Paper 2008/129

Controlling access to personal data through Accredited Symmetrically Private Information Retrieval

Mohamed Layouni

Abstract

With the digitization of society and the continuous migration of services to the electronic world, individuals have lost significant control over their data. In this paper, we consider the problem of protecting personal information according to privacy policies defined by the data subjects. More specifically, we propose a new primitive allowing a data subject to decide when, how, and by whom his data can be accessed, without the database manager learning anything about his identity, at the time the data is retrieved. The proposed solution, which we call Accredited SPIR, combines symmetrically private information retrieval and privacy-preserving digital credentials. We present three constructions based on the discrete logarithm and RSA problems. Despite the added privacy safeguards, the extra cost incurred by our constructions is negligeable compared to that of the underlying building blocks.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. A shorter version has appeared in the proceedings of the 2nd International Workshop on Security, IWSEC 2007
Keywords
Symmetrically private information retrievalanonymous credentialspolicy enforcement.
Contact author(s)
mlayou @ cs mcgill ca
History
2008-03-25: received
Short URL
https://ia.cr/2008/129
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/129,
      author = {Mohamed Layouni},
      title = {Controlling access to personal data through Accredited Symmetrically Private Information Retrieval},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/129},
      year = {2008},
      url = {https://eprint.iacr.org/2008/129}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.