When Differential Privacy Meets Query Control : A Hybrid Framework for Practical Range Query Leakage Quantification and Mitigation
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
Original language | English |
---|---|
Journal / Publication | IEEE Transactions on Services Computing |
Online published | 13 Dec 2024 |
Publication status | Online published - 13 Dec 2024 |
Link(s)
Abstract
Encrypted range schemes are becoming increasingly attractive for commercial databases, as they allow for confidential query service on encrypted databases hosted on remote servers. These schemes, by design, leak specific patterns such as access, volume, and search patterns. However, they are vulnerable to leakage-abuse attacks (LAAs) that exploit these patterns to reconstruct the plaintext databases. In response, the query control paradigms have emerged, with our preceding framework, RangeQC, being a notable example. These paradigms probe deeper into the intricacies of granular user query access control, advancing beyond past scheme-level efforts and acting as sentinels against the inadvertent leakage of delicate data patterns. While RangeQC aimed to regulate high-leakage queries through query control, it encountered usability impediments. Acknowledging that query control alone might be insufficient, we introduce an additional layer of protection in our evolved framework, RangeQC+. This fusion model combines query control with differential privacy-based data perturbation, a proactive strategy to muddle query responses and yield obfuscated leakage patterns. Complementing this approach, RangeQC+ incorporates refined, noise-resistant leakage metrics for accurate pattern analysis. Through comprehensive assessments and comparative analysis, RangeQC+ consistently showcases a balanced blend of enhanced performance, robust privacy, and user-friendly functionality. © 2024 IEEE.
Research Area(s)
- Searchable encryption, cryptographic databases, leakage-abuse attack, range query
Citation Format(s)
When Differential Privacy Meets Query Control: A Hybrid Framework for Practical Range Query Leakage Quantification and Mitigation. / Li, Xinyan; Du, Yuefeng; Wang, Cong.
In: IEEE Transactions on Services Computing, 13.12.2024.
In: IEEE Transactions on Services Computing, 13.12.2024.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review