TY - GEN
T1 - ϵpsolute
T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021
AU - Bogatov, Dmytro
AU - Kellaris, Georgios
AU - Kollios, George
AU - Nissim, Kobbi
AU - O'Neill, Adam
N1 - Funding Information:
We thank anonymous reviewers and Arkady Yerukhimovich for valuable feedback. We also thank Daria Bogatova for devising the name Epsolute and helping with the plots, diagrams and writing. Finally, we thank Johes Bater for sharing Shrinkwrap code and reviewing the prototype. Kobbi Nissim was supported by NSF Grant No. 2001041, “Rethinking Access Pattern Privacy: From Theory to Practice”. Dmytro Bogatov and George Kollios were supported by NSF CNS-2001075 Award.
Publisher Copyright:
© 2021 ACM.
PY - 2021/11/12
Y1 - 2021/11/12
N2 - As organizations struggle with processing vast amounts of information, outsourcing sensitive data to third parties becomes a necessity. To protect the data, various cryptographic techniques are used in outsourced database systems to ensure data privacy, while allowing efficient querying. A rich collection of attacks on such systems has emerged. Even with strong cryptography, just communication volume or access pattern is enough for an adversary to succeed. In this work we present a model for differentially private outsourced database system and a concrete construction, ϵpsolute, that provably conceals the aforementioned leakages, while remaining efficient and scalable. In our solution, differential privacy is preserved at the record level even against an untrusted server that controls data and queries. ϵpsolute combines Oblivious RAM and differentially private sanitizers to create a generic and efficient construction. We go further and present a set of improvements to bring the solution to efficiency and practicality necessary for real-world adoption. We describe the way to parallelize the operations, minimize the amount of noise, and reduce the number of network requests, while preserving the privacy guarantees. We have run an extensive set of experiments, dozens of servers processing up to 10 million records, and compiled a detailed result analysis proving the efficiency and scalability of our solution. While providing strong security and privacy guarantees we are less than an order of magnitude slower than range query execution of a non-secure plain-text optimized RDBMS like MySQL and PostgreSQL.
AB - As organizations struggle with processing vast amounts of information, outsourcing sensitive data to third parties becomes a necessity. To protect the data, various cryptographic techniques are used in outsourced database systems to ensure data privacy, while allowing efficient querying. A rich collection of attacks on such systems has emerged. Even with strong cryptography, just communication volume or access pattern is enough for an adversary to succeed. In this work we present a model for differentially private outsourced database system and a concrete construction, ϵpsolute, that provably conceals the aforementioned leakages, while remaining efficient and scalable. In our solution, differential privacy is preserved at the record level even against an untrusted server that controls data and queries. ϵpsolute combines Oblivious RAM and differentially private sanitizers to create a generic and efficient construction. We go further and present a set of improvements to bring the solution to efficiency and practicality necessary for real-world adoption. We describe the way to parallelize the operations, minimize the amount of noise, and reduce the number of network requests, while preserving the privacy guarantees. We have run an extensive set of experiments, dozens of servers processing up to 10 million records, and compiled a detailed result analysis proving the efficiency and scalability of our solution. While providing strong security and privacy guarantees we are less than an order of magnitude slower than range query execution of a non-secure plain-text optimized RDBMS like MySQL and PostgreSQL.
KW - differential obliviousness
KW - differential privacy
KW - oram
KW - sanitizers
UR - http://www.scopus.com/inward/record.url?scp=85119320343&partnerID=8YFLogxK
U2 - 10.1145/3460120.3484786
DO - 10.1145/3460120.3484786
M3 - Conference contribution
AN - SCOPUS:85119320343
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 2262
EP - 2276
BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 15 November 2021 through 19 November 2021
ER -