On Privacy-Preserving Search in the Encrypted Domain

Privacy-preserving query has recently received considerable attention in the signal processing and multimedia community. It also is a critical step in wireless sensor network for retrieval of sensitive data. The purposes of privacy-preserving query in both the areas of signal processing and sensor network are the same but the similarity and difference of the adopted technologies are not fully explored. In this paper, we first review the recently developed methods of privacy-preserving query, and then describe in a comprehensive manner what we can learn from the mutual of both areas. I. MOTIVATION AND SIGNIFICANCE OF THE TOPIC Due to the increase of bandwidth capacity over the Internet, the powerful cloud server, though insecure, is increasingly providing services of (sensitive) data access and query for querists. More specifically, if the remote server is equipped with powerful computation and storage capability with plentiful resources, it can provide the users to store data and to exploit the computational power for their intended tasks. Under the case, the cloud server not only provides a passive search service but also is equipped with a highly interactive mechanism. This outsourcing scenario is of practical use if immense computation and communication are demanding. However, the delivery of sensitive data and permission of insecure (e.g., honest but curious) server in processing the stored data indeed pose the concern of preserving privacy that is gradually receiving considerable attention in diverse areas. A. Privacy-Preserving Query in Multimedia In the literature, text retrieval with privacy preserved has been developed in the data mining community. Only recently, secure search of text documents in the ciphertext domain has been extended to secure media data inquiry [3], [7], [9], [15], [19]. In the multimedia community, the issue of preserving the privacy of query images, when searching over a public non-encrypted database, is believed to be first addressed in [15]. To enable operations in the encrypted domain and yield results equivalent to those in the non-encrypted domain, homomorphic encryption [4] has been popularly adopted. Generally, the Paillier cryptosystem [12] is adopted as the platform for designing privacy-preserving query as it offers homomorphic addition and plaintext multiplication, satisfies provable security based on modular arithmetic, and is computationally comparable to RSA. It is known that Paillier cryptosystem-based methods need to execute modular exponentiations of large numbers and suffer a higher computational complexity (quantified by the number of modular multiplications). Tricks to alleviate this overhead are to introduce pre-computation of modular exponentiations or speed modular exponentiation operation [14]. Recently, Qin et al. [13] presented to distribute and assign the computation steps of Scale Invariant Feature Transform to a set of independent but cooperative cloud servers for diminishing the efficiency limitation of homomorphic encryption. On the other hand, privacy-preserving transformation for signal processing in the ciphertext domain has been developed for discrete Fourier transform [1] and wavelet transform [22]. Joint privacy-preserving fingerprinting, decryption, and authentication via secret sharing can be found in [8]. B. Privacy-Preserving Query in Sensor Network Since sensor networks can be deployed in certain harsh or hostile areas for data acquisition and collection or environment monitoring [10], the possibility of unstable connection between the authority and the network indeed exists. To overcome such a problem, in-network storage is required for caching or storing the sensed data. Thus, various data storage models in sensor networks for query response and data archival have been studied. Privacy-preserving query in sensor networks [16], [17], [18], [20], [21] consists of data reporting with confidentialitypreserving and query result completeness verification. The former is used to protect data confidentiality and authenticate query results, while the latter guarantees the query result completeness. In contrast with the use of homomorphic encryption in multimedia, bucket scheme [5], [6] is popularly employed in the confidentiality-preserving data reporting phase in sensor networks. In fact, there exists a compromise between the confidentiality and communication cost in terms of bucket sizes since a smaller/larger bucket size implies lower/higher data confidentiality and lower/higher communication cost due to less/more superfluous data being returned to the authority. A problem unique to sensor networks, however, is that even when the bucket strategy is utilized, the storage node could still withdraw some encrypted data and only convey part of the results to the authority, giving rise to incomplete query results. Thus, how to discover the incomplete reply in a communication-efficient way still remains challenging. II. TECHNOLOGIC COMPARISON As we have briefly surveyed in the previous section the state-of-the-art privacy-preserving query technologies in multimedia [3], [7], [9], [15], [19] and sensor networks [16], TABLE I COMPARISONS BETWEEN PRIVACY-PRESERVING MULTIMEDIA AND SENSOR NETWORK (PP: PRIVACY-PRESERVING). Multimedia Sensor Network Query type Top-k query Top-k/Range/Skyline query Data Confidentiality (complex) Homomorphic Encryption [7], [9], [11] (simple) Lightweight encryption [13] Bucket scheme [16], [17], [21], [20] PP Feature Extraction Yes [7], [13] None PP Transform Yes [1], [22] None PP Comparison Yes Yes Query Result Completeness None Yes Query Result Accuracy Yes Not always [2] [17], [18], [20], [21], they will be compared in order to better understand their similarities and differences. These comparisons, as