Practical Private Information Retrieval

In recent years, the subject of online privacy has been attracting much interest, especially as more Internet users than ever are beginning to care about the privacy of their online activities. Privacy concerns are even prompting legislators in some countries to demand from service providers a more privacy-friendly Internet experience for their citizens. These are welcomed developments and in stark contrast to the practice of Internet censorship and surveillance that legislators in some nations have been known to promote. The development of Internet systems that are able to protect user privacy requires private information retrieval (PIR) schemes that are practical, because no other efficient techniques exist for preserving the confidentiality of the retrieval requests and responses of a user from an Internet system holding unencrypted data. This thesis studies how PIR schemes can be made more relevant and practical for the development of systems that are protective of users’ privacy. Private information retrieval schemes are cryptographic constructions for retrieving data from a database, without the database (or database administrator) being able to learn any information about the content of the query. PIR can be applied to preserve the confidentiality of queries to online data sources in many domains, such as online patents, real-time stock quotes, Internet domain names, location-based services, online behavioural profiling and advertising, search engines, and so on. Typically, the database consists of r blocks, and the user query is an index i between 1 and r. The client first encodes the index i into a PIR query, and then forwards it to the database. The database subsequently performs some computations linear in r, and returns the result to the client. The client finally decodes the database response to obtain the block at index i. The main parameters of interest are the number of bits communicated in the interaction between the client and the database, and the amount of computation — usually server computation. In this thesis, we study private information retrieval and obtain results that seek to make PIR more relevant in practice than all previous treatments of the subject in the literature, which have been mostly theoretical. We also show that PIR is the most computationally efficient known technique for providing access privacy under realistic computation powers and network bandwidths. Our result covers all currently known varieties of PIR schemes. We provide a more detailed summary of our contributions below: • Our first result addresses an existing question regarding the computational practicality of private information retrieval schemes. We show that, unlike previously argued, recent lattice-based computational PIR schemes and multi-server informationtheoretic PIR schemes are much more computationally efficient than a trivial transfer

[1]  Jeffrey Scott Vitter,et al.  Implementing I/O-efficient Data Structures Using TPIE , 2002, ESA.

[2]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Philippe Gaborit,et al.  High-Speed Private Information Retrieval Computation on GPU , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[4]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[5]  R. Hansen,et al.  Guns and Butter : Towards Formal Axioms of Input Validation , 2005 .

[6]  R. Lippmann,et al.  An introduction to computing with neural nets , 1987, IEEE ASSP Magazine.

[7]  Joonsang Baek,et al.  On the Integration of Public Key Data Encryption and Public Key Encryption with Keyword Search , 2006, ISC.

[8]  Stephen S. Yau,et al.  Controlled privacy preserving keyword search , 2008, ASIACCS '08.

[9]  Christian Wieschebrink,et al.  Two NP-complete Problems in Coding Theory with an Application in Code Based Cryptography , 2006, 2006 IEEE International Symposium on Information Theory.

[10]  Katherine A. Heller,et al.  Bayesian hierarchical clustering , 2005, ICML.

[11]  Philippe Gaborit,et al.  A fast private information retrieval protocol , 2008, 2008 IEEE International Symposium on Information Theory.

[12]  Jan Camenisch,et al.  Oblivious Transfer with Hidden Access Control Policies , 2011, Public Key Cryptography.

[13]  Johann-Christoph Freytag,et al.  Repudiative information retrieval , 2002, WPES '02.

[14]  Stefan Richter,et al.  NISAN: network information service for anonymization networks , 2009, CCS.

[15]  Urs Hengartner,et al.  A distributed k-anonymity protocol for location privacy , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[16]  D. Cheriton,et al.  Relational-Complete Private Information Retrieval , 2007 .

[17]  Urs Hengartner Location privacy based on trusted computing and secure logging , 2008, SecureComm.

[18]  Gabriel Ghinita Understanding the privacy-efficiency trade-off in location based queries , 2008, SPRINGL '08.

[19]  Chi-Yin Chow,et al.  A peer-to-peer spatial cloaking algorithm for anonymous location-based service , 2006, GIS '06.

[20]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[21]  Klim Efremenko,et al.  3-Query Locally Decodable Codes of Subexponential Length , 2008 .

