Practical Private Information Retrieval with Secure Coprocessors
暂无分享,去创建一个
What does it take to implement a server that provides access to records in a large database, in a way that ensures that the this access is completely private—even to the operator of this server? In this paper, we abstract this problem to a real world computer security application, and examine the question: using current commercially available technology, is itpractical to build such a server, for real databases of realistic size, that offers reasonable performance? We consider this problem in the light of commercially available secure coprocessors—whose internal memory is still much, much smaller than the typical database size—and construct an algorithm that both provides asymptotically optimal performance, and also promises reasonable performance in real implementations. 1 Problem 1.1 Motivation What does it take to implement a server that provides access to records in a large database, in a way that ensures the complete privacy of this access (and, potentially, the contents of the records themselves)—even to the operator of this server? Access privacy alone would benefit many real-world scenarios: Patent Information. Data mining on a competitor’s patent searches could shed useful light on their confidential research projects. Maps. Oil companies might rather their competitors not know their latest drilling locations. Medical Records. Unethical employers might wish to know how often a potential employee’s medical records have been accessed—since frequent access might indicate a potentially expensive health problem. Many other scenarios would benefit from content privacy as well asaccess privacy. For example: Archives of Human Rights Abuses. Suppose the server is seized (or the operator is served with a subpoena or a sufficiently large bribe) by an adversary interested in some particular subset of records. – The users who worked with those records would benefit if the adversary cannot link a record to them. – Furthemore, activists in a particular human rights case would benefit if the adversary can neither read any records relevant to that case, nor even learn if any such records exist in the system. Now on the faculty of the Department of Computer Science, Dartmouth College, 6211 Sudikoff Lab, Hanover NH 03755-3510 USA; sws@cs.dartmouth.edu. Global Security Analysis Lab, IBM T.J. Watson Research Center, Yorktown Heights NY 10598-0704 USA; safford@watson.ibm.com
[1] Eyal Kushilevitz,et al. Private information retrieval , 1998, JACM.
[2] Sean W. Smith,et al. Improving DES hardware throughput for short operations , 2000 .
[3] Rafail Ostrovsky,et al. Software protection and simulation on oblivious RAMs , 1996, JACM.
[4] Michael K. Reiter,et al. Crowds: anonymity for Web transactions , 1998, TSEC.
[5] Sean W. Smith,et al. Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.