Controlling Data Disclosure in Computational PIR Protocols
Private Information Retrieval (PIR) protocols allow users to learn data items stored at a server which is not fully trusted, without dis closing to the server the particular data element retrieved. Several PIR protocols have been proposed, which provide strong guaran tees on user privacy. Nevertheless, in many application scenarios it is important to protect the database as well. In this paper, we inves tigate the amount of data disclosed by the the most prominent PIR protocols during a single run. We show that a malicious user can stage attacks that allow an excessive amount of data to be retrieved from the server. Furthermore, this vulnerability can be exploited even if the client follows the legitimate steps of the PIR protocol, hence the malicious request can not be detected and rejected by the server. We devise mechanisms that limit the PIR disclosure to a single data item.
Data disclosure private information retrieval oblivious transfer
Ning Shang Gabriel Ghinita Yongbin Zhou Elisa Bertino
Purdue University West Lafayette, IN, USAp Purdue University West Lafayette, IN, USA
国际会议
北京
英文
310-313
2010-04-13(万方平台首次上网日期,不代表论文的发表时间)