12,701 research outputs found
Probabilistic Counters for Privacy Preserving Data Aggregation
Probabilistic counters are well known tools often used for space-efficient
set cardinality estimation. In this paper we investigate probabilistic counters
from the perspective of preserving privacy. We use standard, rigid differential
privacy notion. The intuition is that the probabilistic counters do not reveal
too much information about individuals, but provide only general information
about the population. Thus they can be used safely without violating privacy of
individuals. It turned out however that providing a precise, formal analysis of
privacy parameters of probabilistic counters is surprisingly difficult and
needs advanced techniques and a very careful approach.
We demonstrate also that probabilistic counters can be used as a privacy
protecion mechanism without any extra randomization. That is, the inherit
randomization from the protocol is sufficient for protecting privacy, even if
the probabilistic counter is used many times. In particular we present a
specific privacy-preserving data aggregation protocol based on a probabilistic
counter. Our results can be used for example in performing distributed surveys
Masquerade: Verifiable Multi-Party Aggregation with Secure Multiplicative Commitments
In crowd-sourced data aggregation, participants share their data points with curators. However, the lack of privacy guarantees may discourage participation, which motivates the need for privacy-preserving aggregation protocols. Unfortunately, existing solutions do not support public auditing without revealing the participants\u27 data. In real-world applications, there is a need for public verifiability (i.e., verifying the protocol correctness) while preserving the privacy of the participants\u27 inputs since the participants do not always trust the data curator. Likewise, public distributed ledgers (e.g., blockchains) provide public auditing but may reveal sensitive information.
We present Masquerade, a novel protocol for computing private statistics, such as sum, average, and histograms without revealing anything about participants\u27 data. We propose a tailored multiplicative commitment scheme to ensure the integrity of data aggregations and publish all the participants\u27 commitments on a ledger to provide public verifiability. We complement our methodology with two zero-knowledge proof protocols that detect potentially untrusted participants who attempt to poison the aggregation results. Thus, Masquerade ensures the validity of shared data points before being aggregated, enabling a broad range of numerical and categorical studies. In our experiments, we evaluate our protocol\u27s runtime and communication overhead using homomorphic ciphertexts and commitments for a variable number of participants
Efficient Secure Aggregation for Privacy-Preserving Federated Machine Learning
Federated learning introduces a novel approach to training machine learning
(ML) models on distributed data while preserving user's data privacy. This is
done by distributing the model to clients to perform training on their local
data and computing the final model at a central server. To prevent any data
leakage from the local model updates, various works with focus on secure
aggregation for privacy preserving federated learning have been proposed.
Despite their merits, most of the existing protocols still incur high
communication and computation overhead on the participating entities and might
not be optimized to efficiently handle the large update vectors for ML models.
In this paper, we present E-seaML, a novel secure aggregation protocol with
high communication and computation efficiency. E-seaML only requires one round
of communication in the aggregation phase and it is up to 318x and 1224x faster
for the user and the server (respectively) as compared to its most efficient
counterpart. E-seaML also allows for efficiently verifying the integrity of the
final model by allowing the aggregation server to generate a proof of honest
aggregation for the participating users. This high efficiency and versatility
is achieved by extending (and weakening) the assumption of the existing works
on the set of honest parties (i.e., users) to a set of assisting nodes.
Therefore, we assume a set of assisting nodes which assist the aggregation
server in the aggregation process. We also discuss, given the minimal
computation and communication overhead on the assisting nodes, how one could
assume a set of rotating users to as assisting nodes in each iteration. We
provide the open-sourced implementation of E-seaML for public verifiability and
testing
Secure and Privacy-Preserving Data Aggregation Protocols for Wireless Sensor Networks
This chapter discusses the need of security and privacy protection mechanisms
in aggregation protocols used in wireless sensor networks (WSN). It presents a
comprehensive state of the art discussion on the various privacy protection
mechanisms used in WSNs and particularly focuses on the CPDA protocols proposed
by He et al. (INFOCOM 2007). It identifies a security vulnerability in the CPDA
protocol and proposes a mechanism to plug that vulnerability. To demonstrate
the need of security in aggregation process, the chapter further presents
various threats in WSN aggregation mechanisms. A large number of existing
protocols for secure aggregation in WSN are discussed briefly and a protocol is
proposed for secure aggregation which can detect false data injected by
malicious nodes in a WSN. The performance of the protocol is also presented.
The chapter concludes while highlighting some future directions of research in
secure data aggregation in WSNs.Comment: 32 pages, 7 figures, 3 table
PrivFL: Practical Privacy-preserving Federated Regressions on High-dimensional Data over Mobile Networks
Federated Learning (FL) enables a large number of users to jointly learn a
shared machine learning (ML) model, coordinated by a centralized server, where
the data is distributed across multiple devices. This approach enables the
server or users to train and learn an ML model using gradient descent, while
keeping all the training data on users' devices. We consider training an ML
model over a mobile network where user dropout is a common phenomenon. Although
federated learning was aimed at reducing data privacy risks, the ML model
privacy has not received much attention.
In this work, we present PrivFL, a privacy-preserving system for training
(predictive) linear and logistic regression models and oblivious predictions in
the federated setting, while guaranteeing data and model privacy as well as
ensuring robustness to users dropping out in the network. We design two
privacy-preserving protocols for training linear and logistic regression models
based on an additive homomorphic encryption (HE) scheme and an aggregation
protocol. Exploiting the training algorithm of federated learning, at the core
of our training protocols is a secure multiparty global gradient computation on
alive users' data. We analyze the security of our training protocols against
semi-honest adversaries. As long as the aggregation protocol is secure under
the aggregation privacy game and the additive HE scheme is semantically secure,
PrivFL guarantees the users' data privacy against the server, and the server's
regression model privacy against the users. We demonstrate the performance of
PrivFL on real-world datasets and show its applicability in the federated
learning system.Comment: In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing
Security Workshop (CCSW'19
- …