XPIR : Private Information Retrieval for Everyone

Aguilar-Melchor, Carlos; Barrier, Joris; Fousse, Laurent; Killijian, Marc-Olivier

doi:10.1515/popets-2016-0010

Cited by 105 publications

(134 citation statements)

References 39 publications

(51 reference statements)

Supporting

Mentioning

132

Contrasting

Order By: Relevance

“…However, single-server PIR protocols rely on highly costly partial homomorphic encryption schemes, which need to be executed over the entire database for each query. Indeed, as we also demonstrated with our experiments in Section IV, the execution of a single query even with some of the most efficient single-server PIR schemes [26] takes approximately 20 seconds with a 80 M bps/ 30M bps bandwidth on a moderate size database (e.g., 10 6 entries). An end-to-end delay with the orders of 20 seconds might be undesirable for spectrum sensing needs of SU s in reallife applications.…”

Section: B Research Gap and Objectivessupporting

confidence: 57%

Location Privacy in Cognitive Radios With Multi-Server Private Information Retrieval

Grissa

Yavuz

Hamdaoui

2019

IEEE Trans. Cogn. Commun. Netw.

View full text Add to dashboard Cite

Spectrum database-based cognitive radio networks (CRN s) have become the de facto approach for enabling unlicensed secondary users (SU s) to identify spectrum vacancies in channels owned by licensed primary users (PU s). Despite its merits, the use of spectrum databases incurs privacy concerns for both SU s and PU s. Single-server private information retrieval (PIR) has been used as the main tool to address this problem. However, such techniques incur extremely large communication and computation overheads while offering only computational privacy. Besides, some of these PIR protocols have been broken.In this paper, we show that it is possible to achieve high efficiency and (information-theoretic) privacy for both PU s and SU s in database-driven CRN with multi-server PIR. Our key observation is that, by design, database-driven CRN s comprise multiple databases that are required, by the Federal Communications Commission, to synchronize their records. To the best of our knowledge, we are the first to exploit this observation to harness multi-server PIR technology to guarantee an optimal privacy for both SU s and PU s, thanks to the unique properties of database-driven CRN . We showed, analytically and empirically with deployments on actual cloud systems, that multi-server PIR is an ideal tool to provide efficient location privacy in database-driven CRN .Index Terms-Database-driven cognitive radio networks, location privacy, dynamic spectrum access, private information retrieval.

show abstract

Section: B Research Gap and Objectivessupporting

confidence: 57%

Location Privacy in Cognitive Radios With Multi-Server Private Information Retrieval

Grissa

Yavuz

Hamdaoui

2019

IEEE Trans. Cogn. Commun. Netw.

View full text Add to dashboard Cite

show abstract

“…But in our setting we also want to protect the privacy of the dataset leak. Even if we relaxed that security requirement, the most advanced PIR schemes [17,39] require exchanging large amounts of information over the network, so they are not useful for checking leaked passwords. PIR with two non-colluding servers can provide better security [26] than the bucketization-based C3 schemes, with communication complexity sub-polynomial in the size of the leaked dataset.…”

Section: Related Workmentioning

confidence: 99%

Protocols for Checking Compromised Credentials

Pal

Ali³

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

To prevent credential stuffing attacks, industry best practice now proactively checks if user credentials are present in known data breaches. Recently, some web services, such as HaveIBeenPwned (HIBP) and Google Password Checkup (GPC), have started providing APIs to check for breached passwords. We refer to such services as compromised credential checking (C3) services. We give the first formal description of C3 services, detailing different settings and operational requirements, and we give relevant threat models.One key security requirement is the secrecy of a user's passwords that are being checked. Current widely deployed C3 services have the user share a small prefix of a hash computed over the user's password. We provide a framework for empirically analyzing the leakage of such protocols, showing that in some contexts knowing the hash prefixes leads to a 12x increase in the efficacy of remote guessing attacks. We propose two new protocols that provide stronger protection for users' passwords, implement them, and show experimentally that they remain practical to deploy.

show abstract

“…Part of these algorithms is performed on the clients, the other part on the distant server. ese generally rely on heavy and unpractical [2] cryptographic protocols, especially when the accessed data stores contain millions of documents, the normal case for today's search engines.…”

Section: Alternative Search Engines Is Category Of Solutions Build Amentioning

confidence: 99%

“…ese approaches rely on specialized search engines implementing cryptographic techniques (e.g., homomorphic encryption) that enable to answer a user request without having access to its content. ese techniques are, however, still unpractical due to their limited performance with response times in the order of seconds for very large data stores [2], which is the case of search engines.…”

Section: Introductionmentioning

confidence: 99%

X-search

Mokhtar

Boutet

Felber

et al. 2017

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference

View full text Add to dashboard Cite

e exploitation of user search queries by search engines is at the heart of their economic model. As consequence, o ering private Web search functionalities is essential to the users who care about their privacy. Nowadays, there exists no satisfactory approach to enable users to access search engines in a privacy-preserving way. Existing solutions are either too costly due to the heavy use of cryptographic mechanisms (e.g., private information retrieval protocols), subject to a acks (e.g., Tor, TrackMeNot, GooPIR) or rely on weak adversarial models (e.g., PEAS). is paper introduces X S , a novel private Web search mechanism building on the disruptive So ware Guard Extensions (SGX) proposed by Intel. We compare X S to its closest competitors, Tor and PEAS, using a dataset of real web search queries. Our evaluation shows that: (1) X S o ers stronger privacy guarantees than its competitors as it operates under a stronger adversarial model; (2) it be er resists state-of-the-art re-identi cation a acks; and (3) from the performance perspective, X S outperforms its competitors both in terms of latency and throughput by orders of magnitude.

show abstract

XPIR : Private Information Retrieval for Everyone

Cited by 105 publications

References 39 publications

Location Privacy in Cognitive Radios With Multi-Server Private Information Retrieval

Location Privacy in Cognitive Radios With Multi-Server Private Information Retrieval

Protocols for Checking Compromised Credentials

X-search

Contact Info

Product

Resources

About