Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Privacy-Preserving Graph Encryption Scheme Based on Oblivious RAM

Seyni Kane, Anis Bkakria

TL;DR

This work addresses secure shortest-path queries on graphs stored on untrusted servers by preventing leakage of graph structure and query intent. It proposes TOGES, a privacy-preserving graph encryption scheme that combines Oblivious RAM (ORAM) with Trusted Execution Environments (TEEs) to achieve AP indistinguishability and QP indistinguishability for SPSP queries, with adaptive security guarantees under a leakage model $\\mathcal{L}$. Building on the GKT graph encryption framework, the authors present a basic OBGE construction and a TEEs-enhanced version, along with a formal security analysis and a practical evaluation on a real OpenStreetMap-derived Paris dataset. The results demonstrate practical performance and scalability, leveraging a server-side enclave to reduce client storage and employing recursive ORAM to fit within TEE constraints, thereby enabling private, efficient graph queries in realistic deployments.

Abstract

Graph encryption schemes play a crucial role in facilitating secure queries on encrypted graphs hosted on untrusted servers. With applications spanning navigation systems, network topology, and social networks, the need to safeguard sensitive data becomes paramount. Existing graph encryption methods, however, exhibit vulnerabilities by inadvertently revealing aspects of the graph structure and query patterns, posing threats to security and privacy. In response, we propose a novel graph encryption scheme designed to mitigate access pattern and query pattern leakage through the integration of oblivious RAM and trusted execution environment techniques, exemplified by a Trusted Execution Environment (TEE). Our solution establishes two key security objectives: (1) ensuring that adversaries, when presented with an encrypted graph, remain oblivious to any information regarding the underlying graph, and (2) achieving query indistinguishability by concealing access patterns. Additionally, we conducted experimentation to evaluate the efficiency of the proposed schemes when dealing with real-world location navigation services.

A Privacy-Preserving Graph Encryption Scheme Based on Oblivious RAM

TL;DR

This work addresses secure shortest-path queries on graphs stored on untrusted servers by preventing leakage of graph structure and query intent. It proposes TOGES, a privacy-preserving graph encryption scheme that combines Oblivious RAM (ORAM) with Trusted Execution Environments (TEEs) to achieve AP indistinguishability and QP indistinguishability for SPSP queries, with adaptive security guarantees under a leakage model . Building on the GKT graph encryption framework, the authors present a basic OBGE construction and a TEEs-enhanced version, along with a formal security analysis and a practical evaluation on a real OpenStreetMap-derived Paris dataset. The results demonstrate practical performance and scalability, leveraging a server-side enclave to reduce client storage and employing recursive ORAM to fit within TEE constraints, thereby enabling private, efficient graph queries in realistic deployments.

Abstract

Graph encryption schemes play a crucial role in facilitating secure queries on encrypted graphs hosted on untrusted servers. With applications spanning navigation systems, network topology, and social networks, the need to safeguard sensitive data becomes paramount. Existing graph encryption methods, however, exhibit vulnerabilities by inadvertently revealing aspects of the graph structure and query patterns, posing threats to security and privacy. In response, we propose a novel graph encryption scheme designed to mitigate access pattern and query pattern leakage through the integration of oblivious RAM and trusted execution environment techniques, exemplified by a Trusted Execution Environment (TEE). Our solution establishes two key security objectives: (1) ensuring that adversaries, when presented with an encrypted graph, remain oblivious to any information regarding the underlying graph, and (2) achieving query indistinguishability by concealing access patterns. Additionally, we conducted experimentation to evaluate the efficiency of the proposed schemes when dealing with real-world location navigation services.
Paper Structure (31 sections, 2 theorems, 1 equation, 1 figure, 3 algorithms)

This paper contains 31 sections, 2 theorems, 1 equation, 1 figure, 3 algorithms.

Table of Contents

  1. Introduction
  2. Our Contributions
  3. Organization of the paper
  4. Related Work
  5. Preliminaries
  6. Graph
  7. SP-matrix ghosh2021efficient
  8. GKT
  9. Leakage of the GKT Scheme
  10. Attacks on the GKT Scheme
  11. System and Security Models
  12. System Model
  13. Assumptions and Attacker Model
  14. Security Goals
  15. Syntax
  16. ...and 16 more sections

Key Result

theorem thmcountertheorem

If $P$ is a secure PRF, SKE is correct and the ORAM is correct, then OBGE is correct.

Figures (1)

  • Figure 1: Time Required for Path Query Response in Varying recursive ORAM Depths

Theorems & Definitions (6)

  • definition thmcounterdefinition: SP-matrixcormen2001introduction
  • definition thmcounterdefinition
  • theorem thmcountertheorem: Correctness of OBGE
  • proof
  • theorem thmcountertheorem: Security of OBGE
  • proof