Bharath K. Samanthula

Secure k-nearest neighbor query over encrypted data in outsourced environments

For the past decade, query processing on relational data has been studied extensively, and many theoretical and practical solutions to query processing have been proposed under various scenarios. With the recent popularity of cloud computing, users now have the opportunity to outsource their data as well as the data management tasks to the cloud. However, due to the rise of various privacy issues, sensitive data (e.g., medical records) need to be encrypted before outsourcing to the cloud. In addition, query processing tasks should be handled by the cloud; otherwise, there would be no point to outsource the data at the first place. To process queries over encrypted data without the cloud ever decrypting the data is a very challenging task. In this paper, we focus on solving the k-nearest neighbor (kNN) query problem over encrypted database outsourced to a cloud: a user issues an encrypted query record to the cloud, and the cloud returns the k closest records to the user. We first present a basic scheme and demonstrate that such a naive solution is not secure. To provide better security, we propose a secure kNN protocol that protects the confidentiality of the data, users input query, and data access patterns. Also, we empirically analyze the efficiency of our protocols through various experiments. These results indicate that our secure protocol is very efficient on the user end, and this lightweight scheme allows a user to use any mobile device to perform the kNN query.

k -Nearest Neighbor Classification over Semantically Secure Encrypted Relational Data

Data Mining has wide applications in many areas such as banking, medicine, scientific research and among government agencies. Classification is one of the commonly used tasks in data mining applications. For the past decade, due to the rise of various privacy issues, many theoretical and practical solutions to the classification problem have been proposed under different security models. However, with the recent popularity of cloud computing, users now have the opportunity to outsource their data, in encrypted form, as well as the data mining tasks to the cloud. Since the data on the cloud is in encrypted form, existing privacy-preserving classification techniques are not applicable. In this paper, we focus on solving the classification problem over encrypted data. In particular, we propose a secure k-NN classifier over encrypted data in the cloud. The proposed protocol protects the confidentiality of data, privacy of users input query, and hides the data access patterns. To the best of our knowledge, our work is the first to develop a secure k-NN classifier over encrypted data under the semi-honest model. Also, we empirically analyze the efficiency of our proposed protocol using a real-world dataset under different parameter settings.

An efficient and probabilistic secure bit-decomposition

Many secure data analysis tasks, such as secure clustering and classification, require efficient mechanisms to convert the intermediate encrypted integers into the corresponding encryptions of bits. The existing bit-decomposition algorithms either do not offer sufficient security or are computationally inefficient. In order to provide better security as well as to improve efficiency, we propose a novel probabilistic-based secure bit-decomposition protocol for values encrypted using public key additive homomorphic encryption schemes. The proposed protocol guarantees security as per the semi-honest security definition of secure multi-party computation (MPC) and is also very efficient compared to the existing method. Our protocol always returns the correct result, however, it is probabilistic in the sense that the correct result can be generated in the first run itself with very high probability. The computation time of the proposed protocol grows linearly with the input domain size in bits. We theoretically analyze the complexity of the proposed protocol with the existing method in detail.

Privacy-Preserving Complex Query Evaluation over Semantically Secure Encrypted Data

In the last decade, several techniques have been proposed to evaluate different types of queries (e.g., range and aggregate queries) over encrypted data in a privacy-preserving manner. However, solutions supporting the privacy-preserving evaluation of complex queries over encrypted data have been developed only recently. Such recent techniques, however, are either insecure or not feasible for practical applications. In this paper, we propose a novel privacy-preserving query processing framework that supports complex queries over encrypted data in the cloud computing environment and addresses the shortcomings of previous approaches. At a high level, our framework utilizes both homomorphic encryption and garbled circuit techniques at different stages in query processing to achieve the best performance, while at the same time protecting the confidentiality of data, privacy of the user’s input query and hiding data access patterns. Also, as a part of query processing, we provide an efficient approach to systematically combine the predicate results (in encrypted form) of a query to derive the corresponding query evaluation result in a privacy-preserving manner. We theoretically and empirically analyze the performance of this approach and demonstrate its practical value over the current state-of-the-art techniques. Our proposed framework is very efficient from the user’s perspective, thus allowing a user to issue queries even using a resource constrained device (e.g., PDAs and cell phones).

N-gram based secure similar document detection

Secure similar document detection (SSDD) plays an important role in many applications, such as justifying the need-to-know basis and facilitating communication between government agencies. The SSDD problem considers situations where Alice with a query document wants to find similar information from Bobs document collection. During this process, the content of the query document is not disclosed to Bob, and Bobs document collection is not disclosed to Alice. Existing SSDD protocols are developed under the vector space model, which has the advantage of identifying global similar information. To effectively and securely detect similar documents with overlapping text fragments, this paper proposes a novel n-gram based SSDD protocol.

Privacy-Preserving and Outsourced Multi-user K-Means Clustering

Many techniques for privacy-preserving data mining (PPDM) have been investigated over the past decade. Such techniques, however, usually incur heavy computational and communication cost on the participating parties and thus entities with limited resources may have to refrain from participating in the PPDM process. To address this issue, one promising solution is to outsource the tasks to the cloud environment. In this paper, we propose a novel and efficient solution to privacy-preserving outsourced distributed clustering (PPODC) for multiple users based on the k-means clustering algorithm. The main novelty of our solution lies in avoiding the secure division operations required in computing cluster centers through efficient transformation techniques. In addition, we discuss two strategies, namely offline computation and pipelined execution that aim to boost the performance of our protocol. We implement our protocol on a cluster of 16 nodes and demonstrate how our two strategies combined with parallelism can significantly improve the performance of our protocol through extensive experiments using a real dataset.

Efficient Privacy-Preserving Range Queries over Encrypted Data in Cloud Computing

With the growing popularity of data and service outsourcing, where the data resides on remote servers in encrypted form, there remain open questions about what kind of query operations can be performed on the encrypted data. In this paper, we focus on one such important query operation, namely range query. One of the basic security primitive that can be used to evaluate range queries is secure comparison of encrypted integers. However, the existing secure comparison protocols strongly rely on the encrypted bit-wise representations rather than on pure encrypted integers. Therefore, in this paper, we first propose an efficient method for converting an encrypted integer z into encryptions of the individual bits of z. We then utilize the proposed security primitive to construct a new protocol for secure evaluation of range queries in the cloud computing environment. Furthermore, we empirically show the efficiency gains of using our security primitive over existing method under the range query application.

Interest-driven private friend recommendation

The emerging growth of online social networks has opened new doors for various kinds of applications such as business intelligence and expanding social connections through friend recommendations. In particular, friend recommendation facilitates users to explore new friendships based on social network structures, user profile information (similar interest) or both. However, as the privacy concerns of users are on the rise, searching for new friends is not a straightforward task under the assumption that users’ information is kept private. Along this direction, this paper proposes two private friend recommendation algorithms based on the social network structure and the users’ social tags. The first protocol is more efficient from a user’s perspective compared to the second protocol, and this efficiency gain comes at the expense of relaxing the underlying privacy assumptions. On the other hand, the second protocol provides the best security guarantee. In addition, we empirically analyze the complexities of the proposed protocols and provide various experimental results.

A Probabilistic Encryption Based MIN/MAX Computation in Wireless Sensor Networks

Wireless sensor networks (WSNs) have wide range of applications in military, health-monitoring, smart-home applications, and in other commercial environments. The computation of data aggregation functions like MIN/MAX is one of the commonly used tasks in many such WSN applications. However, due to privacy issues in some of these applications, the individual sensor readings should be kept secret from others. That is, the base station should be the only entity who should receive the output of MIN/MAX function and the individual sensor readings should not be revealed either to other sensor nodes or to the root node for confidentiality reasons. Existing Secure Data Aggregation (SDA) techniques for computing MIN/MAX are based on either order preserving or privacy homomorphic encryption schemes which are either inefficient or insecure. Along this direction, this paper proposes two novel solutions for securely computing MIN/MAX functions in WSNs using probabilistic encryption scheme. The first solution works for WSNs with no duplicate sensor readings whereas the second solution acts as a generic method and works even for duplicate readings but is less efficient compared to the first method. However, the second solution is much more secure compared to the existing protocols. The security of the proposed protocols is justified based on the well known quadratic residuosity assumption. We empirically analyze the efficiency of our schemes and demonstrate the advantages of the proposed protocols over existing approaches.

Structural and Message Based Private Friend Recommendation

The emerging growth of online social networks have opened new doors for various business applications such as promoting a new product across its customers. Besides this, friend recommendation is an important tool for recommending potential candidates as friends to users in order to enhance the development of the entire network structure. Existing friend recommendation methods utilize social network structure and/or user profile information. However, these techniques can no longer be applicable if the privacy of users is taken into consideration. In this paper, we propose a two-phase private friend recommendation protocol for recommending friends to a given target user based on the network structure as well as utilizing the real message interaction between users. Our protocol computes the recommendation scores of all users who are within a radius of h from the target user in a privacy preserving manner. In addition, we show the practical applicability of our approach through empirical analysis.