Private Anonymous Data Access

We consider a scenario where a server holds a huge database that it wants to make accessible to a large group of clients. After an initial setup phase, clients should be able to read arbitrary locations in the database while maintaining privacy (the server does not learn which locations are being read) and anonymity (the server does not learn which client is performing each read). This should hold even if the server colludes with a subset of the clients. Moreover, the run-time of both the server and the client during each read operation should be low, ideally only poly-logarithmic in the size of the database and the number of clients. We call this notion Private Anonymous Data Access (PANDA). PANDA simultaneously combines aspects of Private Information Retrieval (PIR) and Oblivious RAM (ORAM). PIR has no initial setup, and allows anybody to privately and anonymously access a public database, but the server\u27s run-time is linear in the data size. On the other hand, ORAM achieves poly-logarithmic server run-time, but requires an initial setup after which only a single client with a secret key can access the database. The goal of PANDA is to get the best of both worlds: allow many clients to privately and anonymously access the database as in PIR, while having an efficient server as in ORAM. In this work, we construct bounded-collusion PANDA schemes, where the efficiency scales linearly with a bound on the number of corrupted clients that can collude with the server, but is otherwise poly-logarithmic in the data size and the total number of clients. Our solution relies on standard assumptions, namely the existence of fully homomorphic encryption, and combines techniques from both PIR and ORAM. We also extend PANDA to settings where clients can write to the database

Private Information Retrieval in an Anonymous Peer-to-Peer Environment

Private Information Retrieval (PIR) protocols enable a client to access data from a server without revealing what data was accessed. The study of Computational Private Information Retrieval (CPIR) protocols, an area of PIR protocols focusing on computational security, has been a recently reinvigorated area of focus in the study of cryptography. However, CPIR protocols still have not been utilized in any practical applications. The aim of this thesis is to determine whether the Melchor Gaborit CPIR protocol can be successfully utilized in a practical manner in an anonymous peer-to-peer environment

An efficient PHR service system supporting fuzzy keyword search and fine-grained access control

Outsourcing of personal health record (PHR) has attracted considerable interest recently. It can not only bring much convenience to patients, it also allows efficient sharing of medical information among researchers. As the medical data in PHR is sensitive, it has to be encrypted before outsourcing. To achieve fine-grained access control over the encrypted PHR data becomes a challenging problem. In this paper, we provide an affirmative solution to this problem. We propose a novel PHR service system which supports efficient searching and fine-grained access control for PHR data in a hybrid cloud environment, where a private cloud is used to assist the user to interact with the public cloud for processing PHR data. In our proposed solution, we make use of attribute-based encryption (ABE) technique to obtain fine-grained access control for PHR data. In order to protect the privacy of PHR owners, our ABE is anonymous. That is, it can hide the access policy information in ciphertexts. Meanwhile, our solution can also allow efficient fuzzy search over PHR data, which can greatly improve the system usability. We also provide security analysis to show that the proposed solution is secure and privacy-preserving. The experimental results demonstrate the efficiency of the proposed scheme.Peer ReviewedPostprint (author's final draft

Enhanced Privacy Preserving Accesscontrol in Incremental Datausing Microaggregation

In microdata releases, main task is to protect the privacy of data subjects. Microaggregation technique use to disclose the limitation at protecting the privacy of microdata. This technique is an alternative to generalization and suppression, which use to generate k-anonymous data sets. In this dataset, identity of each subject is hidden within a group of k subjects. Microaggregation perturbs the data and additional masking allows refining data utility in many ways, like increasing data granularity, to avoid discretization of numerical data, to reduce the impact of outliers. If the variability of the private data values in a group of k subjects is too small, k-anonymity does not provide protection against attribute disclosure. In this work Role based access control is assumed. The access control policies define selection predicates to roles. Then use the concept of imprecision bound for each permission to define a threshold on the amount of imprecision that can be tolerated. So the proposed approach reduces the imprecision for each selection predicate. Anonymization is carried out only for the static relational table in the existing papers. Privacy preserving access control mechanism is applied to the incremental data

Provision of foot health services for people with rheumatoid arthritis in New South Wales: a web-based survey of local podiatrists