[22]  Rafail Ostrovsky,et al.  Multi-Server Oblivious RAM , 2011, IACR Cryptol. ePrint Arch..

[23]  G.E. Moore,et al.  Cramming More Components Onto Integrated Circuits , 1998, Proceedings of the IEEE.

[24]  Philippe Gaborit,et al.  A Lattice-Based Computationally-Efficient Private Information Retrieval Protocol , 2007, IACR Cryptol. ePrint Arch..

[25]  Jan Camenisch,et al.  Unlinkable Priced Oblivious Transfer with Rechargeable Wallets , 2010, Financial Cryptography.

[26]  Salvatore J. Stolfo,et al.  Privacy-Preserving Sharing of Sensitive Information , 2010, IEEE Secur. Priv..

[27]  Yang Cui,et al.  The practicality of the keyword search using PIR , 2008, 2008 International Symposium on Information Theory and Its Applications.

[28]  Femi Olumofin Cheriton,et al.  Preserving Access Privacy Over Large Databases , 2010 .

[29]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[30]  Martin Dietzfelbinger,et al.  Hash, Displace, and Compress , 2009, ESA.

[31]  Ian Goldberg,et al.  Revisiting the Computational Practicality of Private Information Retrieval , 2011, Financial Cryptography.

[32]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[33]  Amos Beimel,et al.  Robust Information-Theoretic Private Information Retrieval , 2002, Journal of Cryptology.

[34]  Emiliano De Cristofaro,et al.  Efficient Techniques for Privacy-Preserving Sharing of Sensitive Information , 2011, TRUST.

[35]  Nick Mathewson,et al.  Anonymity Loves Company: Usability and the Network Effect , 2006, WEIS.

[36]  Michael McGill,et al.  Introduction to Modern Information Retrieval , 1983 .

[37]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[38]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[39]  Nikita Borisov,et al.  A Tune-up for Tor: Improving Security and Performance in the Tor Network , 2008, NDSS.

[40]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[41]  Marco Gruteser,et al.  USENIX Association , 1992 .

[42]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[43]  Yuval Ishai,et al.  Reducing the Servers’ Computation in Private Information Retrieval: PIR with Preprocessing , 2004, Journal of Cryptology.

[44]  Nitesh Saxena,et al.  On the Privacy of Web Search Based on Query Obfuscation: A Case Study of TrackMeNot , 2010, Privacy Enhancing Technologies.

[45]  Nivio Ziviani,et al.  External perfect hashing for very large key sets , 2007, CIKM '07.

[46]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[47]  Dirk Grunwald,et al.  Low-resource routing attacks against tor , 2007, WPES '07.

[48]  Jan Camenisch,et al.  Oblivious transfer with access control , 2009, IACR Cryptol. ePrint Arch..

[49]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[50]  Helger Lipmaa,et al.  An Oblivious Transfer Protocol with Log-Squared Communication , 2005, ISC.

[51]  George Danezis,et al.  Denial of service or denial of security? , 2007, CCS '07.

[52]  Zehdreh Allen-Lafayette,et al.  Flattening the Earth, Two Thousand Years of Map Projections , 1998 .

[53]  Ian Goldberg,et al.  Privacy-Preserving Queries over Relational Databases , 2010, Privacy Enhancing Technologies.

[54]  Steve Kopp,et al.  Understanding Map Projections , 2001 .

[55]  David A. Landgrebe,et al.  A survey of decision tree classifier methodology , 1991, IEEE Trans. Syst. Man Cybern..

[56]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[57]  Peter Williams,et al.  Usable PIR , 2008, NDSS.

[58]  Johann-Christoph Freytag,et al.  Almost Optimal Private Information Retrieval , 2002, Privacy Enhancing Technologies.

[59]  Vandana Gunupudi,et al.  Generalized Non-Interactive Oblivious Transfer Using Count-Limited Objects with Applications to Secure Mobile Agents , 2008, Financial Cryptography.

[60]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[61]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[62]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[63]  Rafail Ostrovsky,et al.  Private Searching on Streaming Data , 2005, Journal of Cryptology.

[64]  Rafail Ostrovsky,et al.  Batch codes and their applications , 2004, STOC '04.

