Cryptography and Communications

, Volume 7, Issue 4, pp 415–437 | Cite as

Extended results on privacy against coalitions of users in user-private information retrieval protocols

  • Colleen M. SwansonEmail author
  • Douglas R. Stinson


In peer-to-peer user-private information retrieval, or P2P UPIR, the goal is to provide increased privacy for users querying a database. This is accomplished by leveraging a P2P network in which users forward each other’s queries to the database. That is, the database is trusted to serve correct answers to user queries, but not trusted to know the identity of the user who sent particular queries (or the source of the queries): users wish to maintain anonymity (relative to other users) with respect to the database. In this paper, we analyze protocols by Swanson and Stinson that are based on combinatorial designs; the use of combinatorial designs for P2P UPIR is a natural approach, because the “balance” properties of designs translate into desirable (and sometimes optimal) security properties in the resulting protocols. Our main contribution is to extend previous work by analyzing the privacy properties of suggested P2P UPIR protocols with respect to coalitions of honest-but-curious users. Previous work focuses on privacy properties achieved with respect to the database; as such, our work fills an important gap in the analysis of these protocols. We provide an analysis of the probabilistic advantage user coalitions have in guessing the source of a query. In particular, when a set of queries is linked by subject matter (i.e., the content of the queries reveals the fact that they have a common source), it is difficult to protect against user coalitions. We provide new results with respect to user attacks on linked queries, and we analyze the use of query hops as a mitigation technique, in which queries are probabilistically written to one or more memory spaces before forwarding to the database.


User-private information retrieval Query obfuscation Anonymity Combinatorial designs 

Mathematics Subject Classifications (2010)

05B05 94A60 



We would like to thank the anonymous referees for their helpful remarks and suggestions.


  1. 1.
    Bras-Amorós, M., Stokes, K., Greferath, M.: Problems related to combinatorial configurations with applications to P2P-user private information retrieval. In: Mathematical Theory of Networks and Systems (MTNS 2010), pp. 1267–1271 (2010)Google Scholar
  2. 2.
    Castellà-Roca, J., Viejo, A., Herrera-Joancomartí, J.: Preserving user’s privacy in web search engines. Comput. Commun. 32(13–14), 1541–1551 (2009)CrossRefGoogle Scholar
  3. 3.
    Colbourn, C.J., Dinitz, J.H.: The CRC Handbook of Combinatorial Designs. 2nd edn. Chapman & Hall/CRC (2006)Google Scholar
  4. 4.
    Domingo-Ferrer, J.: Coprivacy: Towards a theory of sustainable privacy. In: Domingo-Ferrer, J., Magkos, E. (eds.) , vol. 5262, pp. 258–268. Springer (2010)Google Scholar
  5. 5.
    Domingo-Ferrer, J., Bras-Amorós, M.: Peer-to-peer private information retrieval. In: Domingo-Ferrer, J., Saygin, Y. (eds.) Privacy in Statistical Databases (PSD 2008), Lecture Notes in Computer Science, vol. 5262, pp. 315–323. Springer (2008)Google Scholar
  6. 6.
    Domingo-Ferrer, J., Bras-Amorós, M., Wu, Q., Manjón, J.A.: User-private information retrieval based on a peer-to-peer community. Data Knowl. Eng. 68(11), 1237–1252 (2009)CrossRefGoogle Scholar
  7. 7.
    Domingo-Ferrer, J., González-Nicolás, Ú.: Rational behavior in peer-to-peer profile obfuscation for anonymous keyword search. Inf. Sci. 185(1), 191–204 (2012)CrossRefGoogle Scholar
  8. 8.
    Domingo-Ferrer, J., Solanas, A., Castellà-Roca, J.: h(k)-private information retrieval from privacy-uncooperative queryable databases. J. Online Inf. Rev. 33(4), 720–744 (2009)CrossRefGoogle Scholar
  9. 9.
    Howe, D., Nissenbaum, H.: TrackMeNot: Resisting surveillance in web search. In: Lessons from the Identity Trail: Anonymity, Privacy, and Identity in a Networked Society, pp. 417–436. Oxford University Press (2009)Google Scholar
  10. 10.
    Motwani, R., Raghavan, P.: Randomized Algorithms, chap. Tail Inequalities, pp. 67–73. Cambridge University Press (1995)Google Scholar
  11. 11.
    Rebollo-Monedero, D., Forné, J., Domingo-Ferrer, J.: Query profile obfuscation by means of optimal query exchange between users. IEEE Trans. Dependable Secure Comput. 9(5), 641–654 (2012)Google Scholar
  12. 12.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. (TISSEC) 1(1), 66–92 (1998)CrossRefGoogle Scholar
  13. 13.
    Sánchez, D., Castellà-Roca, J., Viejo, A.: Knowledge-based scheme to create privacy-preserving but semantically-related queries for web search engines. Inf. Sci. 218, 17–30 (2013)CrossRefGoogle Scholar
  14. 14.
    Stokes, K.: Combinatorial Structures for Anonymous Database Search. Ph.D. Dissertation. Universitat Rovira i Virgili, Tarragona (2011)Google Scholar
  15. 15.
    Stokes, K., Bras-Amorós, M.: Optimal configurations for peer-to-peer user-private information retrieval. Comput. Math. Appl. 59(4), 1568–1577 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Stokes, K., Bras-Amorós, M.: Combinatorial structures for an anonymous data search protocol. In: Workshop on Computational Security. Centre de Recerca Matemàtica (CRM), Barcelona (2011)Google Scholar
  17. 17.
    Stokes, K., Bras-Amorós, M.: On query self-submission in peer-to-peer user-private information retrieval. In: Truta, T.M., Xiong, L., Fotouhi, F., Orsborn, K., Stefanova, S. (eds.) Privacy and Anonymity in Information Society (PAIS ’11), pp. 7:1–7:5. ACM (2011)Google Scholar
  18. 18.
    Stokes, K., Farràs, O.: Linear spaces and transversal designs: k-anonymous combinatorial configurations for anonymous database search notes. Des. Codes Crypt., 1–22 (2012)Google Scholar
  19. 19.
    Swanson, C.M., Stinson, D.R.: Extended combinatorial constructions for peer-to-peer user-private information retrieval. Adv. Math. Commun. 6, 479–497 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Sweeney, L.: k-anonymity: A model for protecting privacy. Int. J. Uncertain., Fuzziness Knowl.-Based Syst. 10(05), 557–570 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Toubiana, V., Subramanian, L., Nissenbaum, H. TrackMeNot: Enhancing the privacy of web search (2011). CoRR arXiv:abs/1109.4677
  22. 22.
    Viejo, A., Castellà-Roca, J.: Using social networks to distort users’ profiles generated by web search engines. Comput. Netw. 54(9), 1343–1357 (2010)CrossRefzbMATHGoogle Scholar
  23. 23.
    Wright, M., Adler, M., Levine, B.N., Shields, C.: An analysis of the degradation of anonymous protocols. In: Network and Distributed System Security Symposium (NDSS 2002). The Internet Society (2002)Google Scholar
  24. 24.
    Wright, M.K., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: An analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(4), 489–522 (2004)CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Computer Science and EngineeringUniversity of MichiganAnn ArborUSA
  2. 2.David R. Cheriton School of Computer ScienceUniversity of WaterlooWaterlooCanada

Personalised recommendations