Private and Scalable Execution of SQL Aggregates on a Secure Decentralized Architecture

Quoc-Cuong To, Benjamin Nguyen, Philippe Pucheral
2016 ACM Transactions on Database Systems  
Private and Scalable Execution of SQL Aggregates on a Secure Decentralized Architecture  QUOC-CUONG TO, Inria and University of Versailles St-Quentin, PRiSM lab BENJAMIN NGUYEN, INSA Centre Val de Loire, LIFO lab PHILIPPE PUCHERAL, Inria and University of Versailles St-Quentin, PRiSM lab Current applications, from complex sensor systems (e.g. quantified self) to online e-markets acquire vast quantities of personal information which usually end-up on central servers where they are exposed to
more » ... ing eyes. Conversely, decentralized architectures helping individuals keep full control of their data, complexify global treatments and queries, impeding the development of innovative services. This paper precisely aims at reconciling individual's privacy on one side and global benefits for the community and business perspectives on the other side. It promotes the idea of pushing the security to secure hardware devices controlling the data at the place of their acquisition. Thanks to these tangible physical elements of trust, secure distributed querying protocols can reestablish the capacity to perform global computations, such as SQL aggregates, without revealing any sensitive information to central servers. This paper studies how to secure the execution of such queries in the presence of honest-but-curious and malicious attackers. It also discusses how the resulting querying protocols can be integrated in a concrete decentralized architecture. Cost models and experiments on SQL/AA, our distributed prototype running on real tamperresistant hardware, demonstrate that this approach can scale to nationwide applications. 4 This paper is an extended and restructured version of [To et al. 2014a ]. The new material covers a set of important problems that need to be solved to make the approach practical: cryptographic key management, accuracy and latency of the collection phase, access control management. The security analysis was also improved to address stronger attackers with more knowledge. A solution was also proposed to prevent malicious attackers from deleting the data, ensuring the completeness of the result. In addition, it validates our cost model thanks to performance measurement performed on real secure hardware. This version also integrates more detailed results and a performance comparison with state of the art methods.
doi:10.1145/2894750 fatcat:r77h6y2jkfdfjjwxhypjqixbdy