A P2P based usage control enforcement scheme resilient to re-injection attacks

Existing privacy controls based on access control techniques do not prevent massive dissemination of private data by malevolent acquaintances of social network, unauthorized duplication of files or personal messages, or persistence of some files in third-party operated storage beyond their deletion by their owners. We suggest a usage control enforcement scheme that allows users to gain control over their data and the way this is disseminated

in outsourced storage. The scheme is based on a peer-topeer architecture whereby a randomly selected set of peers assure usage control enforcement for each data segment.

Usage control is achieved based on the assumption that at least t out of any set of n randomly chosen peers will not behave maliciously. Such a system would still suffer from re-injection attacks whereby attackers can gain ownership of data and the usage policy thereof by simply

re-storing data after slight modification of the content. In order to cope with re-injection attacks the scheme relies on a similarity detection mechanism based on special hash functions. The robustness of the scheme has been evaluated in an experimental setting using a variety of re-injection attacks.