Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications                        (IJERA) ISSN...
Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications                        (IJERA) ISSN...
Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications                        (IJERA) ISSN...
Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications                    (IJERA) ISSN: 22...
Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications                          (IJERA) IS...
Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications                        (IJERA) ISSN...
Upcoming SlideShare
Loading in …5



Published on

IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.856-861 Privacy Conserving Approach to Confidential Database Neha Gosai*,S.H.Patil** *Department of Computer engineering, Bharati Vidyapeeth University,Pune, Maharashtra-411043 **Department of Computer engineering, Bharati Vidyapeeth University,Pune, Maharashtra-411043ABSTRACT Suppose Bank has private data of each remove personal identifier to protect privateaccount holder which contains account number, information. There are many ways of anonymizationdetails of account hoder.Now bank wants to share but we will focus on k-anonymization approachdata with researchers for some specific purpose such a way that privacy of individual account Data anonymization enables transferringholder not violated by disclosing his data to information between two organizations, byresearchers. If allow account holder to directly converting text data into non human readable formadd data into the database of researcher it will using encryption method[1].There have been lots ofviolate confidentiality of research database and if techniques developed.K-anonymization is one of theallow researchers to directly read the contents, approach[2].his technique protects privacy ofviolates privacy of account holder. To preserve original data by modification. So problem arises atprivacy and confidentiality we have proposed this point where database needs to be updated. Soapproach on suppression based k-anonymous when tuple is to be inserted in the database problemsmethod to protect privacy of individual. occurs relating to privacy and confidentiality that Is database owner decide that whether databaseKeywords- Privacy, Anonymous, Suppression, preserve privacy without knowing what new tuple toConfidentiality be inserted. In this paper, we propose a protocol called Suppression based approach to solve above1. INTRODUCTION problem. Today society is growing in terms of datacollection, containing personal details or some otherconfidential information. Because, use of computersincreasing, its privacy or security becomes crucial.Database modelled as collection of data that can beaccessed, updated and it enables user to retrievedata. To provide security to these databases is bigissue. For example, Medical data of each patientshould be protected for years. There are differentapproaches to protect database. The emphasis indatabase privacy should fall on a balance betweenconfidentiality, integrity and availability of personal Fig 1 Anonymous Databasedata, rather than on confidentiality alone. Database Fig 1 shows approach to update anonymousprivacy concerns the protection of information about database. Suppose Alice is user who owns theindividuals that is stored in a database. Sometimes, database and data provider that is Bob who wants towithout your knowledge, health records used by insert his own tuple.So it is necessary to checkinsurance companies, drug manufacturing whether it is possible to update database or insertingcompanies. Because medical records may contain tuple without knowledge of Bob so that privacy ofsome sensitive information like effect of drug on Bob cannot be violated and confidentiality ofpatient it is important to keep this information database does not violated if Bob have access to theprivate. Confidential data is personal information contents of database.relating to a person, it could be reference to anidentification number or other factors like social 2. PROBLEMS WITH CURRENTidentity. To maintain confidentiality, unauthorized APPROACHthird parties must be prevented from accessing and There are various techniques to provideviewing medical data. It is also essential to maintain confidentiality and privacy to anonymous databasedatabase integrity while data is transferring from like Data Reduction, Data perturbation and Securesource to destination. Confidentiality is achieved by Multiparty Computation etc.Cryptography methods or tools. Though data is The first approach is Data perturbationanonymized, Confidentiality is technique derived from secure database techniquesnecessary.Anonymized or anonymization means to overcome privacy preserving problem. It is effective application to protect health care system. 856 | P a g e
