Generalizing PIR for Practical Private Retrieval of Public Data

Private retrieval of public data is useful when a client wants to query a public data service without revealing the query to the server. Computational Private Information Retrieval (cPIR) achieves complete privacy for clients, but is deemed impractical since it involves expensive computation on all the data on the server. Besides, it is inflexible if the server wants to charge the client based on the service data that is exposed. k-Anonymity, on the other hand, is flexible and cheap for anonymizing the querying process, but is vulnerable to privacy and security threats. We propose a practical and flexible approach for the private retrieval of public data called Bounding-Box PIR (bbPIR). Using bbPIR, a client specifies both privacy requirements and a service charge budget. The server satisfies the client's requirements, and achieves overall good performance in computation and communication. bbPIR generalizes cPIR and k-Anonymity in that the bounding box can include as much as all the data on the server or as little as just k data items. The efficiency of bbPIR compared to cPIR and the effectiveness of bbPIR compared to k-Anonymity are verified in extensive experimental evaluations.

[1]  Qing Zhang,et al.  Aggregate Query Answering on Anonymized Tables , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[2]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[3]  Radu Sion,et al.  On the Computational Practicality of Private Information Retrieval , 2006 .

[4]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[5]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[6]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[7]  Yannis E. Ioannidis,et al.  The History of Histograms (abridged) , 2003, VLDB.

[8]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[9]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[10]  Walid G. Aref,et al.  The New Casper: A Privacy-Aware Location-Based Database Server , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[11]  Chris Clifton,et al.  Privacy-preserving data integration and sharing , 2004, DMKD '04.

[12]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[13]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[14]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[15]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[16]  Alexandre V. Evfimievski,et al.  Information sharing across private databases , 2003, SIGMOD '03.

[17]  Radu Sion,et al.  On the Practicality of Private Information Retrieval , 2007, NDSS.

[18]  Luc Bouganim,et al.  GhostDB: querying visible and hidden data without leaks , 2007, SIGMOD '07.

[19]  Yufei Tao,et al.  Preservation of proximity privacy in publishing numerical sensitive data , 2008, SIGMOD Conference.

[20]  Mohamed F. Mokbel,et al.  Towards Privacy-Aware Location-Based Database Servers , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[21]  Moni Naor,et al.  Private Information Retrieval by Keywords , 1998, IACR Cryptol. ePrint Arch..

[22]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[23]  David J. DeWitt,et al.  Workload-aware anonymization , 2006, KDD '06.

[24]  David J. DeWitt,et al.  Incognito: efficient full-domain K-anonymity , 2005, SIGMOD '05.