多媒體網路安全實驗室 practical searching over encrypted data by private information...

多媒體網路安全實驗室

Practical Searching Over Encrypted Data By Private

Information Retrieval

Practical Searching Over Encrypted Data By Private

Information Retrieval

Date ： 2011.05.19Reporter: Chien-Wen Huang

出處 :GLOBECOM 2010, 2010 IEEE Global Telecommunications Conference

多媒體網路安全實驗室

Outline

INTRODUCTION1

PREPARATION2

PRIVATE INFORMATION RETRIEVAL33

OUR PROPOSAL AND PERFORMANCE ANALYSIS44

COMPARISON35

CONCLUSION46

2

多媒體網路安全實驗室

1.INTRODUCTIONthere are Sender and User (Receiver) who

want to communicate mainly via the “honest-but-curious” database. Sender: only permitted to send a couple of

keywords, but not the whole data which is commonly a relatively large file(videos or photos)

User: could efficiently search and retrieve the information those Sender submitted

3

多媒體網路安全實驗室

2.PREPARATIONBoneh et al.proposed the scheme:

PIR technique aims to retrieve the target data

Several techniques have been employed Bloom filter: used only as the intermediate storage

of the information on addresses of data color survival game modified encrypted data

4

多媒體網路安全實驗室

5

多媒體網路安全實驗室

Bloom Filters

It’s used to verify that some data is not in the database (mismatch) List of bad credit card numbers Useful when the data consumes a very small

portion of search space

A bloom filter is a bit stringn hash functions that map the data into n

bits in the bloom filter

6

多媒體網路安全實驗室

Simple Example

Use a bloom filter of 16 bits h1(key) = key mod 16 h2(key) = key mod 14 + 2

Insert numbers 27, 18, 29 and 28

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

1 1 1 1 1 1 1

• Check for 22: H1(22) = 6, h2(22) = 10 (not in filter)

• Check for 51: H1(51) = 3, h2(51) = 11 (false positive)

7

多媒體網路安全實驗室

3.PRIVATE INFORMATION RETRIEVAL

A. IPIR Then he sends to DB a query of whole dataset,so

that DB replies all of dataset.

B. Block PIR uses multiple databases Like Chor et.al.(by 1995) BlockPIR scheme is secure, if DBs do not collude

together.

8

多媒體網路安全實驗室

C. Computational PIR Based on Paillier cryptosystem the computation cost instead of communication cost

here is the bottleneck of the operation time

The homomorphic encryption is assumed as follows:1)Compute

2)Select random

3)

4)

)()()( 2121 MMEMEME pkpkpk

),q-lcm(p-pqn 11 and ** andZ 2 nnZrg

2modnrgc nm

9

多媒體網路安全實驗室 4.OUR PROPOSAL AND PERFORMANCE

ANALYSISA. Proposed SchemeDB: has a size of N bits and can store n

messages in maximum.Buffer: has a size of M bits(we assume M is a

square)R(receiver): has the key pair and a length of

cipher text is kS(sender): uses the keyword of w words(k,m)-Bloom Filter: has k hash functions and

outputs value with a length of m bits.10

多媒體網路安全實驗室

11

多媒體網路安全實驗室

Assume there are two buffers, Buffer1 and Buffer21. S associates keyword W to the message M and

send E(M) to DB.

2. DB stores E(M) in main database, returns the corresponding address ρ.

3. S inputs W to Bloom filter to get the k outputs as addresses of Buffer(1,2)

4. S then encrypts the r copies of ρ as and writes them into r addresses of Buffer1 and Buffer2

5. S modifies the encrypted data12

多媒體網路安全實驗室

R intends to search the keyword W associated with the message from DB.1) Input W to Bloom filter and get the k addresses

H(W) of Buffer.

2) Execute BlockPIR to the addresses k times, and get k outputs of .

a) R generates random vector

b) Repeat k times to recover

3) R decrypts and gets

4) R executes CPIR to the ρ of DB and gets the M associated with W.

iandm ' }1,0{

13

多媒體網路安全實驗室

B. Performance of Previous Scheme the time required for CPIR is shown as follows:

C. Implementation with IPIR - For Comparison the time required for IPIR is shown as follows:

14

多媒體網路安全實驗室

D.Performance of Our Proposal

it is obvious to see that by using BlockPIR the computation cost is reduced a lot.

the communication cost is also acceptable considering the current networking technology.

15

多媒體網路安全實驗室

5. COMPARISON

16

多媒體網路安全實驗室

6.CONCLUSION

We have proposed a practical keyword search scheme which performs better than the previous work which is only theoretically interesting but less of practice

A simple but effective modification to overcome this problem, which greatly enhances the performance and furthermore enables the privacy-preserving outsourcing techniques

17

多媒體網路安全實驗室