Algorithms For Data And Computation Privacy PDF
Preview Algorithms For Data And Computation Privacy
Alex X. Liu Rui Li Algorithms for Data and Computation Privacy Algorithms for Data and Computation Privacy Alex X. Liu • Rui Li Algorithms for Data and Computation Privacy AlexX.Liu RuiLi ChiefScientist SchoolofCyberspaceSecurity AntGroup DongguanUniversityofTechnology Hangzhou,Zhejiang,China Dongguan,Guangdong,China ISBN978-3-030-58895-3 ISBN978-3-030-58896-0 (eBook) https://doi.org/10.1007/978-3-030-58896-0 ©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicensetoSpringerNatureSwitzerland AG2021 Thisworkissubjecttocopyright.AllrightsaresolelyandexclusivelylicensedbythePublisher,whether thewholeorpartofthematerialisconcerned,specificallytherightsoftranslation,reprinting,reuse ofillustrations,recitation,broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,and transmissionorinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilar ordissimilarmethodologynowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthors,andtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional claimsinpublishedmapsandinstitutionalaffiliations. ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Dedicatedwithloveandrespect tomyparents YuhaiLiu(Godresthissoul)andShuxiang Wang, tomywife ChenyangLi, tomytwinsons MaxBoyangandLouisBoyang, towhomIowe allthatIamandallthatIhave accomplished. –AlexX.Liu TomydearestwifeJianZhou,mysonZixuan Li,andmyparentsJixiangLiandYuqiongLi. Thanksforyoursupportandunderstanding. –RuiLi Contents PartI PrivacyPreservingQueries 1 RangeQueriesoverEncryptedData..................................... 3 1.1 Introduction........................................................... 3 1.1.1 BackgroundandMotivation................................ 3 1.1.2 ThreatModel................................................ 5 1.1.3 SecurityModel.............................................. 5 1.1.4 SummaryandLimitationofPriorArt ..................... 6 1.1.5 ProposedApproach......................................... 7 1.1.6 TechnicalChallengesandSolutions....................... 7 1.1.7 KeyContributions .......................................... 8 1.2 RelatedWork......................................................... 8 1.3 PBtreeConstruction.................................................. 8 1.3.1 PrefixEncoding............................................. 9 1.3.2 TreeConstruction........................................... 9 1.3.3 NodeRandomizationUsingBloomFilters................ 12 1.3.4 TrapdoorComputation ..................................... 13 1.3.5 QueryProcessing........................................... 14 1.3.6 FalsePositiveAnalysis..................................... 14 1.4 PBtreeSearchOptimization ......................................... 15 1.4.1 TraversalWidthOptimization.............................. 16 1.4.2 TraversalDepthOptimization.............................. 19 1.5 PBtreeUpdate........................................................ 21 1.5.1 PBtreeInsertionAlgorithm ................................ 21 1.5.2 PBtreeModificationAlgorithm............................ 22 1.5.3 PBtreeDeletionAlgorithm................................. 23 1.6 SecurityAnalysis..................................................... 24 1.6.1 SecurityModel.............................................. 24 1.6.2 SecurityProof............................................... 25 1.7 ExperimentalEvaluation............................................. 27 1.7.1 ExperimentalMethodology................................ 27 vii viii Contents 1.7.2 EvaluationofPBtreeConstruction ........................ 29 1.7.3 QueryEvaluationPerformance ............................ 30 1.7.4 ExperimentalResultsonUpdating ........................ 32 1.8 Conclusions........................................................... 34 References.................................................................... 34 2 FastandScalableRangeandKeywordQueryProcessingOver EncryptedDatawithProvableAdaptiveSecurity...................... 37 2.1 Introduction........................................................... 37 2.1.1 MotivationandProblemStatement........................ 37 2.1.2 ThreatModel................................................ 38 2.1.3 SecurityModel.............................................. 38 2.1.4 LimitationofPriorArt ..................................... 39 2.1.5 ProposedApproach......................................... 40 2.1.6 NoveltyandAdvantagesOverPriorArt................... 41 2.2 RelatedWork......................................................... 41 2.3 BasicIBtreeAlgorithms ............................................. 42 2.3.1 IndexElementEncoding................................... 42 2.3.2 IBFConstruction ........................................... 43 2.3.3 IBtreeConstruction......................................... 44 2.3.4 TrapdoorComputation ..................................... 45 2.3.5 QueryProcessing........................................... 47 2.4 OptimizedIBtreeAlgorithms........................................ 48 2.4.1 IBtreeTraversalWidthMinimization...................... 48 2.4.2 IBtreeTraversalDepthMinimization...................... 