Blind Custodians: A Database Service Architecture That Supports Privacy Without Encryption

  • Amihai Motro
  • Francesco Parisi-Presicce
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3654)


We describe an architecture for a database service that does not assume that the service provider can be trusted. Unlike other architectures that address this problem, this architecture, which we call blind custodians, does not rely on encryption. Instead, it offers confidentiality by means of information dissociation: The server only stores “fragments” of information that are considered safe (i.e., each fragment does not violate privacy), while the client stores the associations between the fragments that are necessary to reconstruct the information. We argue that this architecture allows satisfactory confidentiality, while offering two important advantages: (1) It does not restrict the types of queries that can be submitted by clients (as encryption-based methods invariably do), and (2) it requires only light processing at the client, assigning the bulk of the processing to the server (as befits a true service). Moreover, the architecture permits flexible control over the level of confidentiality that should be maintained (at the cost of additional overhead).


Query Processing Range Query Protection Level Encryption Function Original Relation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    El Abou Kalam, A., Deswarte, Y., Trouessin, G., Cordonnier, E.: A generic approach for healthcare data anonymization. In: Proceedings of WPES 2004, the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 31–32 (2004)Google Scholar
  2. 2.
    Atallah, M.J., Pantazopoulos, K.N., Rice, J.R., Spafford, E.H.: Secure Outsourcing of Scientific Computations. In: Advances in Computers, vol. 54, pp. 215–272. Elsevier, Amsterdam (2001)Google Scholar
  3. 3.
    Boyens, C., Günther, O.: Trust is not enough: Privacy and security in ASP and Web service environment. In: Manolopoulos, Y., Návrat, P. (eds.) ADBIS 2002. LNCS, vol. 2435, pp. 8–22. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Ceri, S., Pelagatti, G.: Distributed Databases: Principles and Systems. McGraw-Hill, New York (1984)zbMATHGoogle Scholar
  5. 5.
    Damiani, E., De di Capitani Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, pp. 93–102 (2003)Google Scholar
  6. 6.
    Fischmann, M., Gunther, O.: Privacy tradeoffs in database service architectures. In: Proceedings of BIZSEC 2003, the First ACM Workshop on Business Driven Security Engineering (2003)Google Scholar
  7. 7.
    Goldreich, O.: Foundations of Cryptography, Volume II: Basic Applications. Cambridge University Press, Cambridge (2004)CrossRefzbMATHGoogle Scholar
  8. 8.
    Ozsoyoglu, G., Singer, D.A., Chung, S.S.: Anti-tamper databases: Querying encrypted databases. In: Proceedings of the 17th Annual IFIP WG11.3 Working Conference on Database and Application Security (2003)Google Scholar
  9. 9.
    Hacigumus, H., Iyer, B., Li, C., Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings SIGMOD 2002, International Conference on Management of Data, pp. 216–227 (2002)Google Scholar
  10. 10.
    Rivest, R.L., Adleman, L., Dertouzos, M.L.: On databanks and privacy homomorphisms. In: DeMillo, R.D. (ed.) Foundations of Secure Computations, pp. 169–177. Academic Press, London (1978)Google Scholar
  11. 11.
    Ullman, J.D.: Database and Knowledge-Base Systems, vol. I. Computer Science Press, Rockville (1988)Google Scholar
  12. 12.
    Lindell, Y., Pinkas, B.: Privacy preserving data mining. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 36–54. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Amihai Motro
    • 1
  • Francesco Parisi-Presicce
    • 1
  1. 1.Department of Information and Software EngineeringGeorge Mason UniversityFairfaxUSA

Personalised recommendations