  2. 2. Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.856-861Basically there are two types of data perturbation. content of tuple and without sending tuple to ownerFirst type Probability distribution approach and the [11].To achieve this goal two party exchangesecond type are called the value distortion approach. message by encrypting. Or say by anonymousIn the probability distribution, Original database is connection using protocol like Crowds [12].Crowdreplaced by sample from distribution or by protocol is anonymity protocol which hides eachdistribution itself [4] and the value distortion user‟s communication by routing them randomlyapproach perturbs data elements or attributes directly within group of similar users. This is necessaryby either additive noise, multiplicative noise, or because attacker can easily reveal IP address and getsome other randomization procedures [5]. Agrawal sensitive information. It can be leaked from accesset al. [6] proposed a value distortion technique to control policies, so it is necessary to provideprotect the privacy by adding random noise from a authorization so that only authorized party canGaussian distribution to the actual data. They access data. This is based on user anonymousshowed that this technique appears to mask the data authentication [13].Our problem is to privatelywhile allowing extraction of certain patterns like the updates of anonymous and confidential databases.original data distribution and decision tree models 3.1 Prototype Architecturewith good accuracy. Second research approach is SecureMultiparty Computation method consider problemof evaluating function of two or more parties‟ secretinput in such a way that each party does not getanything else except specified output. Securecomputation was formally introduced in 1982 by A.Yao This concept is important in field ofcryptography. For example two parties having somesecret information-𝑎 and 𝑏 respectively. Theycompute joint function 𝑓 𝑎, 𝑏 without disclosinginformation about 𝑎 and 𝑏 .Main aim of using SCMis to allow maximum use of information withoutcompromising user privacy .However,computational complexity makes this approach Fig 2 Proposed Systeminfeasible for large dataset. There are different toolavailable for large dataset [8]. In fig 2 There are different modules The third approach is private data retrieval shown:Cryptographic Module,Privaterelated to SMC. It focuses on Queries for retrieving Checker,Loader Module.Job of cryptographicdata from database. But still it doesn‟t concern with module is to encrypt all tuples between Dataprivately updating database. Other techniques have Provider and Private checker.Loader module readbeen developed that is data anonymization, which and transfer tuple from Anonymous database.protects data through suppression or perturbation in Private checker module performs all the controls thatstastical database. Sweeny who proposed concept of is it checks whether the inserted data is matchedk-anonymity[9].But after researching on algorithm with the data‟s in the anonymous database usingresult comes out that it still not resolves problem of suppression method. The main concept behindprivately update of database. private checker is to check whether insertion is The fourth approach is Query Processing possible into the k anonymous database.Techniques for encrypted data [10].These approachprovide whole data to client, though it encrypts all 3.2 Suppression Based Method to Updatedata. But this is not concern to our approach. Most Confidential Databasesof privacy models developed are based on k-anonymity property-anonymity property deals the Consider Table T ={t1,…,tn} over thepossibility of indirect identification of records form attribute set A. The idea of this algorithm is maskpublic databases-anonymity means each released some attributes by special value *,the valuerecord has at least (k-1) other records in the release employed by Alice for the anonymization.whose values are indistinct[15]. K-anonymity andSMC are used in privacy-preserving data mining, butthey are quite different in terms of efficiency,accuracy.3. PROPOSED PROTOCOL The protocol Suppression based method foranonymous database allows the owner of databaseDB to anonymize tuple t, without knowledge of 857 | P a g e