51 2.4.3 IBtreeCompression ........................................ 53 2.5 SecurityAnalysis..................................................... 56 2.6 ExperimentalEvaluation............................................. 58 2.6.1 ExperimentalMethodology................................ 58 2.6.2 IndexSize................................................... 60 2.6.3 IndexConstructionTime................................... 61 2.6.4 QueryProcessingTime..................................... 62 2.6.5 ComparedwithPBtreeandKRB .......................... 63 2.7 Conclusions........................................................... 65 References.................................................................... 65 3 NearestNeighborQueriesoverEncryptedData........................ 69 3.1 Introduction........................................................... 69 3.2 InsecurityofASPE................................................... 70 3.2.1 ASPEIandII............................................... 71 3.2.2 AttackMethod.............................................. 71 3.2.3 ExperimentalResults....................................... 73 3.3 HardnessAnalysis.................................................... 75 3.4 Conclusions........................................................... 76 References.................................................................... 77 Contents ix 4 K-NearestNeighborQueriesOverEncryptedData.................... 79 4.1 Introduction........................................................... 79 4.1.1 Motivations ................................................. 79 4.1.2 ProblemFormulation....................................... 80 4.1.3 ServiceModelandDesignGoals.......................... 80 4.1.4 ComparisonwithPriorArts................................ 82 4.1.5 TechnicalChallengesandProposedSolutions............ 83 4.1.6 SecEQPSchemeOverview ................................ 84 4.1.7 MainContributions......................................... 84 4.2 SpaceEncoding ...................................................... 85 4.2.1 ProjectionFunctionIntroduction .......................... 85 4.2.2 SpaceEncodingviaaSinglePrimitiveProjection Function..................................................... 86 4.2.3 ProjectionFunctionCompositionIntroduction ........... 87 4.2.4 SpaceEncodingviaProjectionFunctionComposition... 88 4.3 kNNProtocolforPlaintextDomain................................. 90 4.3.1 kNNProtocolDesign....................................... 90 4.3.2 AnalysisofkNNProtocolParameters..................... 92 4.4 TransformingkNNtoSecurekNN.................................. 95 4.4.1 Prefix-FreeEncoding....................................... 95 4.4.2 OperationTransformation.................................. 96 4.4.3 IndistinguishableBloomFilterTreeBasedSecureIndex 96 4.4.4 SkNNProtocol(SecEQP)Design ......................... 98 4.4.5 SecurityAnalysis........................................... 99 4.5 PerformanceEvaluation.............................................. 101 4.5.1 ParametersSettings......................................... 101 4.5.2 Datasets,Metrics,andImplementation.................... 101 4.5.3 ExperimentResults......................................... 102 4.5.4 ImproveResultAccuracy .................................. 104 4.6 RelatedWork......................................................... 107 4.7 Conclusions........................................................... 107 References.................................................................... 107 5 Top-kQueriesforTwo-TieredSensorNetworks........................ 109 5.1 Introduction........................................................... 109 5.1.1 Motivation .................................................. 109 5.1.2 ProblemStatement ......................................... 110 5.1.3 AdversaryandSecurityModel............................. 111 5.1.4 LimitationsofPriorArt .................................... 111 5.1.5 TechnicalChallengesandProposedApproach............ 112 5.1.6 KeyContributions .......................................... 113 5.2 RelatedWork......................................................... 113 5.3 SystemModelandAssumptions .................................... 114 5.4 SensorDataPre-Processing:MappingandPartitioning............ 115 5.4.1 ApproximatingUniformDistribution ..................... 115 x Contents 5.4.2 DataPartitioningforIntegrityVerification................ 117 5.4.3 EmbeddingIntervalswithData............................ 118 5.4.4 IndexSelection ............................................. 119 5.5 PrivacyPreservingIndexGeneration................................ 119 5.5.1 PrefixEncodingandBloomFilterIndexing............... 119 5.5.2 RandomizingBloomFilterIndexes........................ 120 5.6 TrapdoorComputationandQueryProcessing...................... 122 5.6.1 Top-ktoTop-RangeQuery................................. 122 5.6.2 TrapdoorComputation ..................................... 124 5.6.3 QueryExecution............................................ 124 5.6.4 IntegrityVerificationforQueryResults................... 125 5.6.5 FalsePositiveRateAnalysis ............................... 