Paper #: 4.3.1.5
Title: Privacy Preserving Indexing of Documents on the Network

1. Problems
-It is difficult to have distributed content with access control that also maintains privacy. Simply by exposing providers via search results can compromise privacy by revealing (through targeted queries) their hosted documents. The ability to securely share documents while minimizing privacy concerns would be ideal.

2. New Idea and Strengths
-The "Privacy-Preserving Index" (PPI) is a static index created from the collection of providers based on certain key terms. A search for a set of keywords will always return the same result set, which will include over 50% of false positives. The searcher then queries each returner for the document in question, and will receive an answer only if the asker has secure permission to access the document. In this way, it is impossible to know definitively if a provider has a document, unless you have permission to access that document.
-The index is generated by grouping providers into privacy groups, then creating a generalized hash mapping of keywords from that group, such that all members of a privacy group are likely to contain the requested keywords (but not definitively). The manner of its construction also prevents members of the privacy group from provably exposing their neighbors, even through targeted attacks.

3. Weaknesses and Extensions
-Unfortunately, performance takes a huge hit with this manner of access. The article does not mention the costs of individually checking secure access rights, but I imagine that would slow down the process as well. Not to mention the security issues connected with individual security checks.
-The keyword hash that is built is very precise and only returns exact word matching. Perhaps a more useable search procedure could be built on top of this indexing method, though
-The authors cannot provably protect providers, but can only make it unlikely that they possess the documents being requested.
-There is no individual privacy: if a searcher has access to the content they can provably expose anyone else who shares content. In such a case, if the security was comprised the system's privacy could be quickly exposed.