Design of PriServ, a privacy service for DHTs

By decentralizing control, P2P systems provide efficient, scalable data sharing. However, when sharing data for different purposes (e.g., billing, purchase, shipping, etc.), data privacy can be easily violated by untrustworthy peers wich may use data for other purposes (e.g., marketing, fraudulence, profiling, etc.). A basic principle of data privacy is purpose specification which states that data providers should be able to specify the purpose for which their data will be collected and used. In the context of P2P systems, decentralized control makes it hard to enforce purpose-based privacy. And the major problem of data disclosure is not addressed. Hippocratic databases provide mechanisms for enforcing purpose-based disclosure control within a corporation datastore. In this paper, we apply the Hippocratic database principles to P2P systems to enforce purpose-based privacy. We focus on Distributed Hash Tables (DHTs), because they provide strong guarantees in terms of access performance. We propose PriServ, a privacy service which prevents privacy violation by prohibiting malicious data access. The performance evaluation of our approach through simulation shows that the overhead introduced by PriServ is small.