Abstract
Peer-to-Peer (P2P) systems have been very successful for large-scale data sharing. However, sharing sensitive data, like in online social networks, without appropriate access control, can have undesirable impact on data privacy. Data can be accessed by everyone (by potentially untrusted peers) and used for everything (e.g., for marketing or activities against the owner’s preferences or ethics). Hippocratic databases (HDB) provide an effective solution to this problem, by integrating purpose-based access control for privacy protection. However, the use of HDB has been restricted to centralized systems. This chapter gives an overview of current solutions for supporting data privacy in P2P systems and develops in more detail a complete solution based on HDB.
Work partially funded by the DataRing project of the French ANR.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Organization for Economic Co-operation and Development. One of the world’s largest and most reliable source of comparable statistics on economic and social data (http://www.oecd.org/).
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
These systems are not meant for massive data sharing, thus information about data disclosure for requesters is not available.
- 11.
Anonymizer is an online service that attempts to make activity on the Internet untraceable. It accesses the Internet on the user’s behalf, protecting personal information by hiding the source identifying information. http://www.anonymizer.com/.
- 12.
Freenet does not use access control techniques thus key distribution is not restricted.
- 13.
Microsoft kept their right to collect some information about the use of the Office SharePoint Workspace software and other activities “outside” of workspaces, as explained in their privacy statement at http://office.microsoft.com/en-us/help/privacy-supplement-for-microsoft-office-groove-2007-HA010085213.aspx.
- 14.
- 15.
To distinguish data keys from peer keys, we prefix peer keys with letter P.
- 16.
- 17.
- 18.
References
Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending relational database systems to automatically enforce privacy policies. In: IEEE Conference on Data Engineering (ICDE), Tokyo, Japan (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Very Large Databases (VLDB), Hong Kong, China (2002)
Akbarinia, R., Martins, V., Pacitti, E., Valduriez, P.: Design and implementation of APPA. In: Baldoni, R., Cortese, G., Davide, F. (eds.) Global Data Management. IOS Press, pp. 98–123 (2006)
Byun, J.W., Li:, N.: Purpose based access control for privacy protection in relational database systems. Very Large Databases (VLDB) J. 17(4) (2008)
Castro, M., Druschel, P., Ganesh, A., Rowstron, A., Wallach, D.S.: Secure routing for structured peer-to-peer overlay networks. In: Operating Systems Design and Implementation (OSDI), Boston, MA (2002)
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. ACM 24(2) (1981)
Choffnes, D.R., Duch, J., Malmgren, D., Guierma, R., Bustamante, F.E., Amaral, L.: SwarmScreen: privacy through plausible deniability in P2P systems. Tech. rep., Northwestern EECS University (March 2009)
Clarke, I., Miller, S.G., Hong, T.W., Sandberg, O., Wiley, B.: Protecting free expression online with freenet. IEEE Internet Comput. 6(1) (2002)
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (2002)
Daswani, N., Garcia-Molina, H., Yang, B.: Open problems in data-sharing peer-to-peer systems. In: International Conference on Database Theory (ICDT), Siena, Italy (2003)
Garton, L., Haythornthwaite, C., Wellman, B.: Studying online social networks. J. Comput. Mediat. Comm. 3(1) (1997)
Hand, S., Roscoe, T.: Mnemosyne: peer-to-peer steganographic storage. In: International Peer To Peer Systems Workshop (IPTPS), Cambridge, MA (2002)
Howell, F., McNab, R.: Simjava: a discrete event simulation library for Java. In: International Conference on Web-Based Modeling and Simulation, San Diego, CA (1998)
Isdal, T., Piatek, M., Krishnamurthy, A., Anderson, T.: Privacy-preserving P2P data sharing with oneswarm. Tech. rep., University of Washington (2009)
Jawad, M.: Data privacy in P2P systems. Ph.D. thesis, Université de Nantes (2011)
Jawad, M., Serrano-Alvarado, P., Valduriez, P.: Protecting data privacy in structured P2P networks. In: Data Management in Grid and P2P Systems (Globe), Linz, Austria (2009)
Jawad, M., Serrano-Alvarado, P., Valduriez, P., Drapeau, S.: A data privacy service for structured P2P systems. In: Mexican International Conference in Computer Science (ENC), MĂ©xico D.F., MĂ©xico (2009)
