Application and analysis of private matching schemes based on commutative cryptosystems.

Abstract

Privacy issues are becoming a key focus with software systems. Surveys show that the invasion of privacy is among the things peo-ple fear the most from the coming years. These fears seem to be justified, in the light of recent events involving the UK government. Thus, according to the EU Telecoms Commissioner the UK gov-ernment breach European privacy laws by allowing a group of UK based Internet Service Providers (ISPs) to intercept communications of their users for behavioural advertising purposes. In this case it was complaints from the concerned public that made the EU Commission examine the privacy implications. Yet, on the contrary, popularity of various social networking portals, where users publish their personal and sensitive data publicly, is growing. Therefore, some argue that users should not expect any level of privacy in the digital world. Such claims are backed-up by the fact that majority of Internet users are unconcerned about the digital footprint they leave behind. What is overseen is the control factor. Users want to have the right to decide what information about their lives is in the public domain. Consequently, ‘one-size fits all’ solution to privacy concerns does not exist, as everybody perceives privacy in a slightly different way. Therefore, parties involved in data-handling, including social networking portals, need to research and implement privacy technologies that can keep their customers happy and make the operation comply with local security and privacy directives in many locations around the globe.

This paper gives an insight on how Privacy Enhancing Technologies (PETs) can be used to perform private matching operations in large datasets. These operations can be used by data-holders and individuals to compare or to retrieve information in a private manner in cases where trusted third party does not exist or trusted third party it is used trusted for authentication purposes only. Thus, they can provide users with greater control over how their data is used. They include equality tests, dataset intersections, dataset equijoins, and symmetric private information retrieval protocols. Application of such private operations lies in the area of pervasive computing, da-tabase interaction, auditing and
data acquisition. Here it is shown that PETs based on commutative cryptosystems are most efficient in performing these operations. Therefore, these cryptosystems are examined in detail. Currently anyone wishing to implement PETs based on commutative crypto-systems will quickly notice that such cryptosystems cannot be found in any of the popular cryptographic suites. The reason for this is the fact that these cryptographic algorithms are expensive to run in comparison with other encryption technologies and have limited area of usage in security applications. Thus, the key contribution of this paper is a guide to implementing commutative cryptosystems, using common open-source cryptographic packages. Consequently, this should enable developers and researchers to further investigate the existing PETs and propose new systems employing the notion of the commutative cryptography.