Abstract
Private inference control enables simultaneous enforcement of inference control and protection of users’ query privacy. Private inference control is a useful tool for database applications, especially when users are increasingly concerned about individual privacy nowadays. However, protection of query privacy on top of inference control is a double-edged sword: without letting the database server know the content of user queries, users can easily launch DoS attacks. To assuage DoS attacks in private inference control, we propose the concept of self-enforcing private inference control, whose intuition is to force users to only make inference-free queries by enforcing inference control themselves; otherwise, penalty will inflict upon the violating users.
Towards instantiating the concept, we formalize a model on self- enforcing private inference control, and propose a concrete provably secure scheme, based on Woodruff and Staddon’s work. In our construction, “penalty” is instantiated to be a deprivation of users’ access privilege: so long as a user makes an inference-enabling query, his access privilege is forfeited and he is rejected to query the database any further. We also discuss several important issues that complement and enhance the basic scheme.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aiello, W., Ishai, Y., Reingold, O.: Priced Oblivious Transfer: How to Sell Digital Goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)
Adam, N.R., Wortmann, J.C.: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Computing Surveys 21(4), 516–556 (1989)
Brodsky, A., Farkas, C., Jajodia, S.: Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures. IEEE Trans. Knowledge and Data Engineering 12(6), 1–20 (2000)
Chin, F.Y.: Security Problems on Inference Control for SUM, MAX, and MIN queries. J. ACM (33), 451–464 (1986)
Chor, B., Giboa, N., Naor, M.: Private Information Retrieval by Keywords. Technical Report CS0917, Israel Institute of Technology (1997)
Chor, B., Gilboa, N.: Computationally private information retrivial. In: Proc. 29th STOC, pp. 304–313 (1997)
Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. Journal of the ACM (1995)
Chin, F.Y., Kossowski, P., Loh, S.C.: Efficient Inference Control for Range Sum Queries. Theor. Comput. Sci. 32, 77–86 (1984)
Cachin, C., Micali, S., Stadler, M.: Computationally Private Information Retrieval with Polylogarithmic Communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 402. Springer, Heidelberg (1999)
Chin, F.Y., Özsoyoglu, G.: Auditing and Inference Control in Statistical Database. IEEE Trans. Softw. Eng. 6, 574–582 (1982)
Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)
Denning, D.E., Denning, P.J., Schwartz, M.D.: The Tracker: A threat to Statistical Database Security. ACM Trans. Database Systems 4(1), 76–96 (1979)
Dobkin, D., Jones, A.K., Lipton, R.J.: Secure Databases: Protection Against User Influence. ACM Trans. Database Systems 4(1), 97–106 (1979)
Farkas, C., Jajodia, S.: The Inference Problem: A Survey. SIGKDD Explorations 4(2), 6–11 (2002)
Goldreich, O.: Foundations of Cryptography: Basic Tools. The Proess of the Univeristy of Cambridge, Cambridge (2001)
Hoffman, L.J.: Modern Methods for Computer Security and Privacy. Prentice-Hall, Englewood Cliffs (1977)
Jagannathan, G., Wright, R.N.: Private Inference Control for Aggregate Database Queries. In: Proc. 7th IEEE International Conference on Data Mining Workshops, ICDMW 2007, pp. 711–716 (2007)
Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally private information retrieval. In: Proc. 38th IEEE Symp. on Foundation of Computer Science, pp. 364–373 (1997)
Lipmaa, H.: An oblivious transfer protocol with log-squared communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)
Laur, S., Lipmaa, H.: A New Protocol for Conditional Disclosure of Secrets and Its Applications. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 207–225. Springer, Heidelberg (2007)
Li, Y., Lu, H., Deng, R.H.: Practical Inference Control for Data Cubes (extended abstract). In: Proc. IEEE Symposium on Security and Privacy, pp. 115–120 (2006)
Malvestuto, F.M., Mezzini, M.: Auditing Sum-Queries. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 126–142. Springer, Heidelberg (2002)
Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Proc. 31th ACM STOC, pp. 245–254 (1999)
Paillier, P.: Public-key Cryptosystems based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)
Qian, X., Stickel, M., Karp, P., Lunt, T., Garvey, T.: Detection and Elimination of Inference Channels in Multilevel Relational Database Systems. In: Proc. IEEE Symposium on Research in Security and Privacy, S&P 1993, pp. 196–205 (1993)
Schlörer, J.: Disclosure from Statistical Databases: Quantitative Aspects of Trackers. ACM Trans. Database Systems 5(4), 467–492 (1980)
Su, T., Ozsoyoglu, G.: Inference in MLS Database Systems. IEEE Trans. Knowledge and Data Engineering 3(4), 474–485 (1991)
Woodruff, D., Staddon, J.: Private Inference Control. In: Proc. ACM CCS 2004, pp. 188–197 (2004)
Wang, L., Wijesekera, D., Jajodia, S.: Cardinality-based Inference Control in Sum-only Data Cubes. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 55–71. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, Y., Li, Y., Weng, J., Zhou, J., Bao, F. (2009). Self-enforcing Private Inference Control. In: Pieprzyk, J., Zhang, F. (eds) Provable Security. ProvSec 2009. Lecture Notes in Computer Science, vol 5848. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04642-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-04642-1_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04641-4
Online ISBN: 978-3-642-04642-1
eBook Packages: Computer ScienceComputer Science (R0)