Private Information Retrieval with a Trusted Hardware Unit – Revisited
During ISC’2008 Yanjiang Yang, Xuhua Ding, Robert H. Deng, and Feng Bao presented a construction for holding an encrypted database in a cloud so that the access pattern remains hidden. The scheme is designed for the case when a user holds a trusted hardware unit, which serves as an interface between the owner of the database and the untrusted environment where the encrypted database is stored. The scheme is relatively efficient and has some provable privacy properties.
In this paper we analyze an idealized version of the above protocol and prove rigorously strong privacy conditions in a model with a powerful adversary observing all operations occurring in the cloud. On the other hand, we show that the full version of the protocol (with some implementation details), as proposed at ISC’2008, leaks some information about the access pattern of the user. This shows that the protocol does not fulfil the property of ideally private information retrieval. While this is not a general full scale attack, at some specific situations information leakage presented might have practical value for an adversary.
Keywordsprivate information retrieval cloud computing database probability distribution
Unable to display preview. Download preview PDF.
- 1.Chor, B., Kushilevitz, E., Goldreich, O., Sudan, M.: Private information retrieval. In: Proceedings of IEEE FOCS 1995, pp. 41–50 (1995)Google Scholar
- 4.Iliev, A., Smith, S.: Private information storage with logarithm-space secure hardware. In: Proceedings of International Information Security Workshops, pp. 199–214 (2004)Google Scholar
- 6.King, V., Saia, J.: Choosing a Random Peer. In: POD 2004. ACM, New York, 1581138024/04/0007 (2004)Google Scholar
- 7.Misztela, H.: Anonimization of access to data resources. Master Dissertation, Wrocław University of Technology, Institute of Mathematics and Computer Science (2010)Google Scholar