  3. 3. Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.856-861 Table 1 Original Dataset updating, and an approach that can be used is based AREA POSITION SALARY on techniques for user anonymous authenticationNetworking Professor 12,000 and credential verification.Networking Professor 20,000Programming Professor 25,000 The Diffie Hellman key exchangeLanguage algorithm allows two users to establish shared secretProgramming Professor 20,000 key over insecure communication without havingLanguage any prior knowledge. Here, Diffie Hellmen is usedDatabase System Assistant 50,000 to agree on shared secret key to exchange dataDatabase System Assistant 40,000 between two parties. Here, we have assumed that database is k-anonymous. So it needs to check that Table 2 Suppressed Data with k =2 after inserting properly anonymized tuple, by Bob, AREA POSITION SALARY whether database (Alice) maintains its k-anonymity. If this is the case, tuple can be inserted otherwise * * * tuple will be rejected.AES (Advance Encryption * * * Scheme) is symmetric key algorithm, means sameProgramming Professor * key used for encryption and decryption, forLanguage encryption of data.Programming Professor *Language 4. ALGORITHM * * * In suppression based method of anonymous * * * database, our main aim to compute anonymizedIn suppression based method, Every attribute is version of tuple t without letting Alice and Bobsuppressed by *.So third party cannot differentiate know about the contents of tuple t and what are thebetween any tuples. Table 2 shows Suppressed suppressed attributes in tuple t. Suppose, Alice andattributes or data with k= 2.Here,k=2 indicates k- Bob agree on the commutative and productanonymity that is each row in the table cannot be homomorphic encryption scheme. Steps aredistinguished from at least other k-1 rows by only described as below:looking a set of attributes[9]. 1) Alice encrypts tuples with her private key and3.3 Cryptography Assumption sends it to Bob. Suppression based k-anonymity protocol 2) Upon receiving encrypted version of tuple Bobuses encryption scheme of commutative and product it again encrypts tuple with his key send it to Alice.homomorphic. This encryption scheme allows 3) Alice decrypts values to get Bob‟s key.performing mathematical operation over encrypted 4) Alice examines if the suppressed attributes ofdata. We provide definition of Commutativity, tuple is equal to the tuple sent by Bob. If yes thenproduct homomorphic and indistiguishability [14]. insert tuple in database.Given a finite set 𝐾 of keys and a finite domain, acommutative, product homomorphic encryption 4.1 Implementationscheme E is a polynomial time computable function Suppression based k-anonymity approach 𝐸: 𝐾 × 𝐷 → 𝐷 satisfying the following properties: to provide privacy updates to confidential database is designed by using Java. The implementation setup1) Commutativity: For all key pairs 𝑘1, 𝑘2 ∈ 𝐾 and Considered attributes AREA, POSITION andvalue 𝑑 ∈ 𝐷,the following equality holds: SALARY. We have considered POSITION as non 𝐸𝑘1 𝐸𝑘2 𝑑 = 𝐸𝑘2(𝐸𝑘1(𝑑)) suppressed attribute. Figure 2 shows home page of2) Product Homomorphism: For every 𝑘 ∈ 𝐾 Suppression based approach. Data entered by theand every value pairs 𝑑1, 𝑑2 ∈ 𝐷 ,the following user directly replaced by special value „*‟ and theseequality holds: values being inserted into table. To carry out this task, we have made separate table for original 𝐸𝑘 𝑑1 ∙ 𝐸𝑘 𝑑2 = 𝐸𝑘(𝑑1 ∙ 𝑑2) values. When user enters data it checks value in original table if it is valid then it replaces original3) Indistinguishability: It is infeasible to value with suppressed values. Based on this outcomeobtain data of plaintext from cipher text. The data will get inserted or rejected as shown inadvantages are high privacy of data even after snapshot below. 858 | P a g e
  4. 4. Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.856-861 Fig 3 Attributes with wrong data value Fig 4 Output screen of wrong data values 859 | P a g e
