A Private Information Retrieval (PIR) protocol allows a database user, or client, to obtain information from a data-base in a manner that prevents the database from knowing which data was retrieved. Although substantial progress has been made in the discovery of computationally PIR (cPIR) protocols with reduced communication complexity, there has been relatively little work in reducing the computational complexity of cPIR protocols. In particular, Sion [18] argues that existing cPIR protocols are slower than the trivial PIR protocol (in overall performance). In this paper, we present a new family of cPIR protocols with a variety of security and performance properties. Our protocols enable much lower CPU overhead for the database server. When the database is viewed as a bit sequence, only addition operations are performed by the database server. We can view our protocol as a middle ground between the trivial protocol (fastest possible computational complexity and slowest possible communication complexity) and protocols such as Gentry-Ramzan [6] (fast communication complexity but slower computational complexity). This middle ground enjoys a much better overall performance. The security of the general version of our protocol depends on either a trapdoor group assumption or sender anonymity [14], and we present two specialized versions, the first of which depends on the trapdoor group assumption, and the second which depends on the sender anonymity assumption. We may view both Gentry-Ramzan and our cPIR protocol as instances of a more general new construct: the trapdoor group. In a trapdoor group, knowledge of the trapdoor allows efficient computation of an inversion problem, such as computing discrete logarithms. Without the trapdoor, it is computationally hard to solve the inversion problem. For our protocol, we assume, roughly speaking, that given only the elements be 1 , . . . , be t in the group Z m , where e i < m/t and t is small, it is hard to compute low order bits of the group order m. One version of our cPIR protocol depends only on sender anonymity, which to our knowledge, is the first cPIR protocol to depend only on an anonymity assumption. Our prototype implementation shows that our performance compares favorably with existing cPIR protocols.
DNS is vulnerable to cache poisoning attacks, whereby an attacker sends a spoofed reply to its own query. Historically, an attacker only needed to guess a predictable, or more recently, a 16 bit pseudorandom ID in order to be successful. The Kaminsky attack [7] demonstrated successful poisoning attacks that required only 6 seconds on typical networks. Since then, source port randomization (spr) has been used for additional protection. Nevetheless, E. Polyakov demonstrated successful poisoning attacks against spr given a Gigabit network, on the order of 10 hours. Even with slower network speeds, an attack is likely to be successful in a moderate time period. DNSSEC [3] will provide a strong countermeasure to poisoning as well as other attacks against the DNS. However, until DNSSEC is actually deployed, there is a need for additional countermeasures that can be deployed in the near term. In this paper, we describe a new approach that is based on detecting a poisoning attack, then sending an additional request for the same DNS Resource Record. Since the defense is only activated when attacks occur, we expect the performance impact to be minimal. The countermeasure requires no changes to the DNS standards, and only requires modifications to the caching server. Thus it can be deployed incrementally in order to obtain immediate security benefits. We show that our proposed defense makes poisoning attacks substantially more difficult. We have implemented the countermeasure using a local proxy for the BIND caching server, and our tests show that the performance impact is minimal.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.