Jawad, M., Serrano-Alvarado, P., Valduriez, P., Drapeau, S.: Data privacy in structured P2P systems with PriServ. In: Bases de Données Avancées (BDA), Namur, Begium (2009)
Jawad, M., Serrano-Alvarado, P., Valduriez, P., Drapeau, S.: Privacy support for sensitive data sharing in P2P systems. In: Bases de Données Avancées (BDA), demonstration paper, Rabat, Morocco (2011)
Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: privacy-enabled management of customer data. In: Workshop on Privacy Enhancing Technologies, San Francisco, CA (2002)
Kleinberg, J., Papadimitriou, C.H., Raghavan, P.: On the value of private information. In: Theoretical Aspects of Rationality and Knowledge (TARK), Siena, Italy (2001)
Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S.E., Eaton, P.R., Geels, D., Gummadi, R., Rhea, S.C., Weatherspoon, H., Weimer, W., Wells, C., Zhao, B.Y.: OceanStore: An architecture for global-scale persistent storage. In: Architectural Support for Programming Languages and Operating Systems (ASPLOS), Cambridge, MA (2000)
Langheinrich, M.: A P3P Preference Exchange Language (APPEL1.0) Specification (2001)
Liberty Alliance Project, Privacy Preference Expression Languages (PPELs). http://projectliberty.org/liberty/content/download/371/2670/file/Final_PPEL_White_Paper.pdf
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.J.: Limiting disclosure in hippocratic databases. In: Very Large Databases (VLDB), Toronto, Canada (2004)
Mell, P., Grance, T.: The NIST definition of cloud computing. Natl. Inst. Stand. Tech. 53(6) (2009)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Very Large Databases (VLDB), Berlin, Germany (2003)
Nejdl, W., Wolf, B., Qu, C., Decker, S., Sintek, M., Naeve, A., Nilsson, M., Palmér, M., Risch, T.: Edutella: A P2P networking infrastructure based on RDF. In: ACM World Wide Web Conference (WWW), Hawaii, USA (2002)
Ozsu, M.T., Valduriez, P.: Principles of Distributed Database Systems, 3rd edn. Springer, New York (2011)
1.1.0 P3P Purposes of Data Collection Elements. http://p3pwriter.com/LRN_041.asp
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Tech. rep., Dresden University of Technology (2009)
Roncancio, C., del Pilar Villamil, M., Labbé, C., Serrano-Alvarado, P.: Data sharing in DHT based P2P systems. Trans. Large Scale Data Knowl. Centered Syst. I 5740 (2009)
Rowstron, A., House, G.: Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility. In: Symposium on Operating Systems Principles (SOSP), Banff, Alberta, Canada (2001)
Rowstron, A.I.T., Druschel, P.: Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: ACM/IFIP/USENIX Middleware Conference (MIDDLEWARE), Heidelberg, Germany (2001)
Ryu, S., Butler, K., Traynor, P., McDaniel, P.: Leveraging identity-based cryptography for node ID assignment in structured P2P systems. In: Advanced Information Networking and Applications Workshops (AINA), Niagara Falls, Canada (2007)
Stoica, I., Morris, R., Karger, D.R., Kaashoek, M.F., Balakrishnan, H.: Chord: a scalable peer-to-peer lookup service for internet applications. In: ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM), San Diego, CA (2001)
Stubblefield, A., S.Wallach, D.: Dagster: Censorship-Resistant Publishing without Replication. Tech. rep., Rice University (2001)
Tatarinov, I., Ives, Z.G., Madhavan, J., Halevy, A.Y., Suciu, D., Dalvi, N.N., Dong, X., Kadiyska, Y., Miklau, G., Mork, P.: The piazza peer data management project. ACM Spec. Interest Group Manag. Data (SIGMOD) Rec. 32(3) (2003)
Waldman, M., Mazières, D.: Tangler: a censorship-resistant publishing system based on document entanglements. In: Computer and Communications Security (CCS), Philadelphia, PA (2001)
Westin, A.F.: Privacy and Freedom. Atheneum, New York (1967)
Zhao, B.Y., Huang, L., Stribling, J., Rhea, S.C., Joseph, A.D., Kubiatowicz, J.: Tapestry: a resilient global-scale overlay for service deployment. IEEE J. Sel. Areas Comm. 22(1) (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Wien
About this chapter
Cite this chapter
Jawad, M., Serrano-Alvarado, P., Valduriez, P. (2013). Supporting Data Privacy in P2P Systems. In: Chbeir, R., Al Bouna, B. (eds) Security and Privacy Preserving in Social Networks. Lecture Notes in Social Networks. Springer, Vienna. https://doi.org/10.1007/978-3-7091-0894-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-7091-0894-9_7
Published:
Publisher Name: Springer, Vienna
Print ISBN: 978-3-7091-0893-2
Online ISBN: 978-3-7091-0894-9
eBook Packages: Computer ScienceComputer Science (R0)