The Capacity of Single-Server Weakly-Private Information Retrieval

A private information retrieval (PIR) protocol guarantees that a user can privately retrieve files stored in a database without revealing any information about the identity of the requested file. Existing information-theoretic PIR protocols ensure perfect privacy, i.e., zero information leakage to the servers storing the database, but at the cost of high download. In this work, we present weakly-private information retrieval (WPIR) schemes that trade off perfect privacy to improve the download cost when the database is stored on a single server. We study the tradeoff between the download cost and information leakage in terms of mutual information (MI) and maximal leakage (MaxL) privacy metrics. By relating the WPIR problem to rate-distortion theory, the download-leakage function, which is defined as the minimum required download cost of all single-server WPIR schemes for a given level of information leakage and a fixed file size, is introduced. By characterizing the download-leakage function for the MI and MaxL metrics, the capacity of single-server WPIR is fully described.Comment: To appear in IEEE Journal of Selected Areas in Information Theory (JSAIT), Special Issue on Privacy and Security of Information Systems, 202

Simulating Private Information Retrieval on Amazon Web Services

As our modern lives have gradually moved more and more online, companies and state actors have taken it upon themselves to gather and analyze our behavior online, and as these actors have gradually shown just how much they know about a private user, or a group of users, a concern for privacy has grown accordingly. A virtual private network service could help anonymize a user, but the providers of services usually log what services they provide, which can provide identifying information. Research in privacy measures have thus become a larger topic in recent time. Private information retrieval allows a user to query a database without revealing to the server any information about the information queried, and if effective enough, could provide perfect privacy to everyone. In this thesis, we examine a state-of-the-art efficient private information retrieval scheme and study every step in the protocol in a simulation implemented on Amazon’s cloud computing services.Masteroppgave i informatikkINF399MAMN-PROGMAMN-IN

Privacy-preserving digital rights management

Digital Rights Management (DRM) is a technology that provides content protection by enforcing the use of digital content according to granted rights. DRM can be privacy-invasive due to many reasons. The solution is not easy: there are econòmic and legitimate reasons for distributors and network operators to collect data about users and their activities, such as traffic modelling for infrastructure planning or statistical sampling. Furthermore, traditional PET -such as encryption, anonymity and pseudonymity- cannot solve all the privacy problems raised by DRM, even if they can help. Privacy and security considerations should be included in th e design of DRM from the beginning, and they should not be considered as a property that can be added on. PET is considered as technology for privacy protection, in different fields. However, PET solutions are not the only ones to be considered useful to complement DRM systems. The contrary is also true: DRM systems are adapted as technical platforms for privacy. In short, there is a deep change in PET related to the web 2.0, and it is also true for P2DRM: transparency and other new techniques are preferred, or at least added, to anonymity, authentication and other traditional protection

効率的な秘匿情報検索法の提案

学位の種別: 課程博士審査委員会委員 : （主査）東京大学准教授 國廣 昇, 東京大学教授 山本 博資, 東京大学教授 杉山 将, 東京大学客員教授 Phong Nguyen, 筑波大学教授 佐久間 淳University of Tokyo(東京大学

Survey and Evaluation of Advanced Mobility Management Schemes in the Host Identity Layer

L

Practical Private Information Retrieval

In recent years, the subject of online privacy has been attracting much interest, especially as more Internet users than ever are beginning to care about the privacy of their online activities. Privacy concerns are even prompting legislators in some countries to demand from service providers a more privacy-friendly Internet experience for their citizens. These are welcomed developments and in stark contrast to the practice of Internet censorship and surveillance that legislators in some nations have been known to promote. The development of Internet systems that are able to protect user privacy requires private information retrieval (PIR) schemes that are practical, because no other efficient techniques exist for preserving the confidentiality of the retrieval requests and responses of a user from an Internet system holding unencrypted data. This thesis studies how PIR schemes can be made more relevant and practical for the development of systems that are protective of users' privacy. Private information retrieval schemes are cryptographic constructions for retrieving data from a database, without the database (or database administrator) being able to learn any information about the content of the query. PIR can be applied to preserve the confidentiality of queries to online data sources in many domains, such as online patents, real-time stock quotes, Internet domain names, location-based services, online behavioural profiling and advertising, search engines, and so on. In this thesis, we study private information retrieval and obtain results that seek to make PIR more relevant in practice than all previous treatments of the subject in the literature, which have been mostly theoretical. We also show that PIR is the most computationally efficient known technique for providing access privacy under realistic computation powers and network bandwidths. Our result covers all currently known varieties of PIR schemes. We provide a more detailed summary of our contributions below: Our first result addresses an existing question regarding the computational practicality of private information retrieval schemes. We show that, unlike previously argued, recent lattice-based computational PIR schemes and multi-server information-theoretic PIR schemes are much more computationally efficient than a trivial transfer of the entire PIR database from the server to the client (i.e., trivial download). Our result shows the end-to-end response times of these schemes are one to three orders of magnitude (10--1000 times) smaller than the trivial download of the database for realistic computation powers and network bandwidths. This result extends and clarifies the well-known result of Sion and Carbunar on the computational practicality of PIR. Our second result is a novel approach for preserving the privacy of sensitive constants in an SQL query, which improves substantially upon the earlier work. Specifically, we provide an expressive data access model of SQL atop of the existing rudimentary index- and keyword-based data access models of PIR. The expressive SQL-based model developed results in between 7 and 480 times improvement in query throughput than previous work. We then provide a PIR-based approach for preserving access privacy over large databases. Unlike previously published access privacy approaches, we explore new ideas about privacy-preserving constraint-based query transformations, offline data classification, and privacy-preserving queries to index structures much smaller than the databases. This work addresses an important open problem about how real systems can systematically apply existing PIR schemes for querying large databases. In terms of applications, we apply PIR to solve user privacy problem in the domains of patent database query and location-based services, user and database privacy problems in the domain of the online sales of digital goods, and a scalability problem for the Tor anonymous communication network. We develop practical tools for most of our techniques, which can be useful for adding PIR support to existing and new Internet system designs

Rediscovering Prigg v. Pennsylvania

The concept of federalism serves as the foundation for the American political system. The framers laid a foundation for balancing state and national tensions; and during the antebellum era American political actors wrestled with the proper application of these concepts. This paper traces the evolution of federalist principles beginning at the founding and culminating with the commonly misperceived Supreme Court case Prigg v. Pennsylvania by analyzing transformative historical moments and political regimes. Prigg v. Pennsylvania currently exists within contemporary political and constitutional scholarly literature as a slavery case decided upon moralistic bias and the Court’s commitment to the institution of slavery. Closer analysis unveils the decision in Prigg’s connection with the evolution of federalist principles throughout early American history. This paper attempts to uncover how institutional relationships shape governing political principles and how a variety of political actors, specifically the Supreme Court, are influenced by these relationships. The antebellum political order struggled with stabilizing sectional ideological divides and attempted to mitigate these issues by championing doctrines of political compromise. Through this paradigm, Prigg v. Pennsylvania’s conventional status in constitutional literature can be shifted, and instead can be used as an analytical lens for understanding the antebellum political order