PRShare: A Framework for Privacy-Preserving, Interorganizational Data Sharing

We consider the task of interorganizational data sharing, in which data owners, data clients, and data subjects have different and sometimes competing privacy concerns. One real-world scenario in which this problem arises is law-enforcement use of phone-call metadata: The data owner is a phone company, the data clients are law-enforcement agencies, and the data subjects are individuals who make phone calls. A key challenge in this type of scenario is that each organization uses its own set of proprietary intraorganizational attributes to describe the shared data; such attributes cannot be shared with other organizations. Moreover, data-access policies are determined by multiple parties and may be specified using attributes that are not directly comparable with the ones used by the owner to specify the data. We propose a system architecture and a suite of protocols that facilitate dynamic, efficient, and privacy-preserving interorganizational data sharing, while allowing each party to use its own set of proprietary attributes. We introduce the novel technique of Attribute-Based Encryption With Oblivious Attribute Translation (OTABE), which plays a crucial role in our solution and may be of independent interest.

[1]  Alexey Gribov,et al.  StealthDB: a Scalable Encrypted Database with Full SQL Query Support , 2017, Proc. Priv. Enhancing Technol..

[2]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[3]  Brent Waters,et al.  Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption , 2012, IACR Cryptol. ePrint Arch..

[4]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Minglu Li,et al.  Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing , 2014, Comput. Secur..

[6]  M. Laurent-Maknavicius,et al.  PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT , 2018, Comput. Networks.

[7]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[8]  Joan Feigenbaum,et al.  Privacy-Preserving Lawful Contact Chaining: [Preliminary Report] , 2016, WPES@CCS.

[9]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[10]  Seny Kamara Restructuring the NSA Metadata Program , 2014, Financial Cryptography Workshops.

[11]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[12]  Ming Li,et al.  Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings , 2010, SecureComm.

[13]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[14]  Kazuki Yoneyama,et al.  Attribute-Based Encryption with Partially Hidden Encryptor-Specified Access Structures , 2008, ACNS.

[15]  Joshua A. Kroll Secure protocols for accountable warrant execution , 2014 .

[16]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[17]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[18]  Ahmet M. Kondoz,et al.  Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption , 2017, 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS).

[19]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[20]  Matthew Green,et al.  Identity-Based Proxy Re-encryption , 2007, ACNS.

[21]  Pieter H. Hartel,et al.  Mediated Ciphertext-Policy Attribute-Based Encryption and Its Application , 2009, WISA.

[22]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[23]  Stratis Ioannidis,et al.  GraphSC: Parallel Secure Computation Made Easy , 2015, 2015 IEEE Symposium on Security and Privacy.

[24]  Matthew Green,et al.  Securing electronic medical records using attribute-based encryption on mobile devices , 2011, SPSM '11.

[25]  Yuqing Zhang,et al.  Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud , 2013, IEEE Transactions on Parallel and Distributed Systems.

[26]  Jiqiang Liu,et al.  Directly revocable key-policy attribute-based encryption with verifiable ciphertext delegation , 2015, Inf. Sci..

[27]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[28]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[29]  Willy Susilo,et al.  A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security , 2013, 2013 5th International Conference on Intelligent Networking and Collaborative Systems.

[30]  Robert H. Deng,et al.  Attribute-Based Encryption With Verifiable Outsourced Decryption , 2013, IEEE Transactions on Information Forensics and Security.

[31]  David J. Wu,et al.  Practical Order-Revealing Encryption with Limited Leakage , 2016, FSE.

[32]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[33]  Jiguo Li,et al.  Flexible and Fine-Grained Attribute-Based Data Storage in Cloud Computing , 2017, IEEE Transactions on Services Computing.

[34]  Sushil Jajodia,et al.  Privacy of data outsourced to a cloud for selected readers through client-side encryption , 2011, WPES '11.

[35]  Benjamin Fabian,et al.  Collaborative and secure sharing of healthcare data in multi-clouds , 2015, Inf. Syst..

[36]  Sushil Jajodia,et al.  Private data indexes for selective access to outsourced data , 2011, WPES '11.

[37]  Dan Boneh,et al.  A Method for Fast Revocation of Public Key Certificates and Security Capabilities , 2001, USENIX Security Symposium.

[38]  James P. Martin,et al.  Electronic Communications Privacy Act , 2014 .

[39]  Brent Waters,et al.  Practical constructions and new proof methods for large universe attribute-based encryption , 2013, CCS.

[40]  Matthew Green,et al.  Outsourcing the Decryption of ABE Ciphertexts , 2011, USENIX Security Symposium.

[41]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[42]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[43]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[44]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[45]  Joan Feigenbaum,et al.  Open, privacy-preserving protocols for lawful surveillance , 2016, ArXiv.

[46]  Zhicong Huang,et al.  UnLynx: A Decentralized System for Privacy-Conscious Data Sharing , 2017, Proc. Priv. Enhancing Technol..

[47]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[48]  Shafi Goldwasser,et al.  Practical Accountability of Secret Processes , 2018, IACR Cryptol. ePrint Arch..

[49]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.