[65]  Carmela Troncoso,et al.  Scalable Anonymous Communication with Provable Security , 2010, HotSec.

[66]  Sergey Yekhanin,et al.  Locally Decodable Codes: A Brief Survey , 2011, IWCC.

[67]  Julien P. Stern A New Efficient All-Or-Nothing Disclosure of Secrets Protocol , 1998, ASIACRYPT.

[68]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[69]  Charles E. Spurgeon Ethernet: The Definitive Guide , 2000 .

[70]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[71]  Niv Gilboa,et al.  Computationally private information retrieval (extended abstract) , 1997, STOC '97.

[72]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[73]  William I. Gasarch,et al.  A Survey on Private Information Retrieval (Column: Computational Complexity) , 2004, Bull. EATCS.

[74]  Divyakant Agrawal,et al.  Generalizing PIR for Practical Private Retrieval of Public Data , 2010, DBSec.

[75]  Nicholas Hopper,et al.  Scalable onion routing with torsk , 2009, CCS.

[76]  Palash Sarkar,et al.  Symmetrically Private Information Retrieval (Extended Abstract) , 2000 .

[77]  Brent Waters,et al.  New Techniques for Private Stream Searching , 2009, TSEC.

[78]  Sean W. Smith,et al.  Practical server privacy with secure coprocessors , 2001, IBM Syst. J..

[79]  Andris Ambainis,et al.  On Lower Bounds for the Communication Complexity of Private Information Retrieval ∗ , 2000 .

[80]  Nicholas Hopper,et al.  Balancing the shadows , 2010, WPES '10.

[81]  Nick Mathewson,et al.  The pynchon gate: a secure method of pseudonymous mail retrieval , 2005, WPES '05.

[82]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[83]  George Danezis,et al.  Route Fingerprinting in Anonymous Communications , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[84]  Thomas Schneider Engineering Secure Two-Party Computation Protocols , 2012, Springer Berlin Heidelberg.

[85]  Alfred Kobsa,et al.  Tailoring Privacy to Users' Needs , 2001, User Modeling.

[86]  Rafail Ostrovsky,et al.  Private information storage (extended abstract) , 1997, STOC '97.

[87]  Xinwen Fu,et al.  CAP: A Context-Aware Privacy Protection System for Location-Based Services , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[88]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[89]  Darren Erik,et al.  Supporting I/O-Efficient Scientific Computation In TPIE* , 1995 .

[90]  Yuval Ishai,et al.  Priced Oblivious Transfer: How to Sell Digital Goods , 2001, EUROCRYPT.

[91]  Matthew Richardson,et al.  Targeted, Not Tracked: Client-Side Solutions for Privacy-Friendly Behavioral Advertising , 2011 .

[92]  P. Francis,et al.  Privacy Analysis of the Privad ∗ Privacy-preserving Advertising System , 2009 .

[93]  Karen Spärck Jones A statistical interpretation of term specificity and its application in retrieval , 2021, J. Documentation.

[94]  Nikita Borisov,et al.  Breaking the Collusion Detection Mechanism of MorphMix , 2006, Privacy Enhancing Technologies.

[95]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[96]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[97]  Sean W. Smith,et al.  Protecting client privacy with trusted computing at the server , 2005, IEEE Security & Privacy Magazine.

[98]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[99]  Roopa Vishwanathan,et al.  Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology , 2009, DBSec.

[100]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[101]  Stefan Brands,et al.  Restrictive Blinding of Secret-Key Certificates , 1995, EUROCRYPT.

[102]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[103]  Josep Domingo-Ferrer,et al.  User-private information retrieval based on a peer-to-peer community , 2009, Data Knowl. Eng..

[104]  Nicholas Hopper,et al.  Hashing it out in public: common failure modes of DHT-based anonymity schemes , 2009, WPES '09.

[105]  A. Khoshgozaran,et al.  SPIRAL: A Scalable Private Information Retrieval Approach to Location Privacy , 2008, 2008 Ninth International Conference on Mobile Data Management Workshops, MDMW.

[106]  Sergey Yekhanin,et al.  Locally Decodable Codes and Private Information Retrieval Schemes , 2010, Information Security and Cryptography.

[107]  Abraham Silberschatz,et al.  Database System Concepts , 1980 .

