Optimized Query Forgery for Private Information Retrieval

We present a mathematical formulation for the optimization of query forgery for private information retrieval, in the sense that the privacy risk is minimized for a given traffic and processing overhead. The privacy risk is measured as an information-theoretic divergence between the user's query distribution and the population's, which includes the entropy of the user's distribution as a special case. We carefully justify and interpret our privacy criterion from diverse perspectives. Our formulation poses a mathematically tractable problem that bears substantial resemblance with rate-distortion theory.

[1]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[2]  E. Jaynes Information Theory and Statistical Mechanics , 1957 .

[3]  Chi-Yin Chow,et al.  A peer-to-peer spatial cloaking algorithm for anonymous location-based service , 2006, GIS '06.

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  Christopher Soghoian,et al.  The Problem of Anonymous Vanity Searches , 2007 .

[6]  José M. Troya,et al.  Specification of a framework for the anonymous use of privileges , 2006, Telematics Informatics.

[7]  Josep Domingo-Ferrer,et al.  From t-Closeness-Like Privacy to Postrandomization via Information Theory , 2010, IEEE Transactions on Knowledge and Data Engineering.

[8]  R. Johnson,et al.  Properties of cross-entropy minimization , 1981, IEEE Trans. Inf. Theory.

[9]  M. Worboys,et al.  A formal approach to imperfection in geographic information , 2001 .

[10]  David Rebollo Monedero,et al.  A Collaborative Protocol for Private Retrieval of Location-Based Information , 2009 .

[11]  Rafail Ostrovsky,et al.  A Survey of Single Database PIR: Techniques and Applications , 2007, IACR Cryptol. ePrint Arch..

[12]  Tsvi Kuflik,et al.  Privacy Preservation Improvement by Learning Optimal Profile Generation Rate , 2003, User Modeling.

[13]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[14]  Jos Uunk,et al.  Can the Maximum Entropy Principle Be Explained as a Consistency Requirement? , 1997 .

[15]  Rodney W. Johnson,et al.  Axiomatic derivation of the principle of maximum entropy and the principle of minimum cross-entropy , 1980, IEEE Trans. Inf. Theory.

[16]  Imre Csiszár,et al.  Broadcast channels with confidential messages , 1978, IEEE Trans. Inf. Theory.

[17]  D. Lindley On a Measure of the Information Provided by an Experiment , 1956 .

[18]  C. Ray Smith,et al.  Maximum-entropy and Bayesian methods in science and engineering , 1988 .

[19]  Jordi Forné,et al.  Private location-based information retrieval through user collaboration , 2010, Comput. Commun..

[20]  Josep Domingo-Ferrer,et al.  Microaggregation for Database and Location Privacy , 2006, NGITS.

[21]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[22]  Mark Burgin,et al.  Foundations of Information Theory , 2008, ArXiv.

[23]  E. Jaynes On the rationale of maximum-entropy methods , 1982, Proceedings of the IEEE.

[24]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[25]  Bart Preneel,et al.  APES - Anonymity and Privacy in Electronic Services , 2003, Datenschutz und Datensicherheit.

[26]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[27]  Rami Puzis,et al.  Collaborative attack on Internet users' anonymity , 2009, Internet Res..

[28]  Tsvi Kuflik,et al.  PRAW—A PRivAcy model for the Web: Research Articles , 2005 .

[29]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[30]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[31]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[32]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[33]  Giuseppe Bianchi,et al.  The SPARTA pseudonym and authorization system , 2008, Sci. Comput. Program..

[34]  Rafail Ostrovsky,et al.  A Survey of Single-Database Private Information Retrieval: Techniques and Applications , 2007, Public Key Cryptography.

[35]  Josep Domingo-Ferrer,et al.  From t-Closeness to PRAM and Noise Addition Via Information Theory , 2008, Privacy in Statistical Databases.

[36]  Ariel Caticha,et al.  Updating Probabilities with Data and Moments , 2007, ArXiv.

[37]  Axthonv G. Oettinger,et al.  IEEE Transactions on Information Theory , 1998 .

[38]  Yuval Elovici,et al.  Enhancing customer privacy while searching for products and services on the world wide web , 2005, Internet Res..

[39]  Tsvi Kuflik,et al.  PRAW - A PRivAcy model for the Web , 2005, J. Assoc. Inf. Sci. Technol..

[40]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[41]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[42]  Agusti Solanas,et al.  A TTP-free protocol for location privacy in location-based services , 2008, Comput. Commun..

[43]  Philip M. Woodward,et al.  Theory of radar information , 1953, Trans. IRE Prof. Group Inf. Theory.