Graduate School and Research Center in Digital Sciences

A P2P based usage control enforcement scheme resilient to re-injection attacks

Leontiadis, Iraklis; Molva, Refik; Önen, Melek

Research Report RR-13-281

Existing privacy controls based on access control techniques do not prevent massive dissemination of private data by malevolent acquaintances of social network, unauthorized duplication of files or personal messages, or persistence of some files in third-party operated storage beyond their deletion by their owners. We suggest a usage control enforcement scheme that allows users to gain control over their data during its entire lifetime and the way it is disseminated in outsourced distributed data storage. The scheme is based on a peer-to-peer architecture whereby a different set of peers is randomly selected for data assignment. Usage control is achieved based on the assumption that at least t out of any set of n peers will not behave maliciously. Such a system would still suffer from re-injection attacks whereby attackers can gain ownership of data and the usage policy thereof by simply re-storing data after slight modification of the content. In order to cope with re-injection attacks the scheme relies on a similarity detection mechanism based on special hash functions. The robustness of the scheme has been evaluated in an experimental setting using a variety of re-injection attacks.

Document Bibtex

Title:A P2P based usage control enforcement scheme resilient to re-injection attacks
Department:Digital Security
Eurecom ref:4015
Copyright: © EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Research Report RR-13-281 and is available at :
Bibtex: @techreport{EURECOM+4015, year = {2013}, title = {{A} {P}2{P} based usage control enforcement scheme resilient to re-injection attacks}, author = {{L}eontiadis, {I}raklis and {M}olva, {R}efik and {\"{O}}nen, {M}elek}, number = {EURECOM+4015}, month = {05}, institution = {Eurecom}, url = {},, }
See also: