Consider two organizations that wish to privately match data. They want to find common data elements (or perform a join) over two databases without revealing private information. This was the premise of a recent paper by Agrawal, Evfimievski, and Srikant. We show that Agrawal et al. only examined one point in a much larger problem set and we critique their results. We set the problem in a broader context by considering three independent design criteria and two independent threat model factors, for a total of five orthogonal dimensions of analysis.
Novel contributions include a taxonomy of design criteria for private matching, a secure data ownership certificate that can attest to the proper ownership of data in a database, a set of new private matching protocols for a variety of different scenarios together with a full security analysis. We conclude with a list of open problems in the area.
KeywordsThreat Model Security Goal Private Information Retrieval Credit Card Number Spoof Attack
Unable to display preview. Download preview PDF.
- [Agrawal et al., 2003]Agrawal, R., Evfimievski, A., and Srikant, R. (2003). Information sharing across private databases. In Proceedings of the 2003 ACM SIGMOD Int'l Conf. on Management of Data, San Diego, CA.Google Scholar
- [Agrawal et al., 2002]Agrawal, Rakesh, Kiernan, Jerry, Srikant, Ramakrishnan, and Xu, Yirong (2002). Hippocratic databases. In 28th Int'l Conf. on Very Large Databases (VLDB), Hong Kong.Google Scholar
- [Beimel and Ishai, 2001]Beimel, Amos and Ishai, Yuval (2001). Information-theoretic private information retrieval: A unified construction. Lecture Notes in Computer Science, 2076.Google Scholar
- [Bellare et al., 1996]Bellare, M., Canetti, Ran, and Krawczyk, Hugo (1996). Keying hash functions for message authentication. In Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology table of contents, pages 1–15. Lecture Notes In Computer Science archive.Google Scholar
- [Boneh and Franklin, 2004]Boneh, D. and Franklin, M. (2004). Public key encryption with keyword search. In Eurocrypt 2004, LNCS 3027, pages 56–73.Google Scholar
- [Cachin et al., 1999]Cachin, Christian, Micali, Silvio, and Stadler, Markus (1999). Computationally private information retrieval with polylogarithmic communication. Lecture Notes in Computer Science, 1592.Google Scholar
- [Canetti, 1996]Canetti, Ran (1996). Studies in Secure Multiparty Computation and Applications. PhD thesis, The Weizmann Institute of Science.Google Scholar
- [Chor et al., 1995]Chor, Benny, Goldreich, Oded, Kushilevitz, Eyal, and Sudan, Madhu (1995). Private information retrieval. In IEEE Symposium on Foundations of Computer Science, pages 41–50.Google Scholar
- [Gertner et al., 1998]Gertner, Yael, Ishai, Yuval, Kushilevitz, Eyal, and Malkin, Tal (1998). Protecting data privacy in private information retrieval schemes. In The Thirtieth Annual ACM Symposium on Theory of Computing, pages 151–160.Google Scholar
- [Goldreich et al., 1987]Goldreich, O., Micali, S., and Wigderson, A. (1987). How to play any mental game. In Proc. of 19th STOC, pages 218–229.Google Scholar
- [Goldreich, 2002]Goldreich, Oded (2002). Secure multi-party computation. Final (incomplete) draft, version 1.4.Google Scholar
- [Huberman et al., 1999]Huberman, B. A., Franklin, M., and Hogg, T. (1999). Enhancing privacy and trust in electronic communities. In ACM Conference on Electronic Commerce, pages 78–86.Google Scholar
- [Johnson et al., 2002]Johnson, Robert, Molnar, David, Song, Dawn Xiaodong, and Wagner, David (2002). Homomorphic signature schemes. In CT-RSA, pages 244–262.Google Scholar
- [Kalyanasundaram and Schnitger, 1992]Kalyanasundaram, B. and Schnitger, G. (1992). The probabilistic communication complexity of set intersection. SIAM J. Discrete Mathematics.Google Scholar
- [Menezes et al., 1996]Menezes, A., van Oorschot, P., and Vanstone, S (1996). Handbook of applied cryptography. CRC Press.Google Scholar
- [Parliament, 1995]Parliament, European (1995). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.Google Scholar
- [Song et al., 2000]Song, Dawn Xiaodong, Wagner, David, and Perrig, Adrian (2000). Practical techniques for searches on encrypted data. In IEEE Symposium on Security and Privacy, pages 44–55.Google Scholar
- [Waters et al., 2004]Waters, Brent R., Balfanz, Dirk, Durfee, Glenn, and Smetters, D.K. (2004). Building an encrypted and searchable audit log. In The 11th Annual Network and Distributed System Security Symposium.Google Scholar
- [Yao., 1986]Yao., A.C. (1986). How to generate and exchange secrets. In In Proceedings of the 27th IEEE Symposium on Foundations of Computer Science, pages 162–167.Google Scholar