Subscribe

Issue No.04 - July/August (2011 vol.8)

pp: 578-587

Alberto Trombetta , University of Insubria, Varese

Wei Jiang , Missouri Science and Technology University, Rolla

Elisa Bertino , Purdue University, West Lafayette

Lorenzo Bossi , University of Insubria, Varese

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2010.72

ABSTRACT

Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patient's medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database, respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency.

INDEX TERMS

Privacy, anonymity, data management, secure computation.

CITATION

Alberto Trombetta, Wei Jiang, Elisa Bertino, Lorenzo Bossi, "Privacy-Preserving Updates to Anonymous and Confidential Databases",

*IEEE Transactions on Dependable and Secure Computing*, vol.8, no. 4, pp. 578-587, July/August 2011, doi:10.1109/TDSC.2010.72REFERENCES

- [1] N.R. Adam and J.C. Wortmann, “Security-Control Methods for Statistical Databases: A Comparative Study,”
ACM Computing Surveys, vol. 21, no. 4, pp. 515-556, 1989.- [2] G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, and A. Zhu, “Anonymizing Tables,”
Proc. Int'l Conf. Database Theory (ICDT), 2005.- [3] R. Agrawal, A. Evfimievski, and R. Srikant, “Information Sharing across Private Databases,”
Proc. ACM SIGMOD Int'l Conf. Management of Data, 2003.- [4] C. Blake and C. Merz, “UCI Repository of Machine Learning Databases,” http://www.ics.uci.edu/mlearnMLRepository. html , 1998.
- [5] E. Bertino and R. Sandhu, “Database Security—Concepts, Approaches and Challenges,”
IEEE Trans. Dependable and Secure Computing, vol. 2, no. 1, pp. 2-19, Jan.-Mar. 2005.- [6] D. Boneh, “The Decision Diffie-Hellman Problem,”
Proc. Int'l Algorithmic Number Theory Symp., pp. 48-63, 1998.- [7] D. Boneh, G. di Crescenzo, R. Ostrowsky, and G. Persiano, “Public Key Encryption with Keyword Search,”
Proc. Eurocrypt Conf., 2004.- [8] S. Brands, “Untraceable Offline Cash in Wallets with Observers,”
Proc. CRYPTO Int'l Conf., pp. 302-318, 1994.- [9] J.W. Byun, T. Li, E. Bertino, N. Li, and Y. Sohn, “Privacy-Preserving Incremental Data Dissemination,”
J. Computer Security, vol. 17, no. 1, pp. 43-68, 2009.- [10] R. Canetti, Y. Ishai, R. Kumar, M.K. Reiter, R. Rubinfeld, and R.N. Wright, “Selective Private Function Evaluation with Application to Private Statistics,”
Proc. ACM Symp. Principles of Distributed Computing (PODC), 2001.- [11] S. Chawla, C. Dwork, F. McSherry, A. Smith, and H. Wee, “Towards Privacy in Public Databases,”
Proc. Theory of Cryptography Conf. (TCC), 2005.- [12] U. Feige, J. Kilian, and M. Naor, “A Minimal Model for Secure Computation,”
Proc. ACM Symp. Theory of Computing (STOC), 1994.- [13] M.J. Freedman, M. Naor, and B. Pinkas, “Efficient Private Matching and Set Intersection,”
Proc. Eurocrypt Conf., 2004.- [14] B.C.M. Fung, K. Wang, A.W.C. Fu, and J. Pei, “Anonymity for Continuous Data Publishing,”
Proc. Extending Database Technology Conf. (EDBT), 2008.- [15] O. Goldreich,
Foundations of Cryptography: Basic Tools, vol. 1. Cambridge Univ. Press, 2001.- [16] O. Goldreich,
Foundations of Cryptography: Basic Applications, vol. 2. Cambridge Univ. Press, 2004.- [17] H. Hacigümüş, B. Iyer, C. Li, and S. Mehrotra, “Executing SQL over Encrypted Data in the Database-Service-Provider Model,”
Proc. ACM SIGMOD Int'l Conf. Management of Data, 2002.- [18] Y. Han, J. Pei, B. Jiang, Y. Tao, and Y. Jia, “Continuous Privacy Preserving Publishing of Data Streams,”
Proc. Extending Database Technology Conf. (EDBT), 2008.- [19] US Department of Health & Human Services, Office for Civil Rights, Summary of the HIPAA Privacy Rule, 2003.
- [20] J. Li, N. Li, and W. Winsborough, “Policy-Hiding Access Control in Open Environment,”
Proc. ACM Conf. Computer and Comm. Security (CCS), 2005.- [21] J. Li, B.C. Ooi, and W. Wang, “Anonymizing Streaming Data for Privacy Protection,”
Proc. IEEE Int'l Conf. Database Eng. (ICDE), 2008.- [22] U. Maurer, “The Role of Cryptography in Database Security,”
Proc. ACM SIGMOD Int'l Conf. Management of Data, 2004.- [23] A. Meyerson and R. Williams, “On the Complexity of Optimal K-Anonymity,”
Proc. ACM Symp. Principles of Database Systems (PODS), 2004.- [24] S. Micali, M. Rabin, and J. Kilian, “Zero-Knowledge Sets,”
Proc. 44th Symp. Foundations of Computer Science, 2003.- [25] T. Pedersen, “Noninteractive and Information-Theoretic Secure Verifiable Secret Sharing,”
Lecture Notes in Computer Science, vol. 576, pp. 129-140, 1991.- [26] M. Reed, P. Syverson, and D. Goldschlag, “Anonymous Connections and Onion Routing,”
IEEE J. Selected Areas in Comm., vol. 16, no. 4, pp. 482-494, May 1998.- [27] M.K. Reiter and A. Rubin, “Crowds: Anonymity with Web Transactions,”
ACM Trans. Information and System Security (TISSEC), vol. 1, no. 1, pp. 66-92, 1998.- [28] P. Samarati, “Protecting Respondent's Privacy in Microdata Release,”
IEEE Trans. Knowledge and Data Eng., vol. 13, no. 6, pp. 1010-1027, Nov./Dec. 2001.- [29] V. Shoup, “Lower Bounds for Discrete Logarithms and Related Problems,”
Proc. Eurocrypt Conf., 1997.- [30] D.X. Song, D. Wagner, and A. Perrig, “Practical Techniques for Searches on Encrypted Data,”
Proc. IEEE Symp. Security and Privacy, 2000.- [31] M. Steiner, G. Tsudik, and M. Waidner, “Diffie-Hellman Key Distribution Extended to Group Communication,”
Proc. ACM Conf. Computer and Comm. Security, 1996.- [32] L. Sweeney, “$k$ -Anonymity: A Model for Protecting Privacy,”
Int'l J. Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, pp. 557-570, 2002.- [33] A. Trombetta and E. Bertino, “Private Updates to Anonymous Databases,”
Proc. Int'l Conf. Data Eng. (ICDE), 2006.- [34] K. Wang and B. Fung, “Anonymizing Sequential Releases,”
Proc. ACM Knowledge Discovery and Data Mining Conf. (KDD), 2006.- [35] S. Zhong, Z. Yang, and R.N. Wright, “Privacy-Enhancing $k$ -Anonymization of Customer Data,”
Proc. ACM Symp. Principles of Database Systems (PODS), 2005. |