Confidentiality-preserving distributed proofs of conjunctive queries

Distributed proof construction protocols have been shown to be valuable for reasoning about authorization decisions in open distributed environments such as pervasive computing spaces. Unfortunately, existing distributed proof protocols offer only limited support for protecting the confidentiality of sensitive facts, which limits their utility in many practical scenarios. In this paper, we propose a distributed proof construction protocol in which the release of a fact's truth value can be made contingent upon facts managed by other principals in the system. We formally prove that our protocol can safely prove conjunctions of facts without leaking the truth values of individual facts, even in the face of colluding adversaries and fact release policies with cyclical dependencies. This facilitates the definition of context-sensitive release policies that enable the conditional use of sensitive facts in distributed proofs.

[1]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[2]  David J. DeWitt,et al.  Mondrian Multidimensional K-Anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[3]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[4]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[6]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[7]  Ninghui Li,et al.  OACerts: Oblivious Attribute Certificates , 2005, IEEE Transactions on Dependable and Secure Computing.

[8]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[9]  Yevgeniy Dodis,et al.  Proxy cryptography revisted , 2003 .

[10]  Elisa Bertino,et al.  Trust-X: A Peer-to-Peer Framework for Trust Establishment , 2004, IEEE Trans. Knowl. Data Eng..

[11]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[12]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[14]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[15]  Marianne Winslett,et al.  Enforcing Safety and Consistency Constraints in Policy-Based Authorization Systems , 2008, TSEC.

[16]  Marianne Winslett,et al.  Lightweight consistency enforcement schemes for distributed proofs with hidden subtrees , 2007, SACMAT '07.

[17]  Nikita Borisov,et al.  Confidentiality-Preserving Distributed Proofs of Conjunctive Queries ( Extended Version ) , 2008 .

[18]  Marianne Winslett,et al.  PeerAccess: a logic for distributed authorization , 2005, CCS '05.

[19]  David Kotz,et al.  Secure Context-Sensitive Authorization , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[20]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[21]  Ninghui Li,et al.  A Construction for General and Efficient Oblivious Commitment Based Envelope Protocols , 2006, ICICS.

[22]  Yevgeniy Dodis,et al.  Proxy Cryptography Revisited , 2003, NDSS.

[23]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[24]  Marianne Winslett,et al.  Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation , 2003, TSEC.

[25]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[26]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[27]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[28]  Manoj Prabhakaran,et al.  Cryptographic Complexity of Multi-Party Computation Problems: Classifications and Separations , 2008, CRYPTO.

[29]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[30]  Yufei Tao,et al.  M-invariance: towards privacy preserving re-publication of dynamic datasets , 2007, SIGMOD '07.

[31]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[32]  Vitaly Shmatikov,et al.  How To Break Anonymity of the Netflix Prize Dataset , 2006, ArXiv.