As organizations struggle with processing vast amounts of information, outsourcing sensitive data to third parties becomes a necessity. To protect the data, various cryptographic techniques are used in outsourced database systems to ensure data privacy, while allowing efficient querying. A rich collection of attacks on such systems has emerged. Even with strong cryptography, just communication volume or access pattern is enough for an adversary to succeed. In this work we present a model for differentially private outsourced database system and a concrete construction, $\mathcal{E}\text{psolute}$, that provably conceals the aforementioned leakages, while remaining efficient and scalable. In our solution, differential privacy is preserved at the record level even against an untrusted server that controls data and queries. $\mathcal{E}\text{psolute}$ combines Oblivious RAM and differentially private sanitizers to create a generic and efficient construction. We go further and present a set of improvements to bring the solution to efficiency and practicality necessary for real-world adoption. We describe the way to parallelize the operations, minimize the amount of noise, and reduce the number of network requests, while preserving the privacy guarantees. We have run an extensive set of experiments, dozens of servers processing up to 10 million records, and compiled a detailed result analysis proving the efficiency and scalability of our solution. While providing strong security and privacy guarantees we are less than an order of magnitude slower than range query execution of a non-secure plain-text optimized RDBMS like MySQL and PostgreSQL.
翻译:随着各组织努力处理大量信息,有必要将敏感数据外包给第三方。为了保护数据,在外包数据库系统中使用各种加密技术,以确保数据隐私,同时允许高效查询。出现了大量攻击这类系统的情况。即使有了强大的加密,光是通信量或访问模式就足以使对手成功。在这项工作中,我们提出了一个不同私营外包数据库系统和具体建设的模式,即$\mathcal{E{text{polute},这可以明显地掩盖上述渗漏,同时保持效率和可扩展性。在我们的解决办法中,不同隐私被保存在记录水平上,甚至针对一个控制数据和查询的不受信任的服务器。$\mathcal{E_text{polut}美元就足以使敌人能够成功。我们提出了一套改进模式,以提高效率和实用性为目的采用现实世界所必要的解决方案。我们描述了如何同步操作,尽量减少噪音的数量,并降低了控制数据和查询数据和查询的保密性服务器的保密性水平。我们提出了一个比10万种安全性水平的精确度的测试,同时,我们提出了一个安全性分析的准确性分析的顺序和精确性分析范围要低于10万种。