Closing the gap: A universal privacy framework for outsourced data

Abstract

We study formal privacy notions for data outsourcing schemes. The aim of our efforts is to define a security framework that is applicable to highly elaborate as well as practical constructions. First, we define the privacy objectives data privacy, query privacy, and result privacy. We then investigate fundamental relations among them. Second, to make them applicable to practical constructions, we define generalisations of our basic notions. Lastly, we show how various notions from the literature fit into our framework. Data privacy and query privacy are independent concepts, while result privacy is consequential to them. The generalised notions allow for a restriction on the number of the adversary’s oracle calls, as well as a “leakage relation” that restricts the adversary’s choice of challenges. We apply the generalised notions to existing security notions from the fields of searchable encryption, private information retrieval, and secure database outsourcing. Some are direct instantiations of our notions, others intertwine the concepts. This work provides a privacy framework for data outsourcing schemes from various cryptographic fields with an unified view, from which several new interesting research questions emerge.