Transcript 下載/瀏覽Download

多媒體網路安全實驗室
Protecting the Privacy of Users in
e-Commerce Environment
Date：2010.10.27
Reporter:Chien-Wen Huang
Author:Chun-Hua Chen and Gwoboa Horng
出處:CCCT2004, Aug, 2004.
多媒體網路安全實驗室
Outline
1
2
3
INTRODUCTION
BASIC DEFINITION OF OS-PIR AND OUR OSPIR SCHEME
THEOREM AND PROOF
4 COMPARISONS TO OTHER PIR SCHEMES
5
CONCLUSIONS
2
多媒體網路安全實驗室
INTRODUCTION
Private Information Retrieval: PIR
 A user to keep his preferences private from
everybody including the server.
 EX:Patent Databases、Pharmaceutical Databases.
1.The first research of PIR was done by Chor et al. in
1995.(communication complexity:O(n1/k))
2.To improve the complexity, Chor et al. introduced
the notation of Computational PIR(CPIR)
3
多媒體網路安全實驗室
Private Information Retrieval
EX:使用者隨機選取S = {5,15,47} (假定n=10000 ,
index i = 15, S⊕i = {5,47})
4
多媒體網路安全實驗室
We propose a simple one-server PIR(OS-PIR)
scheme to provide privacy protection for online
users in e-commerce
1. The scheme is more practical than previous
PIR schemes in e-commerce environment.
2. The scheme has theoretical security to user
privacy.
5
多媒體網路安全實驗室
BASIC DEFINITION OF OS-PIR
AND OUR OS-PIR SCHEME
 i  [n]  {1,2,3,..., n}
n
 X  x1...xn  {0,1}
1. The user produces a query:Q (i ) to database server.
2. The database server responds A( X , Q(i ))
3. The user reconstructs the desired bit xi .(by
reconstruction function R(i, Q(i ), A( X , Q(i ))) )
Correctness: For every X {0,1}n , i  [n]
 R(i, Q(i), A( X , Q(i)))  xi
Privacy: For every i, j  [n]
 Pr(Q(i )  q )  Pr(Q ( j )  q )
6
多媒體網路安全實驗室
OS-PIR scheme(1)
1. The user randomly choose a small prime P1(e.g
19 or 101) and sends P1 to the database server. In
other words, Q (i )=P1.
2. The database server calculates and A( X , Q(i ))
sends it back to the user.
1)
2)
3)
a  P1 ( P1  Q(i))
For k=2 to n do
(a)Calculate the next bigger prime Pk
xk
(b) a  a * (Pk ) (xk is the value of k bit of X)
A( X , Q(i ))  a
7
多媒體網路安全實驗室
OS-PIR scheme(2)
3) The user reconstructs the desired bit xi
1) Calculate the Pi (the user knows P1 already)
2) If A( X , Q(i )) mod Pi =0
Then xi =1
Else xi=0
EX: The Database [0,1,0,0,1,0,0,1] ,and user
choose randam prime P1=19
1. P1= Q (i ) =19
2. a  19 * (P2  23) x2 * (P3  29) x3 * ...
3. a mod Pi  0(由1開始, 依序retrieve 0,1,0,0,...)
8
多媒體網路安全實驗室
THEOREM AND PROOF
Our scheme proposed is OS-PIR,has
information-theoretic security in the property of
privacy.
1. Match the form of the OS-PIR scheme.
2. the user and the database server can calculate
the value of Pi both.
3. Satisfy the property of privacy: Because the Q (i )
is P1, a small prime randomly chosen by user.
Pr(Q(i )  q )  Pr(Q( j )  q )
9
多媒體網路安全實驗室
COMPARISONS TO OTHER PIR
SCHEMES
10
多媒體網路安全實驗室
CONCLUSIONS
The OS-PIR scheme was proposed which has
practical feasibility and it can be easily
implemented.
It avoids the large management overheads of
multi-servers and has theoretical security to
users’ privacy.
11
多媒體網路安全實驗室