Background: It is unclear if podiatric foot care for people with rheumatoid arthritis (RA) in New South Wales (NSW) meets current clinical recommendations. The objective of this study was to survey podiatrists' perceptions of the nature of podiatric foot care provision for people who have RA in NSW.Methods: An anonymous, cross-sectional survey with a web-based questionnaire was conducted. The survey questionnaire was developed according to clinical experience and current foot care recommendations. State registered podiatrists practising in the state of NSW were invited to participate. The survey link was distributed initially via email to members of the Australian Podiatry Association (NSW), and distributed further through snowballing techniques using professional networks. Data was analysed to assess significant associations between adherence to clinical practice guidelines, and private/public podiatry practices.Results: 86 podiatrists participated in the survey (78% from private practice, 22% from public practice). Respondents largely did not adhere to formal guidelines to manage their patients (88%). Only one respondent offered a dedicated service for patients with RA. Respondents indicated that the primary mode of accessing podiatry was by self-referral (68%). Significant variation was observed regarding access to disease and foot specific assessments and treatment strategies. Assessment methods such as administration of patient reported outcome measures, vascular and neurological assessments were not conducted by all respondents. Similarly, routine foot care strategies such as prescription of foot orthoses, foot health advice and footwear were not employed by all respondents.Conclusions: The results identified issues in foot care provision which should be explored through further research. Foot care provision in NSW does not appear to meet the current recommended standards for the management of foot problems in people who have RA. Improvements to foot care could be undertaken in terms of providing better access to examination techniques and treatment strategies that are recommended by evidence based treatment paradigms. © 2013 Hendry et al.; licensee BioMed Central Ltd

DECO: Liberating Web Data Using Decentralized Oracles for TLS

Thanks to the widespread deployment of TLS, users can access private data over channels with end-to-end confidentiality and integrity. What they cannot do, however, is prove to third parties the {\em provenance} of such data, i.e., that it genuinely came from a particular website. Existing approaches either introduce undesirable trust assumptions or require server-side modifications. As a result, the value of users' private data is locked up in its point of origin. Users cannot export their data with preserved integrity to other applications without help and permission from the current data holder. We propose DECO (short for \underline{dec}entralized \underline{o}racle) to address the above problems. DECO allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret. DECO is the first such system that works without trusted hardware or server-side modifications. DECO can liberate data from centralized web-service silos, making it accessible to a rich spectrum of applications. To demonstrate the power of DECO, we implement three applications that are hard to achieve without it: a private financial instrument using smart contracts, converting legacy credentials to anonymous credentials, and verifiable claims against price discrimination.Comment: This is the extended version of the CCS'20 pape

An anonymous inter-network routing protocol for the Internet of Things

With the diffusion of the Internet of Things (IoT), computing is becoming increasingly pervasive, and different heterogeneous networks are integrated into larger systems. However, as different networks managed by different parties and with different security requirements are interconnected, security becomes a primary concern. IoT nodes, in particular, are often deployed “in the open”, where an attacker can gain physical access to the device. As nodes can be deployed in unsurveilled or even hostile settings, it is crucial to avoid escalation from successful attacks on a single node to the whole network, and from there to other connected networks. It is therefore necessary to secure the communication within IoT networks, and in particular, maintain context information private, including the network topology and the location and identity of the nodes. In this paper, we propose a protocol achieving anonymous routing between different interconnected networks, designed for the Internet of Things and based on the spatial Bloom filter (SBF) data structure. The protocol enables private communication between the nodes through the use of anonymous identifiers, which hide their location and identity within the network. As routing information is encrypted using a homomorphic encryption scheme, and computed only in the encrypted domain, the proposed routing strategy preserves context privacy, preventing adversaries from learning the network structure and topology. This, in turn, significantly reduces their ability to gain valuable network information from a successful attacks on a single node of the network, and reduces the potential for attack escalation

'Beyond' pseudonymity: the socio-technical structure of online military forums

This article explores the tensions apparent in anonymous military online forums as sites of publicly visible yet discursively intimate performances of military identity and sites of distinct power relations. This article draws on data collected from British military forums and the organisations that own and manage them. We consider the discursive online practices within the forums and the extent to which the technological affordances of ‘anonymity’ (or what we define as pseudonymity) act as a critical interface between the military community who contribute to the content and non-military observers who read, access, mine and appropriate the content. In so doing, we raise critical questions about the nature of ‘anonymity’ and the complex tensions in and negotiations of private and public, visibility and invisibility that occur through it and the framing and monetising of particular online communities for economic and political purpose