Load-balanced query dissemination in privacy-aware online communities

Abstract: We propose a novel privacy-preserving distributed infrastructure in which data resides only with the publishers owning it. The infrastructure disseminates user queries to publishers, who answer them at their own discretion. The infrastructure enforces a publisher kanonymity guarantee, which prevents leakage of information about which publishers are capable of answering a certain query. Given the virtual nature of the global data collection, we study the challenging problem of efficiently locating publishers in… Show more

“…Specifically, provider p possesses a depository of private documents, D(p), on which a role-based access control policy is enforced. We assume that each document d can be described by a set of content descriptors (CD), denoted by T (d) [5] (e.g., keywords), from a finite set of CDs T . Provider p can summarizes its local data and access policy by bitmap b(p), where each column is associated with a role o and each row with a content descriptor or term t. The cell at column o and row t is a bit, with 1 meaning provider p has one or more documents matched to term t and accessible to subject role with o, and 0 otherwise.…”

“…More importantly, its publishing process is vulnerable to colluding attacks, specially in the case of an innocent provider ending up with its predecessor and successor both being malicious. Another possible technique can be used is the generic secure multi-party computation [5] which consumes considerable computation overheads.…”

“…The packet-generating process generates a (c, c)-secret packets; that is, given any less than c sub-packets, the sub-secret vi is still completely undeterminable. A set of implementations are available to generate the sub-packets 5 . In this paper, we select the simplest one: randomly and independently pick the first c − 1 sub-packets ui,j's (for j = {0, .…”

“…4 As will be discussed later, the aggregation process of vi for different terms and roles can be combined together and related messages can be piggybacked. 5 For example, Shamir's secret sharing [9] is a possible way to generate ui,j in the form of Equation 2. Specifically, for sub-secret vi, we randomly generate a polynomial gi(x), s.t.…”

“…Union query dissemination trees (or UQDT) [5] is a distributed privacy preserving index; the indexes are organized as multiple trees, which share the same set of leaf nodes, each corresponding to a disjoint privacy group of publishers/providers. In essence, each QDT can be viewed as a hierarchy of group-wise index at different granularity, and privacy preserving (defined in publisher k-anonymity) is attained in a similar group-wise way.…”

Privacy preserving indexing for eHealth information networks

“…Specifically, provider p possesses a depository of private documents, D(p), on which a role-based access control policy is enforced. We assume that each document d can be described by a set of content descriptors (CD), denoted by T (d) [5] (e.g., keywords), from a finite set of CDs T . Provider p can summarizes its local data and access policy by bitmap b(p), where each column is associated with a role o and each row with a content descriptor or term t. The cell at column o and row t is a bit, with 1 meaning provider p has one or more documents matched to term t and accessible to subject role with o, and 0 otherwise.…”

“…More importantly, its publishing process is vulnerable to colluding attacks, specially in the case of an innocent provider ending up with its predecessor and successor both being malicious. Another possible technique can be used is the generic secure multi-party computation [5] which consumes considerable computation overheads.…”

“…The packet-generating process generates a (c, c)-secret packets; that is, given any less than c sub-packets, the sub-secret vi is still completely undeterminable. A set of implementations are available to generate the sub-packets 5 . In this paper, we select the simplest one: randomly and independently pick the first c − 1 sub-packets ui,j's (for j = {0, .…”

“…4 As will be discussed later, the aggregation process of vi for different terms and roles can be combined together and related messages can be piggybacked. 5 For example, Shamir's secret sharing [9] is a possible way to generate ui,j in the form of Equation 2. Specifically, for sub-secret vi, we randomly generate a polynomial gi(x), s.t.…”

“…Union query dissemination trees (or UQDT) [5] is a distributed privacy preserving index; the indexes are organized as multiple trees, which share the same set of leaf nodes, each corresponding to a disjoint privacy group of publishers/providers. In essence, each QDT can be viewed as a hierarchy of group-wise index at different granularity, and privacy preserving (defined in publisher k-anonymity) is attained in a similar group-wise way.…”

Privacy preserving indexing for eHealth information networks

Subscription Privacy Protection in Topic-Based Pub/Sub

Integrity for join queries in the cloud