Enforcing secure and privacy-preserving information brokering in distributed information sharing

Fengjun Li, Bo Luo, Peng Liu, Dongwon Lee, Chao Hsien Chu

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

Today's organizations raise an increasing need for information sharing via on-demand access. Information brokering systems (IBSs) have been proposed to connect large-scale loosely federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs assume that brokers are trusted and thus only adopt server-side access control for data confidentiality. However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection. In this paper, we propose a novel approach to preserve privacy of multiple stakeholders involved in the information brokering process. We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment encryption to securely share the routing decision-making responsibility among a selected set of brokering servers. With comprehensive security analysis and experimental results, we show that our approach seamlessly integrates security enforcement with query routing to provide system-wide security with insignificant overhead.

Original languageEnglish (US)
Article number6461937
Pages (from-to)888-890
Number of pages3
JournalIEEE Transactions on Information Forensics and Security
Volume8
Issue number6
DOIs
StatePublished - Jun 3 2013

Fingerprint

Information systems
Servers
Access control
Metadata
Cryptography
Decision making

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

@article{f71fc66579df4fa2bf65c7b2596fb2ca,
title = "Enforcing secure and privacy-preserving information brokering in distributed information sharing",
abstract = "Today's organizations raise an increasing need for information sharing via on-demand access. Information brokering systems (IBSs) have been proposed to connect large-scale loosely federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs assume that brokers are trusted and thus only adopt server-side access control for data confidentiality. However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection. In this paper, we propose a novel approach to preserve privacy of multiple stakeholders involved in the information brokering process. We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment encryption to securely share the routing decision-making responsibility among a selected set of brokering servers. With comprehensive security analysis and experimental results, we show that our approach seamlessly integrates security enforcement with query routing to provide system-wide security with insignificant overhead.",
author = "Fengjun Li and Bo Luo and Peng Liu and Dongwon Lee and Chu, {Chao Hsien}",
year = "2013",
month = "6",
day = "3",
doi = "10.1109/TIFS.2013.2247398",
language = "English (US)",
volume = "8",
pages = "888--890",
journal = "IEEE Transactions on Information Forensics and Security",
issn = "1556-6013",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "6",

}

Enforcing secure and privacy-preserving information brokering in distributed information sharing. / Li, Fengjun; Luo, Bo; Liu, Peng; Lee, Dongwon; Chu, Chao Hsien.

In: IEEE Transactions on Information Forensics and Security, Vol. 8, No. 6, 6461937, 03.06.2013, p. 888-890.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Enforcing secure and privacy-preserving information brokering in distributed information sharing

AU - Li, Fengjun

AU - Luo, Bo

AU - Liu, Peng

AU - Lee, Dongwon

AU - Chu, Chao Hsien

PY - 2013/6/3

Y1 - 2013/6/3

N2 - Today's organizations raise an increasing need for information sharing via on-demand access. Information brokering systems (IBSs) have been proposed to connect large-scale loosely federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs assume that brokers are trusted and thus only adopt server-side access control for data confidentiality. However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection. In this paper, we propose a novel approach to preserve privacy of multiple stakeholders involved in the information brokering process. We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment encryption to securely share the routing decision-making responsibility among a selected set of brokering servers. With comprehensive security analysis and experimental results, we show that our approach seamlessly integrates security enforcement with query routing to provide system-wide security with insignificant overhead.

AB - Today's organizations raise an increasing need for information sharing via on-demand access. Information brokering systems (IBSs) have been proposed to connect large-scale loosely federated data sources via a brokering overlay, in which the brokers make routing decisions to direct client queries to the requested data servers. Many existing IBSs assume that brokers are trusted and thus only adopt server-side access control for data confidentiality. However, privacy of data location and data consumer can still be inferred from metadata (such as query and access control rules) exchanged within the IBS, but little attention has been put on its protection. In this paper, we propose a novel approach to preserve privacy of multiple stakeholders involved in the information brokering process. We are among the first to formally define two privacy attacks, namely attribute-correlation attack and inference attack, and propose two countermeasure schemes automaton segmentation and query segment encryption to securely share the routing decision-making responsibility among a selected set of brokering servers. With comprehensive security analysis and experimental results, we show that our approach seamlessly integrates security enforcement with query routing to provide system-wide security with insignificant overhead.

UR - http://www.scopus.com/inward/record.url?scp=84878303096&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84878303096&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2013.2247398

DO - 10.1109/TIFS.2013.2247398

M3 - Article

AN - SCOPUS:84878303096

VL - 8

SP - 888

EP - 890

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 6

M1 - 6461937

ER -