  5. 5. Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.856-861 Fig 5 Attributes with correct Values Fig 6 Output screen of correct values4.2 Result From the implementation, we can say thatthe complexity of protocol depends on number ofmessage exchanged and their size. The complexity ofprotocol depends on the size of T. We have used javaas front end and My SQL for database. Experimentexecuted on Pentium 1GHz with 1 GB physicalmemory. We can make result that if all valuesentered by data provider is correct then database willbe updated successfully otherwise tuple will not beinserted to the database. Thus we can say thatdatabase successfully updated while preservingprivacy and k-anonymity. Fig 7 Execution time of Suppression based protocol Above figure shows average execution time of the protocol. From the experiment we can say that as k increase tuple is safely inserted into the database. Execution time depends on the size of 860 | P a g e
  6. 6. Neha Gosai, S.H.Patil / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 Vol. 2, Issue 4, July-August 2012, pp.856-861 𝑘.Execution time increases according to the equation [5] N.R. Adam and J.C. Worthmann,dataset size/𝑘. “Security-Control Methods for Statistical Databases: A Comparative5. ACKNOWLEGDEMENT Study,” ACM Computing Surveys I must thank, first and foremost, my guide (CSUR), vol. 21, no. 4, pp. 515- 556,and Head of the Department, Dr. prof. S. H., 1989.Department of Computer Science and Engineering, [6] R. Agrawal and R. Srikant, “Privacywho gave me opportunity to write this paper without preserving data mining,” in Proceedingshis guidance and patience, this dissertation would not of the ACM SIGMOD Conference onbe possible. Finally, I thank him to review my paper Management of Data, Dallas, TX, Mayand his invaluable suggestion that make to improve 2000, pp. 439–450.quality of my paper. [7] Andrew C. Yao, Protocols for secure computations, University of California6. CONCLUSION AND FUTUREWORK Berkeley, California 94720, 1982. In this paper, we have proposed secure [8] C. Clifton, M. Kantarcioglu, J. Vaidya,protocol to check that if new tuple is being inserted X. Lin, and M. Zhu, “Tools forto the database, it does not affect anonymity of Privacy Preserving Distributed Datadatabase. It means when new tuple get introduced, k- Mining,” ACM SIGKDD Explorations,anonymous database retains its anonymity. Database vol. 4,no.2, 2003.updates has been carried out properly using proposed [9] L. Sweeney. K-anonymity: a model forprotocol. Execution shows that once system verifies protecting privacy. Internationaluser‟s tuple, it can be safely inserted to the database Journal on Uncertainty, Fuzziness andwithout violating k-anonymity. Only user required to Knowledge-based Systems, 10(5), 557–send non suppressed attributes to the k-anonymous 570, 2002.database. This is useful in medical application. [10] D. Boneh, G. di Crescenzo, R. Ostrowsky,Suppression based method is not fully sufficient as if G. Persiano. Public key encryption witha tuple fails to check, it does not insert to the keyword search. In Proc. of Euro cryptdatabase and wait until k-1.because of longer process Conf.,Interlaken, Switzerland, 2004and waiting time. [11] Privacy-Preserving Updates to Anonymous and Confidential DatabasesThe important issues in future will be resolved: ,Alberto Trombetta, Wei Jiang, Elisa1) Implement database for invalid entries. Bertino and Lorenzo Bossi, Department2) Solve problem of anonymity when initially table of Computer Science andis empty. Communication, University of Insubria,3) When system fails to check tuple, it checks these Italy. tuple in wait state called hanging tuples.try to [12] M. K. Reiter, A. Rubin. Crowds:resolve this problem. anonymity with Web transactions.ACM4) Improving efficiency of protocol in terms of Transactions on Information and Systemnumber of messages exchanged between user and Security (TISSEC), 1(1), 1998; 66–92.database. [13] J. Li, N. Li, W. Wins borough. Policy-5) Implement real world database system. hiding access control in open environment. In Proc of ACM Conf. on7. REFERENCES Computer and Communications Security [1] U.S. Department of Justice, Privacy (CCS), Alexandria, Virginia, 2005. Technology Focus Group Final [14] S. Brands, Untraceable off-line cash in Report, IJIS Institute. wallets with observers. In Proc. Of [2] P. Samarati. Protecting respondent‟s CRYPTO onf. Lecture privacy in micro data release. IEEE Notes in Computer Transactions on Knowledge and Data Science, 773, 1994; 302-318. Engineering, vol. 13, no.6, pp. 1010– [15] Generalization Based Approach to 1027, Nov/Dec. 2001. Confidential Database Updates , Neha [3] Agrawal and Srikant, 2000; Rizvi and Gosai, S H Patil, Department of Haritsa,2002; Evfimievski et ComputerScience,pune,Maharashtra,2012 al., 2004 [16] [4] C.K. Liew, U.J. Choi, and C.J. Liew, “A Data Distortion by Probability Distribution,” ACM Trans. Database Systems (TODS), vol. 10, no. 3, pp. 395- 411, 1985. 861 | P a g e