A P2P based usage control enforcement scheme resilient to re-injection attacks

Leontiadis, Iraklis; Molva, Refik; Önen, Melek

Existing privacy controls based on access control techniques do not prevent massive dissemination of private data by malevolent acquaintances of social network, unauthorized duplication of files or personal messages, or persistence of some files in third-party operated storage beyond their deletion by their owners. We suggest a usage control enforcement scheme that allows users to gain control over their data during its entire lifetime and
the way it is disseminated in outsourced distributed data storage. The scheme is based on a peer-to-peer architecture whereby a different set of peers is randomly selected for
data assignment. Usage control is achieved based on the assumption that at least t out of any set of n peers will not behave maliciously. Such a system would still suffer from re-injection attacks whereby attackers can gain ownership of data and the usage policy thereof by simply re-storing data after slight modification of the content. In order to cope with re-injection attacks the scheme relies on a similarity detection mechanism based on special hash
functions. The robustness of the scheme has been evaluated in an experimental setting using a variety of re-injection attacks.

Sécurité numérique
Eurecom Ref:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in and is available at :

PERMALINK : https://www.eurecom.fr/publication/4015