[108]  Xiaomin Liu,et al.  Efficient Oblivious Pseudorandom Function with Applications to Adaptive OT and Secure Computation of Set Intersection , 2009, TCC.

[109]  Ian Goldberg,et al.  Practical PIR for electronic commerce , 2011, CCS '11.

[110]  Urs Hengartner,et al.  Hiding Location Information from Location-Based Services , 2007, 2007 International Conference on Mobile Data Management.

[111]  Jan Camenisch,et al.  Private Intersection of Certified Sets , 2009, Financial Cryptography.

[112]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[113]  Gene Tsudik,et al.  A Privacy-Preserving Index for Range Queries , 2004, VLDB.

[114]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[115]  Tal Malkin,et al.  A Random Server Model for Private Information Retrieval or How to Achieve Information Theoretic PIR Avoiding Database Replication , 1998, RANDOM.

[116]  Robert H. Deng,et al.  Private Information Retrieval Using Trusted Hardware , 2006, IACR Cryptol. ePrint Arch..

[117]  George Danezis,et al.  Bridging and Fingerprinting: Epistemic Attacks on Route Selection , 2008, Privacy Enhancing Technologies.

[118]  Yuval Ishai,et al.  Protecting data privacy in private information retrieval schemes , 1998, STOC '98.

[119]  Yves Deswarte,et al.  Single-Database Private Information Retrieval Schemes : Overview, Performance Study, and Usage with Statistical Databases , 2006, Privacy in Statistical Databases.

[120]  Ari Juels,et al.  Targeted Advertising ... And Privacy Too , 2001, CT-RSA.

[121]  Siu-Ming Yiu,et al.  Oblivious Transfer with Access Control : Realizing Disjunction without Duplication , 2010, Pairing.

[122]  Craig Gentry,et al.  Single-Database Private Information Retrieval with Constant Communication Rate , 2005, ICALP.

[123]  Prateek Mittal,et al.  In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems , 2010, CCS '10.

[124]  Rafail Ostrovsky,et al.  Public Key Encryption That Allows PIR Queries , 2007, CRYPTO.

[125]  Carmela Troncoso,et al.  PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval , 2011, USENIX Security Symposium.

[126]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[127]  Gerard Salton,et al.  Term-Weighting Approaches in Automatic Text Retrieval , 1988, Inf. Process. Manag..

[128]  Jitender S. Deogun,et al.  The smart phones of tomorrow , 2008, SIGBED.

[129]  Sean W. Smith,et al.  Private Information Storage with Logarithm-Space Secure Hardware , 2004, International Information Security Workshops.

[130]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[131]  Prateek Mittal,et al.  ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies , 2009, CCS.

[132]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[133]  Felipe Saint-Jean Java Implementation of a Single-Database Computationally Symmetric Private Information Retrieval (cSPIR) Protocol , 2005 .

[134]  Daniel J. Solove,et al.  Privacy and Power: Computer Databases and Metaphors for Information Privacy , 2001 .

[135]  Ying Cai,et al.  Location anonymity in continuous location-based services , 2007, GIS.

[136]  Matthew Green,et al.  Controlling Access to an Oblivious Database Using Stateful Anonymous Credentials , 2009, Public Key Cryptography.

[137]  Thomas Schneider,et al.  Engineering Secure Two-Party Computation Protocols: Design, Optimization, and Applications of Efficient Secure Function Evaluation , 2012 .

[138]  Andy Parrish,et al.  Efficient Computationally Private Information Retrieval from Anonymity or Trapdoor Groups , 2010, ISC.

[139]  Dmitri Asonov Querying Databases Privately: A New Approach to Private Information Retrieval , 2004, Lecture Notes in Computer Science.

[140]  Ian Goldberg,et al.  Achieving Efficient Query Privacy for Location Based Services , 2010, Privacy Enhancing Technologies.

[141]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.

[142]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[143]  Sergey Yekhanin,et al.  Towards 3-query locally decodable codes of subexponential length , 2008, JACM.

[144]  Prateek Mittal,et al.  Information leaks in structured peer-to-peer anonymous communication systems , 2008, CCS.

[145]  Elisa Bertino,et al.  Position transformation: a location privacy protection method for moving objects , 2008, SPRINGL '08.