depicted in Table I, will help us to broadly know the technologies developed so far in diverse fields that we may ignore. Moreover, we shall discuss if a technique that is well-known in an area is helpful in the other area. As shown in Table I, lightweight encryption with less accuracy (and security) is usually adopted in sensor networks in order to prolong the lifetime of resource-limited sensors. In sensor networks, due to the use of lightweight encryption technique like bucket scheme, Bloom filter is usually further adopted to achieve storage-efficiency, which will bring the side-effect of inaccurate query results [2]. As for multimedia, though homomorphic encryption has been broadly used due to its high security, its high computational complexity promotes the study of lightweight encryption at the expense of losing partial security. It would be interesting to apply the lightweight encryption scheme used in multimedia to sensor networks for alleviation of weakness of bucket scheme. Privacy-preserving feature extraction and transform are basically unique to multimedia. However, if the sensors within the framework of Internet of Things (IoT) are used to sense biomedical signals, such ECG, privacy-preserving transform may be employed. We also note that the number of query types for multimedia seems to be less than that for sensor network. For data search/query in the ciphertext domain, privacy-preserving comparison is required in both multimedia and sensor network. It is, however, closely related to how much information will be leaked. For query result completeness, it has been studied in sensor network but is usually ignored in multimedia. In particular, in the (tiered) network model, the storage nodes easily become the targets to be attacked because of their key role in processing queries [20]. Specifically, the adversary can compromise the storage nodes to obtain the sensed data, leading to the breach of data confidentiality. After compromising storage nodes, the adversary can also return the fabricated query results to the authority, resulting in query result authenticity breaching. A challenge is that the attacked storage nodes can infringe query result completeness, creating incomplete query results for the authority by giving up partial results purposely. On the other hand, for preserving privacy in multimedia, one simply considers ciphertext only attack and known plaintext attack, but other stronger attacks are less touched.REFERENCES [1] T. Bianchi, A. Piva, and M. Barni, “On the Implementation of the DiscreteFourier Transform in the Encrypted Domain,” IEEE Trans. on InformationForensics and Security, vol. 4, no. 1, pp. 86-97, 2009.[2] F. Chen and A. X. Liu, “Safeq: Secure and efficient query processing insensor networks,” IEEE INFOCOM, pp. 1-9, 2010.[3] Z. Erkin et al., “Protection and Retrieval of Encrypted Multimedia Con-tent: When Cryptography Meets Signal Processing,” EURASIP Journalon Information Security, vol. 7, no. 2, pp. 1-20, 2007.[4] C. Gentry, “Fully Homomorphic Encryption Using Ideal Lattices,” STOC,pp. 169-178, 2009.[5] H. Hacigumus et al., “Executing SQL over encrypted data in the databaseservice provider model,” ACM SIGMOD, 2002.[6] B. Hore, S. Mehrotra, and G. Tsudik, “A privacy-preserving index forrange queries,” VLDB, 2004.[7] C.-Y. Hsu, C.-S. Lu and S.-C. Pei, “Image Feature Extraction in En-crypted Domain with Privacy-Preserving SIFT,” IEEE Trans. on ImageProcessing, Vol. 21, No. 11, pp. 4593-4607, 2012.[8] C.-Y. Lin, K. Muchtar, C.-S. Lu, and C.-H. Yeh, “Secure Multicastingof Images via Joint Privacy-Preserving Fingerprinting, Decryption, andAuthentication,” to appear in Journal of VCIP, Springer, 2016.[9] W. Lu et al., “Secure Image Retrieval through Feature Protection,” IEEEICASSP, pp. 1533-1536, 2009.[10] V. A. Oleshchuk, “Privacy Preserving Monitoring and Surveillance inSensor Networks,” IPSA, LNCS 4743, pp. 485-492, 2007.[11] M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich, “Scifi-a systemfor secure face identification,” Proc. of IEEE S&P;, 2010.[12] P. Paillier, “Public-Key Cryptosystems Based on Composite DegreeResiduosity Classes,” Eurocrypt, LNCS 1592, pp. 223-238, 1999.[13] Z. Qin, Jingbo Yan, K. Ren, C.-W. Chen, C. Wang, “Towards EfficientPrivacy-preserving Image Feature Extraction in Cloud Computing,” Proc.ACM Multimedia, pp. 497-506, 2014.[14] A. Rezai and P. Keshavarzi, “High-performance modular exponentiationalgorithm by using a new modified modular multiplication algorithm andcommon-multiplicand-multiplication method,” 2011 World Congress onInternet Security (WorldCIS), pp. 192-197, 2011.[15] J. Shashank, P. Kowshik, K. Srinathan, and C. Jawahar, “Private Contentbased Image Retrieval,” IEEE CVPR, pp. 1-8, 2008.[16] B. Sheng and Q. Li, “Verifiable privacy-preserving range query in two-tiered sensor networks,” IEEE INFOCOM, 2008.[17] J. Shi, R. Zhang, and Y. Zhang, “Secure range queries in tiered sensornetworks,” IEEE INFOCOM, 2009.[18] Y.-T. Tsou et al., “Privacyand Integrity-Preserving Range Query inWireless Sensor Networks,” Proc. IEEE GLOBECOM, 2012.[19] S. Voloshynovskiy, F. Beekhof, O. Koval, and T. Holotyak, “On PrivacyPreserving Search in Large Scale Distributed Systems: A Signal Process-ing View on Searchable Encryption,” J. Guajardo and A. Piva (Eds.):SPEED 2009 (Electronic Proceedings), pp. 2-21, 2009.[20] C.-M. Yu, C.-S. Lu, and S.-Y. Kuo, “Practical and Secure Multidimen-sional Queries in Tiered Sensor Networks,” IEEE Trans. on InformationForensics and Security, vol. 6, no. 2, pp. 241-255, 2011.[21] R. Zhang, J. Shi, and Y. Zhang, “Secure Multidimensional RangeQueries in Sensor Networks,” ACM MobiHoc, 2009.[22] P. Zheng and J.-W. Huang, “Implementation of the Discrete WaveletTransform and Multiresolution Analysis in the Encrypted Domain,” ACMMultimedia Conference, 2011.