Purpose-This paper aims to address the privacy problem associated with the use of internet search engines. The purpose of the paper is to propose and validate a set of methods and protocols to guarantee the privacy of users' queries. Design/methodology/approach-In this paper h(k)-private information retrieval (h(k)-PIR) is defined as a practical compromise between computational efficiency and privacy. Also presented are h(k)-PIR protocols that can be used to query any database, which does not even need to know that the user is trying to preserve his or her privacy. Findings-The proposed methods are able to properly protect the privacy of users' queries. When internet users apply the protocols, search engines (e.g. Google) are not able to determine unequivocally the real interests of their users. The quality of the results does decrease with the increase in privacy, but the obtained trade-off is excellent. Practical implications-Current private information retrieval (PIR) protocols suffer from two significant shortcomings: their computational complexity is O(n) where n is the number of records in the database, which precludes their use for very large databases and web search engines; and they assume that the database server cooperates in the PIR protocol, which prevents deployment in real-life uncooperative settings. The proposed protocols overcome both problems. Originality/value-This is the first set of protocols that offer practical protection for the privacy of the queries that internet users submit to an internet search engine. The proposal has been implemented and it will be released to the general public soon. It will help to protect the right to privacy of millions of internet users.
Arnau VIVES-GUASCH †a) , Student Member, Maria-Magdalena PAYERAS-CAPELLÀ † †b) , Macià MUT-PUIGSERVER † †c) , Jordi CASTELLÀ-ROCA †d) , and Josep-Lluís FERRER-GOMILA † †e) , Nonmembers SUMMARY An electronic ticket is a contract, in digital format, between the user and the service provider, and reduces both economic costs and time in many services such as air travel industries or public transport. However, the security of the electronic ticket has to be strongly guaranteed, as well as the privacy of their users. We present an electronic ticketing system that considers these security requirements and includes the exculpability as a security requirement for these systems, i.e. users and the service provider can not falsely accuse each other of misbehavior. The system ensures that either both parties receive their desired data from other or neither does (fair exchange). Another interesting property is reusability. Thanks to reusability the tickets can be used a predefined number of times with the same security as single tickets. Furthermore, this scheme takes special care of the computational requirements on the users side by using light-weight cryptography. We show that the scheme is usable in practice by means of its implementation using mobile phones with Near Field Communication (NFC) capabilities.
Abstract. RFID systems allow fast and automatic identification of RFID tags through a wireless channel. Information on product items like name, model, purpose, expiration date, etc., can be easily stored and retrieved from RFID tags attached to items. That is why, in the near future, RFID tags can be an active part of our everyday life when interacting with items around us. Frequently, such items may change hands during their lifecycle. Therefore, beyond RFID identification protocols, there is a need for secure and private ownership transfer protocols in RFID systems. To ensure privacy to tag owners, the keys of tags are usually updated during the ownership transfer process. However, none of the previous proposals takes advantage of this property to improve the system scalability. To the best of our knowledge, we propose the first RFID identification protocol supporting ownership transfer that is secure, private and scalable. Furthermore, our proposal achieves other valuable properties related to ownership transfer, such as controlled delegation and decentralization.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.