resembles some frequent query patterns of common users, thus achieving practical query performance while ensuring adequate privacy levels. By using frequent query patterns and data specific privacy protection, HHE is not vulnerable to the traditional attacks on k-Anonymity that exploit data similarity and skewness. Moreover, HHE consistently protects user query privacy for a sequence of queries in a single query session.

AB - Privacy is a major concern when users query public online data services. The privacy of millions of people has been jeopardized in numerous user data leakage incidents in many popular online applications. To address the critical problem of personal data leakage through queries, we enable private querying on public data services so that the contents of user queries and any user data are hidden and therefore not revealed to the online service providers. We propose two protocols for private processing of database queries, namely BHE and HHE. The two protocols provide strong query privacy by using Paillier's homomorphic encryption, and support common database queries such as range and join queries by relying on the bucketization of public data. In contrast to traditional Private Information Retrieval proposals, BHE and HHE only incur one round of client server communication for processing a single query. BHE is a basic private query processing protocol that provides complete query privacy but still incurs expensive computation and communication costs. Built upon BHE, HHE is a hybrid protocol that applies ciphertext computation and communication on a subset of the data, such that this subset not only covers the actual requested data but also resembles some frequent query patterns of common users, thus achieving practical query performance while ensuring adequate privacy levels. By using frequent query patterns and data specific privacy protection, HHE is not vulnerable to the traditional attacks on k-Anonymity that exploit data similarity and skewness. Moreover, HHE consistently protects user query privacy for a sequence of queries in a single query session.

KW - Homomorphic encryption

KW - Private querying on public data

KW - Query privacy

UR - http://www.scopus.com/inward/record.url?scp=84897608009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84897608009&partnerID=8YFLogxK

U2 - 10.1007/s10619-012-7118-y

DO - 10.1007/s10619-012-7118-y

M3 - Article

VL - 32

SP - 65

EP - 89

JO - Distributed and Parallel Databases

JF - Distributed and Parallel Databases

SN - 0926-8782

IS - 1

ER -