多媒體網路安全實驗室 practical searching over encrypted data by private information...
TRANSCRIPT
多媒體網路安全實驗室
Practical Searching Over Encrypted Data By Private
Information Retrieval
Practical Searching Over Encrypted Data By Private
Information Retrieval
Date : 2011.05.19Reporter: Chien-Wen Huang
出處 :GLOBECOM 2010, 2010 IEEE Global Telecommunications Conference
多媒體網路安全實驗室
Outline
INTRODUCTION1
PREPARATION2
PRIVATE INFORMATION RETRIEVAL33
OUR PROPOSAL AND PERFORMANCE ANALYSIS44
COMPARISON35
CONCLUSION46
2
多媒體網路安全實驗室
1.INTRODUCTIONthere are Sender and User (Receiver) who
want to communicate mainly via the “honest-but-curious” database. Sender: only permitted to send a couple of
keywords, but not the whole data which is commonly a relatively large file(videos or photos)
User: could efficiently search and retrieve the information those Sender submitted
3
多媒體網路安全實驗室
2.PREPARATIONBoneh et al.proposed the scheme:
PIR technique aims to retrieve the target data
Several techniques have been employed Bloom filter: used only as the intermediate storage
of the information on addresses of data color survival game modified encrypted data
4
多媒體網路安全實驗室
5
多媒體網路安全實驗室
Bloom Filters
It’s used to verify that some data is not in the database (mismatch) List of bad credit card numbers Useful when the data consumes a very small
portion of search space
A bloom filter is a bit stringn hash functions that map the data into n
bits in the bloom filter
6
多媒體網路安全實驗室
Simple Example
Use a bloom filter of 16 bits h1(key) = key mod 16 h2(key) = key mod 14 + 2
Insert numbers 27, 18, 29 and 28
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 1 1 1 1 1 1
• Check for 22: H1(22) = 6, h2(22) = 10 (not in filter)
• Check for 51: H1(51) = 3, h2(51) = 11 (false positive)
7
多媒體網路安全實驗室
3.PRIVATE INFORMATION RETRIEVAL
A. IPIR Then he sends to DB a query of whole dataset,so
that DB replies all of dataset.
B. Block PIR uses multiple databases Like Chor et.al.(by 1995) BlockPIR scheme is secure, if DBs do not collude
together.
8
多媒體網路安全實驗室
C. Computational PIR Based on Paillier cryptosystem the computation cost instead of communication cost
here is the bottleneck of the operation time
The homomorphic encryption is assumed as follows:1)Compute
2)Select random
3)
4)
)()()( 2121 MMEMEME pkpkpk
),q-lcm(p-pqn 11 and ** andZ 2 nnZrg
2modnrgc nm
9
多媒體網路安全實驗室 4.OUR PROPOSAL AND PERFORMANCE
ANALYSISA. Proposed SchemeDB: has a size of N bits and can store n
messages in maximum.Buffer: has a size of M bits(we assume M is a
square)R(receiver): has the key pair and a length of
cipher text is kS(sender): uses the keyword of w words(k,m)-Bloom Filter: has k hash functions and
outputs value with a length of m bits.10
多媒體網路安全實驗室
11
多媒體網路安全實驗室
Assume there are two buffers, Buffer1 and Buffer21. S associates keyword W to the message M and
send E(M) to DB.
2. DB stores E(M) in main database, returns the corresponding address ρ.
3. S inputs W to Bloom filter to get the k outputs as addresses of Buffer(1,2)
4. S then encrypts the r copies of ρ as and writes them into r addresses of Buffer1 and Buffer2
5. S modifies the encrypted data12
多媒體網路安全實驗室
R intends to search the keyword W associated with the message from DB.1) Input W to Bloom filter and get the k addresses
H(W) of Buffer.
2) Execute BlockPIR to the addresses k times, and get k outputs of .
a) R generates random vector
b) Repeat k times to recover
3) R decrypts and gets
4) R executes CPIR to the ρ of DB and gets the M associated with W.
iandm ' }1,0{
13
多媒體網路安全實驗室
B. Performance of Previous Scheme the time required for CPIR is shown as follows:
C. Implementation with IPIR - For Comparison the time required for IPIR is shown as follows:
14
多媒體網路安全實驗室
D.Performance of Our Proposal
it is obvious to see that by using BlockPIR the computation cost is reduced a lot.
the communication cost is also acceptable considering the current networking technology.
15
多媒體網路安全實驗室
5. COMPARISON
16
多媒體網路安全實驗室
6.CONCLUSION
We have proposed a practical keyword search scheme which performs better than the previous work which is only theoretically interesting but less of practice
A simple but effective modification to overcome this problem, which greatly enhances the performance and furthermore enables the privacy-preserving outsourcing techniques
17
多媒體網路安全實驗室