Sciweavers

CCS
2010
ACM

Controlling data disclosure in computational PIR protocols

14 years 4 months ago
Controlling data disclosure in computational PIR protocols
Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without disclosing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guarantees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we investigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item. Categories and Subject Descriptors H.2.7 [Database Management]: Database Administration—Security, integrity,...
Ning Shang, Gabriel Ghinita, Yongbin Zhou, Elisa B
Added 02 Aug 2010
Updated 02 Aug 2010
Type Conference
Year 2010
Where CCS
Authors Ning Shang, Gabriel Ghinita, Yongbin Zhou, Elisa Bertino
Comments (0)