Abstract
Exponential growth in digital information gathering, storage, and processing capabilities inexorably leads to conflict between wellintentioned government or commercial datamining, and fundamental privacy interests of individuals and organizations. This paper proposes a mechanism that provides cryptographic fetters on the mining of personal data, enabling efficient mining of previously-negotiated properties, but preventing any other uses of the protected personal data. Our approach does not rely on complete trust in the analysts to use the data appropriately, nor does it rely on incorruptible escrow agents. Instead, we propose conditional data escrow where the data generators, not the analysts, hold the keys to the data, but analysts can verify that the prenegotiated queries are enabled. Our solution relies on verifiable, anonymous, and deterministic commitments which play the role of tags that mark encrypted entries in the analyst’s database. The database owner cannot learn anything from the encrypted entries, or even verify his guess of the plaintext on which these entries are based. On the other hand, the verifiable and deterministic property ensures that the entries are marked with consistent tags, so that the database manager learns when the number of entries required to enable some query reaches the pre-negotiated threshold.
Partially supported by ONR Grants N00014-02-1-0109 and N00014-01-1-0837, DARPA contract 9N66001-00-C-8015 and NSF grant INT98-15731.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Abadi and J. Feigenbaum. A simple protocol for secure circuit evaluation. In Proc. STACS’ 88, pages 264–272, 1988.
M. Abadi and P. Rogaway. Reconciling two views of cryptography (the computational soundness of formal encryption).J. Cryptology, 15(2):103–127, 2002.
M. Bellare, A. Boldyreva, A. Desai, and D. Pointcheval. Key-privacy in public-key encryption. In Proc. ASIACRYPT’ 01, pages 566–582, 2001.
D. Boneh and R. Ostrovsky. Search on encrypted data, 2002.
D. Boneh. The decisional Difie-Hellman problem. In Proc. 3rd Algorithmic Number Theory Symposium, volume 1423 of LNCS, pages 48–63. Springer-Verlag, 1998.
M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proc. ACM Conference on Computer and Communications Security, pages 62–73, 1993.
S. Brands. Rethinking Public Key Infrastructure and Digital Certificates-Building in Privacy. MIT Press, Cambridge, MA, 2000.
D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In Proc. CRYPTO’ 88, volume 403 of LNCS, pages 319–327. Springer-Verlag, 1988.
B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. J. ACM, 45(6):965–981, 1998.
D. Chaum. Blind signatures for untracable payments. In Proc. CRYPTO’ 82, pages 199–203, 1982.
J. Camenisch and A. Lysyanskaya. An efficient system for nontransferable anonymous credentials with optional anonymity revocation. In Proc. EUROCRYPT’ 01, volume 2045 of LNCS, pages 93–118. Springer-Verlag, 2001.
D. Chaum and T. Pedersen. Wallet databases with observers. In Proc. CRYPTO’ 92, volume 740 of LNCS, pages 89–105. Springer-Verlag, 1992.
Y. Desmedt and Y. Frankel. Threshold cryptosystems. In Proc. CRYPTO’ 89, volume 435 of LNCS, pages 307–315. Springer-Verlag, 1989.
A. Evfimievski, R. Srikant, R. Agrawal, and J. Gehrke. Privacy preserving mining of association rules. In Proc. 8th ACM SIGKDD Int’l Conference on Knowledge Discovery in Databases and Data Mining, 2002.
P. Feldman. A practical scheme for non-interactive verifiable secret sharing. In Proc. 28th IEEE Symposium on Foundations of Comp. Science, pages 427–438, 1987.
Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin. Protecting data privacy in private inforomation retrieval schemes. In Proc. 31th Annual ACM Symposium on Theory of Computing, pages 151–160, 1998.
O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game or a completeness theorem for protocols with and honest majority. In Proc. 19th Annual ACM Symposium on Theory of Computing, pages 218–229, 1987.
D. Goldschlag, M. Reed, and P. Syverson. Onion routing for anonymous and private Internet connections. Communications of the ACM, 42(2):39–41, 1999.
J. Kilian and F.T. Leighton. Fair cryptosystems, revisited. In Proc. EUROCRYPT’ 95, volume 963 of LNCS, pages 208–220. Springer-Verlag, 1995.
J. Kilian and E. Petrank. Identity escrow. In Proc. CRYPTO’ 98, volume 1462 of LNCS, pages 169–185. Springer-Verlag, 1998.
A. Kiayias and M. Yung. Secure games with polynomial expressions. In ICALP’ 01, pages 939–950, 2001.
Y. Lindell and B. Pinkas. Privacy preserving data mining. In Proc. CRYPTO’ 00, volume 1880 of LNCS, pages 36–47. Springer-Verlag, 2000.
S. Micali. Fair public-key cryptosystems. In Proc. CRYPTO’ 92, volume 740 of LNCS, pages 113–138. Springer-Verlag, 1992.
M. Naor and B. Pinkas. Oblivious transfer and polynomial evaluation. In Proc. 31th Annual ACM Symposium on Theory of Computing, pages 245–254, 1998.
C.P. Schnorr. Efficient signature generation by smart cards. J. Cryptology, 4(3):161–174, 1991.
A. Shamir. How to share a secret. Communications of the ACM, 22(11):612–613, 1979.
D.X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Proc. IEEE Symposium on Security and Privacy, pages 44–55, 2000.
A.C. Yao. Protocols for secure computations. In Proc. 23rd IEEE Symposium on Foundations of Comp. Science, pages 160–164, 1982.
A. Young and M. Yung. Auto-recoverable and auto-certifiable cryptosystems. In Proc. EUROCRYPT’ 98, volume 1043 of LNCS pages 17–31. Springer-Verlag, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jarecki, S., Lincoln, P., Shmatikov, V. (2003). Negotiated Privacy. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds) Software Security — Theories and Systems. ISSS 2002. Lecture Notes in Computer Science, vol 2609. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36532-X_7
Download citation
DOI: https://doi.org/10.1007/3-540-36532-X_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00708-1
Online ISBN: 978-3-540-36532-7
eBook Packages: Springer Book Archive