Erez Shmueli

Designing secure indexes for encrypted databases

The conventional way to speedup queries execution is by using indexes. Designing secure indexes for an encrypted database environment raises the question of how to construct the index so that no information about the database content is exposed. In this paper, the challenges raised when designing a secure index for an encrypted database are outlined; the attacker model is described; possible attacks against secure indexes are discussed; the difficulty posed by multiple users sharing the same index are presented; and the design considerations regarding keys storage and encryption granularity are illustrated. Finally, a secure database-indexing scheme is suggested. In this scheme, protection against information leakage and unauthorized modifications is provided by using encryption, dummy values and pooling. Furthermore, the new scheme supports discretionary access control in a multi-user environment.

Database encryption: an overview of contemporary challenges and design considerations

This article describes the major challenges and design considerations pertaining to database encryption. The article first presents an attack model and the main relevant challenges of data security, encryption overhead, key management, and integration footprint. Next, the article reviews related academic work on alternative encryption configurations pertaining to encryption locus; indexing encrypted data; and key management. Finally, the article concludes with a benchmark using the following design criteria: encryption configuration, encryption granularity and keys storage.

A Structure Preserving Database Encryption Scheme

A new simple and efficient database encryption scheme is presented. The new scheme enables encrypting the entire content of the database without changing its structure. In addition, the scheme suggests how to convert the conventional database index to a secure index on the encrypted database so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without having the encryption key.

Sensing, Understanding, and Shaping Social Behavior

The ability to understand social systems through the aid of computational tools is central to the emerging field of computational social systems. Such understanding can answer epistemological questions on human behavior in a data-driven manner, and provide prescriptive guidelines for persuading humans to undertake certain actions in real-world social scenarios. The growing number of works in this subfield has the potential to impact multiple walks of human life including health, wellness, productivity, mobility, transportation, education, shopping, and sustenance. The contribution of this paper is twofold. First, we provide a functional survey of recent advances in sensing, understanding, and shaping human behavior, focusing on real-world behavior of users as measured using passive sensors. Second, we present a case study on how trust, which is an important building block of computational social systems, can be quantified, sensed, and applied to shape human behavior. Our findings suggest that:1) trust can be operationalized and predicted via computational methods (passive sensing and network analysis) and 2) trust has a significant impact on social persuasion; in fact, it was found to be significantly more effective than the closeness of ties in determining the amount of behavior change.

Are You Your Friends' Friend? Poor Perception of Friendship Ties Limits the Ability to Promote Behavioral Change.

Persuasion is at the core of norm creation, emergence of collective action, and solutions to ‘tragedy of the commons’ problems. In this paper, we show that the directionality of friendship ties affect the extent to which individuals can influence the behavior of each other. Moreover, we find that people are typically poor at perceiving the directionality of their friendship ties and that this can significantly limit their ability to engage in cooperative arrangements. This could lead to failures in establishing compatible norms, acting together, finding compromise solutions, and persuading others to act. We then suggest strategies to overcome this limitation by using two topological characteristics of the perceived friendship network. The findings of this paper have significant consequences for designing interventions that seek to harness social influence for collective action.

Privacy by diversity in sequential releases of databases

We study the problem of privacy preservation in sequential releases of databases. In that scenario, several releases of the same table are published over a period of time, where each release contains a different set of the table attributes, as dictated by the purposes of the release. The goal is to protect the private information from adversaries who examine the entire sequential release. That scenario was studied in [32] and was further investigated in [28]. We revisit their privacy definitions, and suggest a significantly stronger adversarial assumption and privacy definition. We then present a sequential anonymization algorithm that achieves ?-diversity. The algorithm exploits the fact that different releases may include different attributes in order to reduce the information loss that the anonymization entails. Unlike the previous algorithms, ours is perfectly scalable as the runtime to compute the anonymization of each release is independent of the number of previous releases. In addition, we consider here the fully dynamic setting in which the different releases differ in the set of attributes as well as in the set of tuples. The advantages of our approach are demonstrated by extensive experimentation.

Ride Sharing: A Network Perspective

Ride sharing’s potential to improve traffic congestion as well as assist in reducing CO2 emission and fuel consumption was recently demonstrated by works such as [1]. Furthermore, it was shown that ride sharing can be implemented within a sound economic regime, providing values for all participants (e.g., Uber). Better understanding the utilization of ride sharing can help policy makers and urban planners in modifying existing urban transportation systems to increase their “ride sharing friendliness” as well as in designing new ride sharing oriented ones. In this paper, we study systematically the relationship between properties of the dynamic transportation network (implied by the aggregated rides) and the potential benefit of ride sharing. By analyzing a dataset of over 14 Million taxi trips taken in New York City during January 2013, we predict the potential benefit of ride sharing using topological properties of the rides network only. Such prediction can ease the analysis of urban areas, with respect to the potential efficiency of ride sharing for their inhabitants, without the need to carry out expensive and time consuming surveys, data collection and analysis operations.

Improving accuracy of classification models induced from anonymized datasets

The performance of classifiers and other data mining models can be significantly enhanced using the large repositories of digital data collected nowadays by public and private organizations. However, the original records stored in those repositories cannot be released to the data miners as they frequently contain sensitive information. The emerging field of Privacy Preserving Data Publishing (PPDP) deals with this important challenge. In this paper, we present NSVDist (Non-homogeneous generalization with Sensitive Value Distributions)-a new anonymization algorithm that, given minimal anonymity and diversity parameters along with an information loss measure, issues corresponding non-homogeneous anonymizations where the sensitive attribute is published as frequency distributions over the sensitive domain rather than in the usual form of exact sensitive values. In our experiments with eight datasets and four different classification algorithms, we show that classifiers induced from data generalized by NSVDist tend to be more accurate than classifiers induced using state-of-the-art anonymization algorithms.

Campaign Optimization Through Behavioral Modeling and Mobile Network Analysis

Optimizing the use of available resources is one of the key challenges in activities that consist of interactions with a large number of “target individuals,” with the ultimate goal of “winning” as many of them as possible, such as in marketing, service provision, political campaigns, or homeland security. Typically, the cost of interactions is monotonically increasing such that a method for maximizing the performance of these campaigns iPs required. In this paper, we propose a mathematical model to compute an optimized campaign by automatically determining the number of interacting units and their type, and how they should be allocated to different geographical regions in order to maximize the campaigns performance. We validate our proposed model using real world mobility data.

Implementing a database encryption solution, design and implementation issues

Abstract In this paper, we analyze and compare five traditional architectures for database encryption. We show that existing architectures may provide a high level of security, but have a significant impact on performance and impose major changes to the application layer, or may be transparent to the application layer and provide high performance, but have several fundamental security weaknesses. We suggest a sixth novel architecture that was not considered before. The new architecture is based on placing the encryption module inside the database management software (DBMS), just above the database cache, and using a dedicated technique to encrypt each database value together with its coordinates. These two properties allow our new architecture to achieve a high level of data security while offering enhanced performance and total transparency to the application layer. We also explain how each architecture can be implemented in a commercial, open source DBMS. We evaluate the performance of the various architectures both analytically and through extensive experimentation. Our performance evaluation results demonstrate that in most realistic scenarios, i.e., where only a part of the database content is stored in the database cache, the suggested architecture outperforms the others.