When Differential Privacy Meets Query Control: A Hybrid Framework for Practical Range Query Leakage Quantification and Mitigation

Abstract

Encrypted range schemes are becoming increasingly attractive for commercial databases, as they allow for confidential query service on encrypted databases hosted on remote servers. These schemes, by design, leak specific patterns such as access, volume, and search patterns. However, they are vulnerable to leakage-abuse attacks (LAAs) that exploit these patterns to reconstruct the plaintext databases. In response, the query control paradigms have emerged, with our preceding framework, RangeQC, being a notable example. These paradigms probe deeper into the intricacies of granular user query access control, advancing beyond past scheme-level efforts and acting as sentinels against the inadvertent leakage of delicate data patterns. While RangeQC aimed to regulate high-leakage queries through query control, it encountered usability impediments. Acknowledging that query control alone might be insufficient, we introduce an additional layer of protection in our evolved framework, RangeQC+. This fusion model combines query control with differential privacy-based data perturbation, a proactive strategy to muddle query responses and yield obfuscated leakage patterns. Complementing this approach, RangeQC+ incorporates refined, noise-resistant leakage metrics for accurate pattern analysis. Through comprehensive assessments and comparative analysis, RangeQC+ consistently showcases a balanced blend of enhanced performance, robust privacy, and user-friendly functionality.