Security Through The Lens Of Privacy And Confidentiality Using K-Technique
Sheedhal Thomas, Shruthi Prabhakaran, Snehal Salunkhe, Pallavi Kakade, B.S.Khade
Index Terms: Anonymization, Authentication, Confidentiality, Cryptography, Decryption, Encryption, k-technique ,Privacy, Security.
Abstract: Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data areused for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patient's medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database, respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency.
. A. Trombetta and E. Bertino, “Private Updates to Anonymous Databases,” Proc. Int’l Conf. Data Eng. (ICDE), 2006.
. N.R. Adam and J.C. Wortmann, “Security-Control Methods for Statistical Databases: A Comparative Study,” ACM Computing Surveys, vol. 21, no. 4, pp. 515-556, 1989.
. L. Sweeney, “k-Anonymity: A Model for Protecting Privacy,” Int’l J. Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5,pp. 557-570, 2002.
. G. Aggarwal, T. Feder, K. Kenthapadi, R. Motwani, R. Panigrahy, D. Thomas, and A. Zhu, “Anonymizing Tables,” Proc. Int’l Conf. Database Theory (ICDT), 2005.
. S. Zhong, Z. Yang, and R.N. Wright, “Privacy-Enhancing k-Anonymization of Customer Data,” Proc. ACM Symp. Principles of Database Systems (PODS), 2005.
. O. Goldreich, Foundations of Cryptography: Basic Applications, vol. 2. Cambridge Univ. Press, 2004.
. R. Canetti, Y. Ishai, R. Kumar, M.K. Reiter, R. Rubinfeld, and R.N.Wright, “Selective Private Function Evaluation with Application to Private Statistics,” Proc. ACM Symp. Principles of Distributed Computing (PODC), 2001.
. R. Agrawal, A. Evfimievski, and R. Srikant, “Information Sharing across Private Databases,” Proc. ACM SIGMOD Int’l Conf. Management of Data, 2003.
. M.J. Freedman, M. Naor, and B. Pinkas, “Efficient Private Matching and Set Intersection,” Proc. Eurocrypt Conf., 2004.
. U. Maurer, “The Role of Cryptography in Database Security,” Proc. ACM SIGMOD Int’l Conf. Management of Data, 2004.
. D. Boneh, G. di Crescenzo, R. Ostrowsky, and G. Persiano, “Public Key Encryption with Keyword Search,” Proc. Eurocrypt Conf., 2004.
. H. Hacigu¨mu¨ s¸, B. Iyer, C. Li, and S. Mehrotra, “Executing SQL over Encrypted Data in the Database-Service-Provider Model,” Proc. ACM SIGMOD Int’l Conf. Management of Data, 2002.
. D.X. Song, D. Wagner, and A. Perrig, “Practical Techniques for Searches on Encrypted Data,” Proc. IEEE Symp. Security and Privacy, 2000.
. M. Steiner, G. Tsudik, and M. Waidner, “Diffie-Hellman Key Distribution Extended to Group Communication,” Proc. ACM Conf. Computer and Comm. Security, 1996.