SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

Leqian Zheng; Lei Xu; Cong Wang; Sheng Wang; Yuke Hu; Zhan Qin; Feifei Li; Kui Ren

doi:10.14778/3675034.3675038

SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

Leqian Zheng, Lei Xu, Cong Wang, Sheng Wang, Yuke Hu, Zhan Qin, Feifei Li, Kui Ren

Department of Computer Science

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

3 Citations (Scopus)

Abstract

Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leak ages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of ne-tuned privacy efficiency trade-o s. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate Swat, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. Swat is about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of Swat remains highly competitive compared to other designs that mitigate specific types of leakage.

© by the owner/author(s)

Original language	English
Pages (from-to)	2445-2458
Journal	Proceedings of the VLDB Endowment
Volume	17
Issue number	10
Online published	6 Aug 2024
DOIs	https://doi.org/10.14778/3675034.3675038
Publication status	Published - 2024
Event	50th International Conference on Very Large Data Bases (VLDB 2024) - Guangzhou, China Duration: 26 Aug 2024 → 30 Aug 2024 https://vldb.org/2024/

Funding

The work is supported in part by the National Key Research and Development Program of China 2023YFB2904000, by the National Natural Science Foundation of China under Grant (NSFC) 62202228, U20A20178, U23A20306, 62072395, 62032021, 62206207, by the Natural Science Foundation of Jiangsu Province under Grant BK20210330, by the Fundamental Research Funds for the Central Universities 30923011023, and by HK RGC under Grants CityU 11217620, RFS2122-1S04, R6021-20F, R1012-21, C2004-21G, and C1029-22G. This work is also partially supported by Alibaba Group through Alibaba Innovative Research Program.

RGC Funding Information

RGC-funded

Access Output

10.14778/3675034.3675038

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{e9cb3c4ccf11408dbe0a56ce2724edae,

title = "SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores",

abstract = "Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leak ages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of ne-tuned privacy efficiency trade-o s. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate Swat, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. Swat is about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of Swat remains highly competitive compared to other designs that mitigate specific types of leakage. {\textcopyright} by the owner/author(s)",

author = "Leqian Zheng and Lei Xu and Cong Wang and Sheng Wang and Yuke Hu and Zhan Qin and Feifei Li and Kui Ren",

year = "2024",

doi = "10.14778/3675034.3675038",

language = "English",

volume = "17",

pages = "2445--2458",

journal = "Proceedings of the VLDB Endowment",

issn = "2150-8097",

publisher = "Very Large Data Base Endowment Inc.",

number = "10",

note = "50th International Conference on Very Large Data Bases (VLDB 2024) ; Conference date: 26-08-2024 Through 30-08-2024",

url = "https://vldb.org/2024/",

}

TY - JOUR

T1 - SWAT

T2 - 50th International Conference on Very Large Data Bases (VLDB 2024)

AU - Zheng, Leqian

AU - Xu, Lei

AU - Wang, Cong

AU - Wang, Sheng

AU - Hu, Yuke

AU - Qin, Zhan

AU - Li, Feifei

AU - Ren, Kui

PY - 2024

Y1 - 2024

N2 - Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leak ages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of ne-tuned privacy efficiency trade-o s. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate Swat, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. Swat is about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of Swat remains highly competitive compared to other designs that mitigate specific types of leakage. © by the owner/author(s)

AB - Numerous studies have underscored the significant privacy risks associated with various leakage patterns in encrypted data stores. While many solutions have been proposed to mitigate these leak ages, they either (1) incur substantial overheads, (2) focus on specific subsets of leakage patterns, or (3) apply the same security notion across various workloads, thereby impeding the attainment of ne-tuned privacy efficiency trade-o s. In light of various detrimental leakage patterns, this paper starts with an investigation into which specific leakage patterns require our focus in the contexts of key-value, range-query, and dynamic workloads, respectively. Subsequently, we introduce new security notions tailored to the specific privacy requirements of these workloads. Accordingly, we propose and instantiate Swat, an efficient construction that progressively enables these workloads, while provably mitigating system-wide leakage via a suite of algorithms with tunable privacy-efficiency trade-offs. We conducted extensive experiments and compiled a detailed result analysis, showing the efficiency of our solution. Swat is about an order of magnitude slower than an encryption-only data store that reveals various leakage patterns and is two orders of magnitude faster than a trivial zero-leakage solution. Meanwhile, the performance of Swat remains highly competitive compared to other designs that mitigate specific types of leakage. © by the owner/author(s)

UR - http://www.scopus.com/inward/record.url?scp=85205298845&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85205298845&origin=recordpage

U2 - 10.14778/3675034.3675038

DO - 10.14778/3675034.3675038

M3 - RGC 21 - Publication in refereed journal

SN - 2150-8097

VL - 17

SP - 2445

EP - 2458

JO - Proceedings of the VLDB Endowment

JF - Proceedings of the VLDB Endowment

IS - 10

Y2 - 26 August 2024 through 30 August 2024

ER -

SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

Abstract

Funding

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

CRF: Enabling Metadata-private and Accountable Networks at Scale

RIF-Sub-pj: Secure and Incentivized Data Sharing with Enhanced Ownership for Decentralized Networks

CRF-ExtU-Lead: User-controlled Secure Data Sharing and Analytics with Blockchain and Trusted Computing Technologies

Cite this

SWAT: A System-Wide Approach to Tunable Leakage Mitigation in Encrypted Data Stores

Abstract

Funding

RGC Funding Information

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Projects

CRF: Enabling Metadata-private and Accountable Networks at Scale

RIF-Sub-pj: Secure and Incentivized Data Sharing with Enhanced Ownership for Decentralized Networks

CRF-ExtU-Lead: User-controlled Secure Data Sharing and Analytics with Blockchain and Trusted Computing Technologies

Cite this