Results 1  10
of
152
Information Sharing across Private Databases
, 2003
"... Literature on information integration across databases tacitly assumes that the data in each database can be revealed to the other databases. However, there is an increasing need for sharing information across autonomous entities in such a way that no information apart from the answer to the query i ..."
Abstract

Cited by 265 (14 self)
 Add to MetaCart
(Show Context)
Literature on information integration across databases tacitly assumes that the data in each database can be revealed to the other databases. However, there is an increasing need for sharing information across autonomous entities in such a way that no information apart from the answer to the query is revealed. We formalize the notion of minimal information sharing across private databases, and develop protocols for intersection, equijoin, intersection size, and equijoin size. We also show how new applications can be built using the proposed protocols.
Privacypreserving Distributed Mining of Association Rules on Horizontally Partitioned Data
, 2002
"... Data mining can extract important knowledge from large data collections  but sometimes these collections are split among various parties. Privacy concerns may prevent the parties from directly sharing the data, and some types of information about the data. This paper addresses secure mining of ass ..."
Abstract

Cited by 232 (18 self)
 Add to MetaCart
(Show Context)
Data mining can extract important knowledge from large data collections  but sometimes these collections are split among various parties. Privacy concerns may prevent the parties from directly sharing the data, and some types of information about the data. This paper addresses secure mining of association rules over horizontally partitioned data. The methods incorporate cryptographic techniques to minimize the information shared, while adding little overhead to the mining task.
Dynamic accumulators and application to efficient revocation of anonymous credentials
 http://eprint.iacr.org/2001, 2001. Jan Camenisch and Anna Lysyanskaya
"... Abstract. We introduce the notion of a dynamic accumulator. Anaccumulator scheme allows one to hash a large set of inputs into one short value, such that there is a short proof that a given input was incorporated into this value. A dynamic accumulator allows one to dynamically add and delete a value ..."
Abstract

Cited by 213 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce the notion of a dynamic accumulator. Anaccumulator scheme allows one to hash a large set of inputs into one short value, such that there is a short proof that a given input was incorporated into this value. A dynamic accumulator allows one to dynamically add and delete a value, such that the cost of an add or delete is independent of the number of accumulated values. We provide a construction of a dynamic accumulator and an efficient zeroknowledge proof of knowledge of an accumulated value. We prove their security under the strong RSA assumption. We then show that our construction of dynamic accumulators enables efficient revocation of anonymous credentials, and membership revocation for recent group signature and identity escrow schemes.
How to Sign Digital Streams
, 1997
"... We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the enti ..."
Abstract

Cited by 174 (0 self)
 Add to MetaCart
(Show Context)
We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long ( or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise...
Onthefly verification of rateless erasure codes for efficient content distribution
 In Proceedings of the IEEE Symposium on Security and Privacy
, 2004
"... Abstract — The quality of peertopeer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple blockbyblock downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to mor ..."
Abstract

Cited by 138 (4 self)
 Add to MetaCart
Abstract — The quality of peertopeer content distribution can suffer when malicious participants intentionally corrupt content. Some systems using simple blockbyblock downloading can verify blocks with traditional cryptographic signatures and hashes, but these techniques do not apply well to more elegant systems that use rateless erasure codes for efficient multicast transfers. This paper presents a practical scheme, based on homomorphic hashing, that enables a downloader to perform onthefly verification of erasureencoded blocks. I.
Homomorphic Signature Schemes
"... Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signa ..."
Abstract

Cited by 109 (1 self)
 Add to MetaCart
Privacy homomorphisms, encryption schemes that are also homomorphisms relative to some binary operation, have been studied for some time, but one may also consider the analogous problem of homomorphic signature schemes. In this paper we introduce basic definitions of security for homomorphic signature systems, motivate the inquiry with example applications, and describe several schemes that are homomorphic with respect to useful binary operations. In particular, we describe a scheme that allows a signature holder to construct the signature on an arbitrarily redacted submessage of the originally signed message. We present another scheme for signing sets that is homomorphic with respect to both union and taking subsets. Finally, we show that any signature scheme that is homomorphic with respect to integer addition must be insecure.
Secret handshakes from pairingbased key agreements
 In IEEE Symposium on Security and Privacy
, 2003
"... Consider a CIA agent who wants to authenticate herself to a server, but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents – not even to other CIA servers. In th ..."
Abstract

Cited by 98 (0 self)
 Add to MetaCart
(Show Context)
Consider a CIA agent who wants to authenticate herself to a server, but does not want to reveal her CIA credentials unless the server is a genuine CIA outlet. Consider also that the CIA server does not want to reveal its CIA credentials to anyone but CIA agents – not even to other CIA servers. In this paper we first show how pairingbased cryptography can be used to implement such secret handshakes. We then propose a formal definition for secure secret handshakes, and prove that our pairingbased schemes are secure under the Bilinear DiffieHellman assumption. Our protocols support rolebased group membership authentication, traceability, indistinguishability to eavesdroppers, unbounded collusion resistance, and forward repudiability. Our secrethandshake scheme can be implemented as a TLS cipher suite. We report on the performance of our preliminary Java implementation. 1.
Random projectionbased multiplicative data perturbation for privacy preserving distributed data mining
 IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING
, 2006
"... This paper explores the possibility of using multiplicative random projection matrices for privacy preserving distributed data mining. It specifically considers the problem of computing statistical aggregates like the inner product matrix, correlation coefficient matrix, and Euclidean distance matri ..."
Abstract

Cited by 94 (6 self)
 Add to MetaCart
(Show Context)
This paper explores the possibility of using multiplicative random projection matrices for privacy preserving distributed data mining. It specifically considers the problem of computing statistical aggregates like the inner product matrix, correlation coefficient matrix, and Euclidean distance matrix from distributed privacy sensitive data possibly owned by multiple parties. This class of problems is directly related to many other datamining problems such as clustering, principal component analysis, and classification. This paper makes primary contributions on two different grounds. First, it explores Independent Component Analysis as a possible tool for breaching privacy in deterministic multiplicative perturbationbased models such as random orthogonal transformation and random rotation. Then, it proposes an approximate random projectionbased technique to improve the level of privacy protection while still preserving certain statistical characteristics of the data. The paper presents extensive theoretical analysis and experimental results. Experiments demonstrate that the proposed technique is effective and can be successfully used for different types of privacypreserving data mining applications.
Separability and Efficiency for Generic Group Signature Schemes (Extended Abstract)
, 1999
"... A cryptographic protocol possesses separability if the participants can choose their keys independently of each other. This is advantageous from a keymanagement as well as from a security point of view. This paper focuses on separability in group signature schemes. Such schemes allow a group member ..."
Abstract

Cited by 78 (13 self)
 Add to MetaCart
A cryptographic protocol possesses separability if the participants can choose their keys independently of each other. This is advantageous from a keymanagement as well as from a security point of view. This paper focuses on separability in group signature schemes. Such schemes allow a group member to sign messages anonymously on the group's behalf. However, in case of this anonymity's misuse, a trustee can reveal the originator of a signature. We provide a generic fully separable group signature scheme and present an ecient instantiation thereof. The scheme is suited for large groups; the size of the group's public key and the length of signatures do not depe...