Efficient Similarity Search over Encrypted Data

Efﬁcient Similarity Search over
Encrypted Data
Mehmet Kuzu, Mohammad Saiful Islam, and Murat Kantarcioglu
IEEE 28th International Conference on Data Engineering
ICDE 2012
Washington, DC - USA - 2012
KDE Seminar
April 25, 2016
Mateus Cruz

Introduction Preliminaries Proposal Experiments Conclusion
OUTLINE
1 Introduction
2 Preliminaries
3 Proposal
4 Experiments
5 Conclusion

SCENARIO
Outsourcing storage and processing
Privacy concerns
Encrypt data before uploading
Loss of utility
Searchable encryption schemes
Only exact query matching
1 / 27

PROPOSAL
Similarity search over encrypted data
Using locality sensitive hashing (LSH)
Contributions
Secure LSH index
Fault tolerant keyword search
Separation of leaked information
Schemes
Basic single server
Two round multi-server
Paillier index based one round multi-server
2 / 27

DEFINITIONS
D = {D1, D2, . . . , Dn}
Collection of sensitive data items
Fi = {fi1
, . . . , fiz
}
Feature set of item Di
Ci is the encrypted form of Di
I is a secure index
Used to ﬁnd items having a speciﬁc feature
3 / 27

SIMILARITY SEARCHABLE ENC. (1/2)
Keygen(ψ): Outputs a key K (K ∈ {0, 1}ψ
)
Enc(K, Di): Encrypts Di into Ci
Dec(K, Ci): Decrypts Ci into Di
4 / 27

Keygen(ψ): Outputs a key K (K ∈ {0, 1}ψ
)
Enc(K, Di): Encrypts
Probabilistic encryption
Di into Ci
Dec(K, Ci): Decrypts Ci into Di
4 / 27

BuildIndex(K, D)
Extract feature set from D
Outputs the index I
Trapdoor(K, f)
Generates a trapdoor T for a feature f ∈ F
Search(I, T)
Search on I for the trapdoor T
Outputs an encrypted result collection C
5 / 27

BuildIndex(K, D)
Extract feature set from D
Outputs the index I
Trapdoor(K, f)
Generates a trapdoor
Value that allows search over
probabilistic encryption
T for a feature f ∈ F
Search(I, T)
5 / 27

FUZZY SEARCH
dist : F × F → R
Gives the distance between two features
α and β (α < β)
Thresholds for the similarity metric
FuzzySearch(I, T)
With high probability
– Cj ∈ C if ∃fi (dist(fi , f) ≤ α)
– Cj /∈ C if ∀fi (dist(fi , f) ≥ β)
6 / 27

LOCALITY SENSITIVE HASHING
Approximation algorithm
Near neighbor search
High dimensional spaces
Map objects in several buckets
Similar objects share a bucket
(r1, r2, p1, p2)-sensitive family
If dist(x, y) ≤ r1, Pr[h(x) = h(y)] ≥ p1
If dist(x, y) ≥ r2, Pr[h(x) = h(y)] ≤ p2
7 / 27

SECURE INDEX (1/2)
1 Feature extraction
Maps Di to Fi = {fi1
, . . . , fiz }
2 Metric space translation
Translate features to vectors
8 / 27

SECURE INDEX (2/2)
3 Bucket index construction
Map vectors to buckets by applying LSH
A bucket is a bit vector of size
– : total number of data items
λ buckets
– λ: number of used hash functions
4 Bucket index encryption
Encrypt bucket identiﬁers and contents
– [EncKid
(Bj ), EncKpayload
(VBj
)] ∈ I
Add some fake records into the index
– Hide the number of features in the dataset
9 / 27

BASIC SECURE SEARCH SCHEME
1 Key generation
2 Index construction
3 Data encryption
4 Trapdoor construction
5 Search
6 Data decryption
10 / 27

1 Key generation
Creates private keys
3 Data encryption
5 Search
6 Data decryption
10 / 27

1 Key generation
Creates index for
collection D
3 Data encryption
5 Search
6 Data decryption
10 / 27

1 Key generation
3 Data encryption
Encrypts and uploads
data items, and share
keys and hash func-
tions with users
5 Search
6 Data decryption
10 / 27

TRAPDOOR CONSTRUCTION
A user wants items that contain fi
Apply LSH to construct the plain query
g1(fi), . . . , gλ(fi), gi ∈ g
Encrypts each component of the query
Using the key received earlier
Tfi
= (Enc(g1(fi)), . . . , Enc(gλ(fi)))
Sends Tfi
to the server
11 / 27

SEARCH (1/2)
The server searches on the index using Tfi
Each component of Tfi
Returns corresponding bit vectors
The user...
Decrypts the bit vectors
Ranks the data identiﬁers
12 / 27

SEARCH (2/2)
Rank using score(id(Dj))
Number of common buckets between Dj and fi
More buckets in common means higher rank
Users send desired identiﬁers to the server
The server returns the encrypted items
13 / 27

1 Key generation
3 Data encryption
5 Search
6 Data decryption
The user decrypts the
received items and ob-
tains the plaintext data
14 / 27

1 Key generation
3 Data encryption
5 Search
6 Data decryption
Problem!
Leakage of the association between
identiﬁers and trapdoors
14 / 27

MULTI-SERVER SCHEME
Use two servers instead of one
One server for the index
Another server for the data items
Honest-but-curious servers
Do not collaborate with each other
15 / 27

TWO ROUND SEARCH SCHEME
The data owner...
Sends the index to server Bob
Sends encrypted items to server Charlie
A user...
Sends trapdoors to server Bob
Receives encrypted bit vectors
Decrypts and ranks vectors
Sends desired identiﬁers to server Charlie
Receives encrypted items from server Charlie
16 / 27

TWO ROUND SCHEME ARCHITECTURE
17 / 27

TWO ROUND SCHEME ARCHITECTURE
Problem!
Users still do a lot of work
17 / 27

PAILLIER INDEX BASED SEARCH
One round search
Minimize client computation
Transfer the burden to the servers
Servers communicate with each other
Paillier index
Use of the Paillier cryptosystem
– Probabilistic
– Homomorphic additive property
Dec(Enc(m1) ∗ Enc(m2)) = m1 + m2
18 / 27

PAILLIER INDEX
Keep the encrypted form of each bit
Instead of a single encrypted bit vector
Traditional index: (πs, σVs
) ∈ I
πs: Encrypted bucket ID
σVs : Encrypted bucket vector
Paillier Index: (πs, [es1
, . . . , es ]) ∈ I
esj
= EncKpub
(1) if Vs[id(Dj)] = 1
esj
= EncKpub
(0) if Vs[id(Dj)] = 0
19 / 27

ONE ROUND SEARCH SCHEME (1/2)
After the Paillier index is constructed...
Send index to Bob with Kpub
Send encrypted items to Charlie with Kpriv
Trapdoor construction
Multi-component trapdoor Tfi
= {π1, . . . , πλ}
A user sends Tfi
to Bob along with t
– Retrieval of top t items
20 / 27

ONE ROUND SEARCH SCHEME (2/2)
Index search (Bob)
Scores computed using homomorphic addition
– Common buckets between Tfi
and a data item
Sends (i, score(i)) to Charlie along with t
Identiﬁer resolution (Charlie)
Decrypts the received scores
Ranks items according to scores
Sends the encrypted results to the user
21 / 27

ONE ROUND SCHEME ARCHITECTURE
22 / 27

SETUP
Scenario
Error aware keyword search
Datasets
5000 random Enron e-mails
Index construction
2-grams embedded into 500-bit Bloom ﬁlter
15 hash functions
AES in CTR mode
128-bit key
23 / 27

RETRIEVAL EVALUATION
t most similar items retrieved
24 / 27

PERFORMANCE EVALUATION (1/2)
Basic search scheme
25 / 27

PERFORMANCE EVALUATION (2/2)
One round search scheme
26 / 27

SUMMARY
Similarity searchable encryption scheme
LSH secure index
Basic scheme
Not secure
Two round scheme
Good for a large number of data items
One round scheme (Pallier index)
Good for a large number of features
27 / 27

Detailed Algorithms
EXTRA SLIDES

Detailed Algorithms
BUILD INDEX

Detailed Algorithms
SEARCH ROUND 1

Detailed Algorithms
SEARCH ROUND 2

Detailed Algorithms
ONE ROUND SEARCH

Efficient Similarity Search over Encrypted Data

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (18)

Recently uploaded

Recently uploaded (20)

Efficient Similarity Search over Encrypted Data