Skip to main content
SpringerLink
Log in

Self-enforcing Private Inference Control

  • Conference paper
Provable Security (ProvSec 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5848))

Included in the following conference series:

  • 434 Accesses

Abstract

Private inference control enables simultaneous enforcement of inference control and protection of users’ query privacy. Private inference control is a useful tool for database applications, especially when users are increasingly concerned about individual privacy nowadays. However, protection of query privacy on top of inference control is a double-edged sword: without letting the database server know the content of user queries, users can easily launch DoS attacks. To assuage DoS attacks in private inference control, we propose the concept of self-enforcing private inference control, whose intuition is to force users to only make inference-free queries by enforcing inference control themselves; otherwise, penalty will inflict upon the violating users.

Towards instantiating the concept, we formalize a model on self- enforcing private inference control, and propose a concrete provably secure scheme, based on Woodruff and Staddon’s work. In our construction, “penalty” is instantiated to be a deprivation of users’ access privilege: so long as a user makes an inference-enabling query, his access privilege is forfeited and he is rejected to query the database any further. We also discuss several important issues that complement and enhance the basic scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aiello, W., Ishai, Y., Reingold, O.: Priced Oblivious Transfer: How to Sell Digital Goods. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 119–135. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Adam, N.R., Wortmann, J.C.: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Computing Surveys 21(4), 516–556 (1989)

    Article  Google Scholar 

  3. Brodsky, A., Farkas, C., Jajodia, S.: Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures. IEEE Trans. Knowledge and Data Engineering 12(6), 1–20 (2000)

    Article  Google Scholar 

  4. Chin, F.Y.: Security Problems on Inference Control for SUM, MAX, and MIN queries. J. ACM (33), 451–464 (1986)

    Article  MathSciNet  Google Scholar 

  5. Chor, B., Giboa, N., Naor, M.: Private Information Retrieval by Keywords. Technical Report CS0917, Israel Institute of Technology (1997)

    Google Scholar 

  6. Chor, B., Gilboa, N.: Computationally private information retrivial. In: Proc. 29th STOC, pp. 304–313 (1997)

    Google Scholar 

  7. Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. Journal of the ACM (1995)

    Google Scholar 

  8. Chin, F.Y., Kossowski, P., Loh, S.C.: Efficient Inference Control for Range Sum Queries. Theor. Comput. Sci. 32, 77–86 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  9. Cachin, C., Micali, S., Stadler, M.: Computationally Private Information Retrieval with Polylogarithmic Communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 402. Springer, Heidelberg (1999)

    Google Scholar 

  10. Chin, F.Y., Özsoyoglu, G.: Auditing and Inference Control in Statistical Database. IEEE Trans. Softw. Eng. 6, 574–582 (1982)

    Article  Google Scholar 

  11. Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)

    MATH  Google Scholar 

  12. Denning, D.E., Denning, P.J., Schwartz, M.D.: The Tracker: A threat to Statistical Database Security. ACM Trans. Database Systems 4(1), 76–96 (1979)

    Article  Google Scholar 

  13. Dobkin, D., Jones, A.K., Lipton, R.J.: Secure Databases: Protection Against User Influence. ACM Trans. Database Systems 4(1), 97–106 (1979)

    Article  Google Scholar 

  14. Farkas, C., Jajodia, S.: The Inference Problem: A Survey. SIGKDD Explorations 4(2), 6–11 (2002)

    Article  Google Scholar 

  15. Goldreich, O.: Foundations of Cryptography: Basic Tools. The Proess of the Univeristy of Cambridge, Cambridge (2001)

    MATH  Google Scholar 

  16. Hoffman, L.J.: Modern Methods for Computer Security and Privacy. Prentice-Hall, Englewood Cliffs (1977)

    Google Scholar 

  17. Jagannathan, G., Wright, R.N.: Private Inference Control for Aggregate Database Queries. In: Proc. 7th IEEE International Conference on Data Mining Workshops, ICDMW 2007, pp. 711–716 (2007)

    Google Scholar 

  18. Kushilevitz, E., Ostrovsky, R.: Replication is not needed: single database, computationally private information retrieval. In: Proc. 38th IEEE Symp. on Foundation of Computer Science, pp. 364–373 (1997)

    Google Scholar 

  19. Lipmaa, H.: An oblivious transfer protocol with log-squared communication. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 314–328. Springer, Heidelberg (2005)

    Google Scholar 

  20. Laur, S., Lipmaa, H.: A New Protocol for Conditional Disclosure of Secrets and Its Applications. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 207–225. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Li, Y., Lu, H., Deng, R.H.: Practical Inference Control for Data Cubes (extended abstract). In: Proc. IEEE Symposium on Security and Privacy, pp. 115–120 (2006)

    Google Scholar 

  22. Malvestuto, F.M., Mezzini, M.: Auditing Sum-Queries. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 126–142. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  23. Naor, M., Pinkas, B.: Oblivious transfer and polynomial evaluation. In: Proc. 31th ACM STOC, pp. 245–254 (1999)

    Google Scholar 

  24. Paillier, P.: Public-key Cryptosystems based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)

    Google Scholar 

  25. Qian, X., Stickel, M., Karp, P., Lunt, T., Garvey, T.: Detection and Elimination of Inference Channels in Multilevel Relational Database Systems. In: Proc. IEEE Symposium on Research in Security and Privacy, S&P 1993, pp. 196–205 (1993)

    Google Scholar 

  26. Schlörer, J.: Disclosure from Statistical Databases: Quantitative Aspects of Trackers. ACM Trans. Database Systems 5(4), 467–492 (1980)

    Article  MATH  Google Scholar 

  27. Su, T., Ozsoyoglu, G.: Inference in MLS Database Systems. IEEE Trans. Knowledge and Data Engineering 3(4), 474–485 (1991)

    Article  Google Scholar 

  28. Woodruff, D., Staddon, J.: Private Inference Control. In: Proc. ACM CCS 2004, pp. 188–197 (2004)

    Google Scholar 

  29. Wang, L., Wijesekera, D., Jajodia, S.: Cardinality-based Inference Control in Sum-only Data Cubes. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 55–71. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Infocomm Research, Singapore

    Yanjiang Yang, Jianying Zhou & Feng Bao

  2. School of Information Systems, Singapore Management University,  

    Yingjiu Li

  3. Dept. of Computer Science, Jinan University, China

    Jian Weng

Authors
  1. Yanjiang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yingjiu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jian Weng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Feng Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University, 2109, Sydney, NSW, Australia

    Josef Pieprzyk

  2. School of Information Science and Technology, Sun Yat-Sen University, 510275, Guangzhou, P.R.China

    Fangguo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yang, Y., Li, Y., Weng, J., Zhou, J., Bao, F. (2009). Self-enforcing Private Inference Control. In: Pieprzyk, J., Zhang, F. (eds) Provable Security. ProvSec 2009. Lecture Notes in Computer Science, vol 5848. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04642-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04642-1_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04641-4

  • Online ISBN: 978-3-642-04642-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation