UT DALLAS Erik Jonsson School of Engineering & Computer Science

FEARLESS engineering

BigSecret: A Secure Data Management Framework for

Key-Value StoresErman Pattuk

Murat KantarciogluVaibhav KhadilkarHuseyin Ulusoy

Sharad Mehrotra (Univ. of California at Irvine)

FEARLESS engineering

Introduction

• Increasing amount of internet usage– Number of active users– Number of transactions per unit time– Size of the stored data– A new concept: BigData

• Existing techniques failed to satisfy new requirements

• To cope with BigData, Key-Value Stores emerge as a popular option– Efficiency and Scalability

FEARLESS engineering

Introduction

AmazonSimpleDB

GoogleBigTable

MicrosoftAzure…

Key Valuepattuk_erman:bank 1919381pattuk_erman:ssn 1928319ulusoy_huseyin:bank 4476861

ulusoy_huseyin:ssn 1148793

FEARLESS engineering

Proposed Framework: BigSecret

Public

Private

AmazonSimpleDB

GoogleBigTable

MicrosoftAzure

…

BigSecret

Dept 1

Dept 2

FEARLESS engineering

Outline

• Partitioning data among multiple cloud providers

• Storing data on a provider, while protecting efficiency and privacy

• Querying outsourced data• Experiments

FEARLESS engineering

Data and Workload Sharing

BigSecret

Data Owner

Provider-1

Provider-2

Provider-3

Constraints

FEARLESS engineering

Constraints in Partitioning

BigSecret

Provider-1

Provider-2

Provider-N…Monetary Cost < 10

Security Disclosure < 5%Optimize Execution Time

10% Data20% Workload

20% Data10% Workload

15% Data13% Workload

FEARLESS engineering

Storing Data in Secure Form

• Transform data using Encryption Models

FEARLESS engineering

Query Execution

BigSecret Provider-1

GET:“John” – “traits” – “height”

GET:A12C04 – BF2139 – 51231D

RESULT:1295DC10

RESULT:“170 cm”

FEARLESS engineering

Experiments

• Performed experiments using Yahoo! Cloud Serving Benchmark

• Created tables consisting of 1,2,4,8,16, and 32 Millions of rows– Each row has 10 Key-Value entries of 100B

• Created 3 different workloads– 1K queries for single-cloud experiments– 100K queries for multi-cloud experiments

FEARLESS engineering

Single-Cloud Experiments

Workload – 1 (Get intensive)

FEARLESS engineering

Single-Cloud Experiments

Workload – 2 (Put intensive)

FEARLESS engineering

Single-Cloud Experiments

Workload – 3 (Scan intensive)

FEARLESS engineering

Multi-Cloud Experiments

ProviderProperties Provider 1 Provider 2

Storage Plaintext Model-1

Risk weight 1 0.7

Speed Fast Slow

Monetary cost $700 $3700

Sensitivity disclosure risk %100 %70

FEARLESS engineering

Multi-Cloud Experiments

Workload – 3 (Scan intensive)

FEARLESS engineering

Conclusion

• If Scan is needed, Model-1 can be used– Otherwise, it’s not so efficient– May use other techniques to support Scan

• Model-2 and 3 perform well with minor overhead

• We plan to add support for other Key-Value stores

• BigSecret is open source– https://github.com/ermanpattuk/BigSecret

FEARLESS engineering

Q&A

Thank You