Obfuscated databases and group privacy

Authors:
Arvind Narayanan;Vitaly Shmatikov
Affiliations:
University of Texas at Austin;University of Texas at Austin
Venue:
Proceedings of the 12th ACM conference on Computer and communications security
Year:
2005

Citing 18
Cited 16

Software protection and simulation on oblivious RAMs

Journal of the ACM (JACM)
Manufacturing cheap, resilient, and stealthy opaque constructs

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Perfectly one-way probabilistic hash functions (preliminary version)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Protecting data privacy in private information retrieval schemes

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Private information retrieval

Journal of the ACM (JACM)
Auditable metering with lighweight security

Journal of Computer Security
How to share a secret

Communications of the ACM
Watermarking, tamper-proffing, and obfuscation: tools for software protection

IEEE Transactions on Software Engineering
White-Box Cryptography and an AES Implementation

SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Pricing via Processing or Combatting Junk Mail

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Tamper Resistant Software: An Implementation

Proceedings of the First International Workshop on Information Hiding
Defending Against Denial-of-Service Attacks with Puzzle Auctions

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Practical Techniques for Searches on Encrypted Data

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
On obfuscating point functions

Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Correcting errors without leaking partial information

Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Using client puzzles to protect TLS

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Toward privacy in public databases

TCC'05 Proceedings of the Second international conference on Theory of Cryptography

Large-scale collection and sanitization of network security data: risks and challenges

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Seven privacy worries in ubiquitous social computing

Proceedings of the 3rd symposium on Usable privacy and security
Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings

Proceedings of the 9th workshop on Multimedia & security
Introducing privacy in a hospital information system

Proceedings of the fourth international workshop on Software engineering for secure systems
Hiding a Needle in a Haystack Using Negative Databases

Information Hiding
A conceptual model for privacy policies

SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
A Privacy Manager for Cloud Computing

CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Zero Knowledge in the Random Oracle Model, Revisited

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On best-possible obfuscation

TCC'07 Proceedings of the 4th conference on Theory of cryptography
Emergency Access Authorization for Personally Controlled Online Health Care Data

Journal of Medical Systems
On the (im)possibility of obfuscating programs

Journal of the ACM (JACM)
Temporal context lie detection and generation

SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
Survey Internet of things: Vision, applications and research challenges

Ad Hoc Networks
Enhancing privacy in cloud computing via policy-based obfuscation

The Journal of Supercomputing
Towards an understanding of social inference opportunities in social computing

Proceedings of the 17th ACM international conference on Supporting group work
Searchable symmetric encryption: Improved definitions and efficient constructions

Journal of Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We investigate whether it is possible to encrypt a database and then give it away in such a form that users can still access it, but only in a restricted way. In contrast to conventional privacy mechanisms that aim to prevent any access to individual records, we aim to restrict the set of queries that can be feasibly evaluated on the encrypted database.We start with a simple form of database obfuscation which makes database records indistinguishable from lookup functions. The only feasible operation on an obfuscated record is to look up some attribute Y by supplying the value of another attribute X that appears in the same record (i.e., someone who does not know X cannot feasibly retrieve Y). We then (i) generalize our construction to conjunctions of equality tests on any attributes of the database, and (ii) achieve a new property we call group privacy. This property ensures that it is easy to retrieve individual records or small subsets of records from the encrypted database by identifying them precisely, but ``mass harvesting'' queries matching a large number of records are computationally infeasible.Our constructions are non-interactive. The database is transformed in such a way that all queries except those explicitly allowed by the privacy policy become computationally infeasible, i.e.,, our solutions do not rely on any access-control software or hardware.