125 5.7 SecurityAnalysis..................................................... 126 5.8 PerformanceEvaluation.............................................. 129 5.8.1 ExperimentalSetup......................................... 129 5.8.2 SummaryforExperimentalResults........................ 130 5.8.3 ComparisonwithPriorArt................................. 131 5.9 Conclusions........................................................... 133 References.................................................................... 133 PartII PrivacyPreservingComputation 6 Collaborative Enforcement of Firewall Policies in Virtual PrivateNetworks ........................................................... 139 6.1 Introduction........................................................... 139 6.1.1 BackgroundandMotivation................................ 139 6.1.2 TechnicalChallenges....................................... 140 6.1.3 LimitationsofPriorArt .................................... 141 6.1.4 OurSolution ................................................ 141 6.1.5 KeyContributions .......................................... 142 6.2 ThreatModel ......................................................... 142 6.3 Background........................................................... 142 6.4 ObliviousComparison ............................................... 143 6.5 BootstrappingProtocol............................................... 146 6.5.1 FDDConstruction.......................................... 146 6.5.2 RangeConversion .......................................... 148 6.5.3 PrefixNumericalization.................................... 148 6.5.4 ApplyingXORbyMSU ................................... 149 6.5.5 ApplyingXORandHMACbyIBM....................... 149 6.6 FilteringProtocol..................................................... 150 6.6.1 AddressTranslation ........................................ 151 6.6.2 PrefixMembershipVerification............................ 151 6.6.3 PacketPreprocessingbyIBM.............................. 152 6.6.4 PacketPreprocessingbyTheThirdParty ................. 153 6.6.5 PacketProcessingbyMSU ................................ 153 Contents xi 6.7 VGuardforDeepPacketInspection................................. 154 6.7.1 TheBootstrappingProtocol................................ 154 6.7.2 TheFilteringProtocol...................................... 155 6.8 Discussion ............................................................ 157 6.8.1 FirewallUpdates............................................ 157 6.8.2 DecisionCaching........................................... 157 6.8.3 DecisionObfuscationvs.DecisionEncryption ........... 158 6.8.4 SpecialTreatmentofIPAddresses ........................ 158 6.8.5 SecuringKeysofMSU..................................... 159 6.8.6 StatefulFirewalls........................................... 160 6.8.7 StatisticalAnalysisAttackandCountermeasures......... 161 6.8.8 HashCollision.............................................. 161 6.9 RelatedWork......................................................... 162 6.9.1 SecureFunctionEvaluation................................ 162 6.9.2 CDCFFramework.......................................... 163 6.9.3 SecureQueries.............................................. 164 6.10 ExperimentalResults................................................. 165 6.10.1 EfficiencyonReal-LifeFirewallPolicies ................. 165 6.10.2 EfficiencyonSyntheticFirewallPolicies ................. 167 6.11 ConcludingRemarks................................................. 169 References.................................................................... 169 7 PrivacyPreservingQuantificationofCross-DomainNetwork Reachability................................................................. 171 7.1 Introduction........................................................... 171 7.1.1 BackgroundandMotivation................................ 171 7.1.2 LimitationofPriorArt ..................................... 172 7.1.3 Cross-DomainQuantificationofReachability ............ 173 7.1.4 TechnicalChallenges....................................... 174 7.1.5 OurApproach............................................... 175 7.1.6 SummaryofExperimentalResults ........................ 176 7.1.7 KeyContributions .......................................... 176 7.2 RelatedWork......................................................... 176 7.2.1 NetworkReachability ...................................... 176 7.2.2 PrivacyPreservingSetOperation.......................... 178 7.2.3 Privacy Preserving Collaborative Firewall EnforcementinVPN ....................................... 178 7.3 ProblemStatementandThreatModel............................... 179 7.3.1 AccessControlLists(ACLs)............................... 179 7.3.2 ProblemStatement ......................................... 179 7.3.3 ThreatModel................................................ 180 7.4 Privacy-PreservingQuantificationofNetworkReachability....... 181 7.4.1 Privacy-PreservingRangeIntersection.................... 181 7.4.2 ACLPreprocessing......................................... 183 7.4.3 ACLEncodingandEncryption ............................ 185
The list of books you might like
