HetDAPAC: Leveraging Attribute Heterogeneity in Distributed Attribute-Based Private Access Control
Shreya Meel, Sennur Ulukus
TL;DR
The paper addresses privacy-preserving access to distributed databases by allowing attribute heterogeneity in verification: a central server validates $N-D$ non-sensitive attributes while $D$ dedicated servers verify sensitive ones. It introduces HetDAPAC, two achievable schemes, and a time-sharing approach that collectively yield rate improvements over the prior DAPAC model, with $R= rac{1}{K+1}$ under a balanced load and $R= rac{D+1}{2KD}$ under a more imbalanced but efficient scheme. The contributions include formalizing the HetDAPAC model, designing reliable, privacy-preserving retrieval schemes, and characterizing the rate-load trade-offs with common randomness requirements. The results have practical significance for scalable, privacy-aware attribute verification in cloud databases, enabling higher throughput by leveraging attribute heterogeneity and carefully balancing server workloads.
Abstract
Verifying user attributes to provide fine-grained access control to databases is fundamental to attribute-based authentication. Either a single (central) authority verifies all the attributes, or multiple independent authorities verify the attributes distributedly. In the central setup, the authority verifies all user attributes, and the user downloads only the authorized record. While this is communication efficient, it reveals all user attributes to the authority. A distributed setup prevents this privacy breach by letting each authority verify and learn only one attribute. Motivated by this, Jafarpisheh~et~al. introduced an information-theoretic formulation, called distributed attribute-based private access control (DAPAC). With $N$ non-colluding authorities (servers), $N$ attributes and $K$ possible values for each attribute, the DAPAC system lets each server learn only the single attribute value that it verifies, and is oblivious to the remaining $N-1$. The user retrieves its designated record, without learning anything about the remaining database records. The goal is to maximize the rate, i.e., the ratio of desired message size to total download size. However, not all attributes are sensitive, and DAPAC's privacy constraints can be too restrictive, negatively affecting the rate. To leverage the heterogeneous privacy requirements of user attributes, we propose heterogeneous (Het)DAPAC, a framework which off-loads verification of $N-D$ of the $N$ attributes to a central server, and retains DAPAC's architecture for the $D$ sensitive attributes. We first present a HetDAPAC scheme, which improves the rate from $\frac{1}{2K}$ to $\frac{1}{K+1}$, while sacrificing the privacy of a few non-sensitive attributes. Unlike DAPAC, our scheme entails a download imbalance across servers; we propose a second scheme achieving a balanced per-server download and a rate of $\frac{D+1}{2KD}$.