Privacy-Preserving Query Execution using Tamper Resistant Hardware. Design and Performance Considerations

Cuong Quoc To 1, 2
2 SMIS - Secured and Mobile Information Systems
PRISM - Parallélisme, Réseaux, Systèmes, Modélisation, UVSQ - Université de Versailles Saint-Quentin-en-Yvelines, Inria Paris-Rocquencourt, CNRS - Centre National de la Recherche Scientifique : UMR8144
Abstract : Current applications, from complex sensor systems (e.g. quantified self) to online e- markets acquire vast quantities of personal information which usually end-up on central servers. This massive amount of personal data, the new oil, represents an unprecedented potential for applications and business. However, centralizing and processing all one‟s data in a single server, where they are exposed to prying eyes, poses a major problem with regards to privacy concern. Conversely, decentralized architectures helping individuals keep full control of their data, but they complexify global treatments and queries, impeding the development of innovative services. In this thesis, we aim at reconciling individual's privacy on one side and global benefits for the community and business perspectives on the other side. It promotes the idea of pushing the security to secure hardware devices controlling the data at the place of their acquisition. Thanks to these tangible physical elements of trust, secure distributed querying protocols can reestablish the capacity to perform global computations, such as SQL aggregates, without revealing any sensitive information to central servers. This thesis studies the subset of SQL queries without external joins and shows how to secure their execution in the presence of honest-but-curious attackers. It also discusses how the resulting querying protocols can be integrated in a concrete decentralized architecture. Cost models and experiments on SQL/AA, our distributed prototype running on real tamper-resistant hardware, demonstrate that this approach can scale to nationwide applications.
Document type :
Theses
Liste complète des métadonnées

Cited literature [53 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/tel-01253759
Contributor : Luc Bouganim <>
Submitted on : Monday, January 11, 2016 - 12:37:12 PM
Last modification on : Friday, May 25, 2018 - 12:02:04 PM
Document(s) archivé(s) le : Tuesday, April 12, 2016 - 11:16:25 AM

Identifiers

  • HAL Id : tel-01253759, version 1

Citation

Cuong Quoc To. Privacy-Preserving Query Execution using Tamper Resistant Hardware. Design and Performance Considerations. Databases [cs.DB]. Université de Versailles Saint-Quentin-en-Yvelines, 2015. English. ⟨tel-01253759⟩

Share

Metrics

Record views

298

Files downloads

208