Skip to main content
SpringerLink
Log in

Secure multidimensional range queries over outsourced data

  • Regular Paper
  • Published:
The VLDB Journal Aims and scope Submit manuscript

Abstract

In this paper, we study the problem of supporting multidimensional range queries on encrypted data. The problem is motivated by secure data outsourcing applications where a client may store his/her data on a remote server in encrypted form and want to execute queries using server’s computational capabilities. The solution approach is to compute a secure indexing tag of the data by applying bucketization (a generic form of data partitioning) which prevents the server from learning exact values but still allows it to check if a record satisfies the query predicate. Queries are evaluated in an approximate manner where the returned set of records may contain some false positives. These records then need to be weeded out by the client which comprises the computational overhead of our scheme. We develop a bucketization procedure for answering multidimensional range queries on multidimensional data. For a given bucketization scheme, we derive cost and disclosure-risk metrics that estimate client’s computational overhead and disclosure risk respectively. Given a multidimensional dataset, its bucketization is posed as an optimization problem where the goal is to minimize the risk of disclosure while keeping query cost (client’s computational overhead) below a certain user-specified threshold value. We provide a tunable data bucketization algorithm that allows the data owner to control the trade-off between disclosure risk and cost. We also study the trade-off characteristics through an extensive set of experiments on real and synthetic data.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. AES: Advanced Encryption Standard. FIPS 197, Computer Security Resource Center, National Institute of Standards and Technology (2001). http://en.wikipedia.org/wiki/Advanced_EncryptionStandard

  2. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: a distributed architecture for secure database services. In: CIDR (2005)

  3. Agrawal, R., Asonov, D., Kantarcioglu, M., Li, Y.: Sovereign joins. In: ICDE (2006)

  4. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order-preserving encryption for numeric data. In: SIGMOD (2004)

  5. Bayardo, R.J., Agrawal, R.: Data privacy through optimal K-anonymization. In: ICDE (2005)

  6. Boldyreva, A., Chenette, N., Lee, Y., O’Neill, A.: Order-preserving symmetric encryption. In: EUROCRYPT (2009)

  7. Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: EUROCRYPT (2004)

  8. Boneh, D., Crescenzo, G., Ostrovsky, R., Persiano, G.: Public-key encryption with keyword search. In: EUROCRYPT (2004)

  9. Boneh, D., Waters, B.: Conjunctive, subset, and range queries on encrypted data. In: TCC (2007)

  10. Bouganim, L., Pucheral, P.: Chip-secured data access: confidential data on untrusted servers. In: VLDB (2002)

  11. Brucker, P.: On the complexity of clustering problems. In: Optimizations and Operations Research. Springer (1978)

  12. Capitani di Vimercati, S., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Efficient and private access to outsourced data. In: ICDCS (2011)

  13. Casella, G., Berger, R.L.: Statistical inference. Duxbury Advanced Series (2001)

  14. Chang, Y., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: ACNS (2005)

  15. Cover T.M., Thomas J.A.: Elements of Information Theory. Wiley, New york (1991)

    Book  MATH  Google Scholar 

  16. Damiani, E., Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: CCS (2003)

  17. Eavis, T., Lopez, A.: Rk-hist: an r-tree based histogram for multi-dimensional selectivity estimation. In: CIKM (2007)

  18. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009)

  19. Gentry, C.: Computing arbitrary functions of encrypted data. CACM 53(3) (2010)

  20. Goh, E.: Secure Indexes. Unpubished manuscript (2003)

  21. Goldberg D.E.: Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley, Reading (1988)

    Google Scholar 

  22. Goldreich O.: The Foundations of Cryptography, vol. 1. Cambridge University Press, Cambridge (2001)

    Book  Google Scholar 

  23. Hacıgümüş, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in database service provider model. In: SIGMOD (2002)

  24. Hacıgümüş, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: ICDE (2002)

  25. Hacıgümüş, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: DASFAA (2004)

  26. Hilbert, D.: Ueber die stetige abbildung einer line auf ein flchenstck. In: Mathematische Annalen (1891)

  27. Hore, B., Jammalamadaka, R.C., Mehrotra, S.: Flexible anonymization for privacy preserving data publishing: a systematic search based approach. In: Siam Conference on Data Mining (2007)

