Controlling data disclosure in computational PIR protocols

Ning Shang; Gabriel Ghinita; Yongbin Zhou; Elisa Bertino

doi:10.1145/1755688.1755727

Controlling data disclosure in computational PIR protocols

Ning Shang^*, Gabriel Ghinita, Yongbin Zhou, Elisa Bertino

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

7 Citations (Scopus)

Abstract

Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without disclosing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guarantees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we investigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item.

Original language	English
Title of host publication	Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010
Pages	310-313
Number of pages	4
DOIs	https://doi.org/10.1145/1755688.1755727
Publication status	Published - 2010
Externally published	Yes
Event	5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010 - Beijing, China Duration: 13 Apr 2010 → 16 Apr 2010

Publication series

Name	Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

Conference

Conference	5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010
Country/Territory	China
City	Beijing
Period	13/04/10 → 16/04/10

Keywords

data disclosure
oblivious transfer
private information retrieval

Access to Document

10.1145/1755688.1755727

Cite this

Shang, N., Ghinita, G., Zhou, Y., & Bertino, E. (2010). Controlling data disclosure in computational PIR protocols. In Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010 (pp. 310-313). (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010). https://doi.org/10.1145/1755688.1755727

@inproceedings{36a36aadf02b472799878784b038de88,

title = "Controlling data disclosure in computational PIR protocols",

abstract = "Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without disclosing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guarantees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we investigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item.",

keywords = "data disclosure, oblivious transfer, private information retrieval",

author = "Ning Shang and Gabriel Ghinita and Yongbin Zhou and Elisa Bertino",

year = "2010",

doi = "10.1145/1755688.1755727",

language = "English",

isbn = "9781605589367",

series = "Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010",

pages = "310--313",

booktitle = "Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010",

note = "5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010 ; Conference date: 13-04-2010 Through 16-04-2010",

}

Shang, N, Ghinita, G, Zhou, Y & Bertino, E 2010, Controlling data disclosure in computational PIR protocols. in Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 310-313, 5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010, Beijing, China, 13/04/10. https://doi.org/10.1145/1755688.1755727

Controlling data disclosure in computational PIR protocols. / Shang, Ning; Ghinita, Gabriel; Zhou, Yongbin et al.
Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. 2010. p. 310-313 (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Controlling data disclosure in computational PIR protocols

AU - Shang, Ning

AU - Ghinita, Gabriel

AU - Zhou, Yongbin

AU - Bertino, Elisa

PY - 2010

Y1 - 2010

N2 - Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without disclosing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guarantees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we investigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item.

AB - Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without disclosing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guarantees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we investigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item.

KW - data disclosure

KW - oblivious transfer

KW - private information retrieval

UR - http://www.scopus.com/inward/record.url?scp=77954491539&partnerID=8YFLogxK

U2 - 10.1145/1755688.1755727

DO - 10.1145/1755688.1755727

M3 - Conference contribution

AN - SCOPUS:77954491539

SN - 9781605589367

T3 - Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

SP - 310

EP - 313

BT - Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010

T2 - 5th ACM Symposium on Information, Computer and Communication Security, ASIACCS 2010

Y2 - 13 April 2010 through 16 April 2010

ER -

Shang N, Ghinita G, Zhou Y, Bertino E. Controlling data disclosure in computational PIR protocols. In Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010. 2010. p. 310-313. (Proceedings of the 5th International Symposium on Information, Computer and Communications Security, ASIACCS 2010). doi: 10.1145/1755688.1755727

Controlling data disclosure in computational PIR protocols

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this