A randomized protocol for signing contracts
Communications of the ACM
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Secure Query-Processing Strategies
Computer
Database security
Generalizing data to provide anonymity when disclosing information (abstract)
PODS '98 Proceedings of the seventeenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
Protecting data privacy in private information retrieval schemes
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
One-way functions are essential for single-server private information retrieval
STOC '99 Proceedings of the thirty-first annual ACM symposium on Theory of computing
Oblivious transfer and polynomial evaluation
STOC '99 Proceedings of the thirty-first annual ACM symposium on Theory of computing
A security machanism for statistical database
ACM Transactions on Database Systems (TODS)
Privacy-preserving data mining
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Communications of the ACM
The statistical security of a statistical database
ACM Transactions on Database Systems (TODS)
SIAM Journal on Computing
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
The inference problem: a survey
ACM SIGKDD Explorations Newsletter
Revealing information while preserving privacy
Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
FOCS '95 Proceedings of the 36th Annual Symposium on Foundations of Computer Science
Replication is not needed: single database, computationally-private information retrieval
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
DMKD '03 Proceedings of the 8th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery
Detection and Elimination of Inference Channels in Multilevel Relational Database Systems
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Practical Techniques for Searches on Encrypted Data
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Computationally private information retrieval with polylogarithmic communication
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Single database private information retrieval implies oblivious transfer
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Establishing and protecting digital identity in federation systems
Proceedings of the 2005 workshop on Digital identity management
Establishing and protecting digital identity in federation systems
Journal of Computer Security - The First ACM Workshop on Digital Identity Management -- DIM 2005
Accurate and large-scale privacy-preserving data mining using the election paradigm
Data & Knowledge Engineering
Self-enforcing Private Inference Control
ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Practical issues on privacy-preserving health data mining
PAKDD'07 Proceedings of the 2007 international conference on Emerging technologies in knowledge discovery and data mining
On the feasibility of consistent computations
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Hi-index | 0.00 |
Access control can be used to ensure that database queries pertaining to sensitive information are not answered. This is not enough to prevent users from learning sensitive information though, because users can combine non-sensitive information to discover something sensitive. Inference control prevents users from obtaining sensitive information via such "inference channels", however, existing inference control techniques are not private - that is, they require the server to learn what queries the user is making in order to deny inference-enabling queries. We propose a new primitive - private inference control (PIC) -which is a means for the server to provide inference control without learning what information is being retrieved. PIC is a generalization of private and symmetrically-private information retrieval (PIR/SPIR). While it is straightforward to implement access control using PIR (simply omit sensitive information from the database), it is nontrivial to implement inference control efficiently. We measure the efficiency of a PIC protocol in terms of its communication complexity, its round complexity, and the work the server performs per query. Under existing cryptographic assumptions, we give a PIC scheme which is simultaneously optimal, up to logarithmic factors, in the work the server performs per query, the total communication complexity, and the number of rounds of interaction. We also present a scheme requiring more communication but sufficient storage of state by the server to facilitate private user revocation. Finally, we present a generic reduction which shows that one can focus on designing PIC schemes for which the inference channels take a particularly simple threshold form.