  28. Hore, B., Mehrotra, S., Canim, M., Kantarcioglu, M.: Secure Multidimensional Range Queries Over Outsourced Data (extended version). ICS technical report, UCI, http://www.ics.uci.edu/~bhore/papers/range-queries-in-das(journal-extended).pdf

  29. Hore, B., Mehrotra, S., Tsudik, G.: A privacy-preserving index for range queries. In: VLDB (2004)

  30. Jones, D.R., Beltramo, M.A.: Solving partitioning problems with genetic algorithms. In: Proceedings of the 4th International Conference of Genetic Algorithms (1991)

  31. Khanna, S., Muthukrishnan, S., Paterson, M.: On approximating rectangle tiling and packing. In: SODA (1998)

  32. Khanna, S., Muthukrishnan, S., Skiena, S.: Efficient array partitioning. In: ICALP (1997)

  33. LeFevre, K., DeWitt, D., Ramakrishnan, R.: Mondrian multidimensional K-Anonymity. In: ICDE (2006)

  34. Li, J., Omiecinski, E.: Efficiency and security trade-off in supporting range queries on encrypted databases. In: DBSec (2005)

  35. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-Diversity: privacy beyond K-Anonymity. In: ICDE (2006)

  36. Muthukrishnan, S., Poosala, V., Suel, T.: On rectangular partitionings in two dimensions: algorithms, complexity and applications. In: ICDT (1997)

  37. Muthukrishnan S., Suel T.: Approximation algorithms for array partitioning problems. J. Algorithms 54, 85–104 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  38. Pinkas, B., Reinman, T.: Oblivious RAM revisited. In: CRYPTO (2010)

  39. Poosala, V., Ioannidis, Y.: Selectivity estimation without attribute value independence assumption. In: VLDB (1997)

  40. Poosala, V., Ioannidis, Y., Haas, P.J., Shekita, E.J.: Improved histograms for selectivity estimation of range predicates. In: SIGMOD (1996)

  41. Samarati, P.: Protecting respondents’ identities in microdata Release. IEEE TKDE 13(6) (2001)

  42. Samet H.: Foundations of Multidimensional and Metric Data Structures. Morgan Kaufmann, San Francisco (2005)

    Google Scholar 

  43. Shi, E., Bethencourt, J., Chan, H.T.-H., Song, D.X., Perrig, A.: Multi-dimensional range query over encrypted data. In: IEEE S&P (2007)

  44. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P (2000)

  45. Sweeney, L.: Achieving K-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzz Knowl Base Syst (2002)

  46. UCI Machine Learning Repository. http://kdd.ics.uci.edu

  47. Willenborg L., De Waal T.: Statistical Disclosure Control in Practice. Springer, New York (1996)

    Book  MATH  Google Scholar 

  48. Williams, P., Sion, R.: Usable PIR. In: NDSS (2008)

  49. Williams, P., Sion, R., Carbunar, B.: Building castles out of mud: practical access pattern privacy and correctness on untrusted storage. In: CCS (2008)

  50. Witten I.H., Frank E.: Data Mining: Practical Machine Learning Tools and Techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)

    MATH  Google Scholar 

  51. Wong, W.K., Cheung, D.W., Kao, B., Mamoulis, N.: Secure kNN computation on encrypted databases. In: SIGMOD (2009)

  52. Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography based scheme. In: ICNP (2002)

  53. Yiu M.L., Ghinita G., Jensen C.S., Kalnis P.: Enabling search services on outsourced private spatial data. VLDB J. 19(3), 363–384 (2010)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Donald Bren School of Computer Science, University of California, Irvine, CA, USA

    Bijit Hore & Sharad Mehrotra

  2. IBM T. J. Watson, New York, NY, USA

    Mustafa Canim

  3. University of Texas at Dallas, Richardson, TX, USA

    Murat Kantarcioglu

Authors
  1. Bijit Hore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sharad Mehrotra
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mustafa Canim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Murat Kantarcioglu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bijit Hore.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hore, B., Mehrotra, S., Canim, M. et al. Secure multidimensional range queries over outsourced data. The VLDB Journal 21, 333–358 (2012). https://doi.org/10.1007/s00778-011-0245-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00778-011-0245-7

Keywords

Search

Navigation