Efficient Privacy-Aware Imagery Data Analysis

The widespread use of smartphones and camera-coupled Internet of Thing (IoT) devices triggers an explosive growth of imagery data. To extract and process the rich contents contained in imagery data, various image analysis techniques have been investigated and applied to a spectrum of application scenarios. In recent years, breakthroughs in deep learning have powered a new revolution for image analysis in terms of effectiveness with high resource consumption. Given the fact that most smartphones and IoT devices have limited computational capability and battery life, they are not ready for the processing of computational intensive analytics over imagery data collected by them, especially when deep learning is involved. To resolve the bottleneck of computation, storage, and energy for these resource constrained devices, offloading complex image analysis to public cloud computing platforms has become a promising trend in both academia and industry. However, an outstanding challenge with public cloud is on the protection of sensitive information contained in many imagery data, such as personal identities and financial data. Directly sending imagery data to the public cloud can cause serious privacy concerns and even legal issues. In this dissertation, I propose a comprehensive privacy-preserving imagery data analysis framework which can be integrated in different application scenarios to assist image analysis for resource-constrained devices with efficiency, accuracy, and privacy protection. I first identify security challenges in the utilization of public cloud for image analysis. Then, I design and develop a set of novel solutions to address these challenges. These solutions will be featured by strong privacy guarantee, lightweight computation, low accuracy loss compared with image analysis without privacy protection. To optimize the communication overhead and resource utilization of using cloud computing, I investigate edge computing, which is a promising technique to ameliorate the high communication overhead in cloud-assisted architectures. Furthermore, to boost the performance of my solutions under both cloud and edge deployment, I also provide a set of pluggable enhancement modules to be applied to meet different requirements for various tasks. By exploring the features of edge computing and cloud computing, I flexibly incorporate them as a comprehensive framework to provide privacy-preserving image analysis services

High Order Side-Channel Security for Elliptic-Curve Implementations

Elliptic-curve implementations protected with state-of-the-art countermeasures against side-channel attacks might still be vulnerable to advanced attacks that recover secret information from a single leakage trace. The effectiveness of these attacks is boosted by the emergence of deep learning techniques for side-channel analysis which relax the control or knowledge an adversary must have on the target implementation. In this paper, we provide generic countermeasures to withstand these attacks for a wide range of regular elliptic-curve implementations. We first introduce a framework to formally model a regular algebraic program which consists of a sequence of algebraic operations indexed by key-dependent values. We then introduce a generic countermeasure to protect these types of programs against advanced single-trace side-channel attacks. Our scheme achieves provable security in the noisy leakage model under a formal assumption on the leakage of randomized variables. To demonstrate the applicability of our solution, we provide concrete examples on several widely deployed scalar multiplication algorithms and report some benchmarks for a protected implementation on a smart card

On Circuit Private, Multikey and Threshold Approximate Homomorphic Encryption

Homomorphic encryption for approximate arithmetic allows one to encrypt discretized real/complex numbers and evaluate arithmetic circuits over them. The first scheme, called CKKS, was introduced by Cheon et al. (Asiacrypt 2017) and gained tremendous attention. The enthusiasm for CKKS-type encryption stems from its potential to be used in inference or multiparty computation tasks that do not require an exact output. A desirable property for homomorphic encryption is circuit privacy, which requires that a ciphertext leaks no information on the computation performed to obtain it. Despite numerous improvements directed toward improving efficiency, the question of circuit privacy for approximate homomorphic encryption remains open. In this paper, we give the first formal study of circuit privacy for homomorphic encryption over approximate arithmetic. We introduce formal models that allow us to reason about circuit privacy. Then, we show that approximate homomorphic encryption can be made circuit private using tools from differential privacy with appropriately chosen parameters. In particular, we show that by applying an exponential (in the security parameter) Gaussian noise on the evaluated ciphertext, we remove useful information on the circuit from the ciphertext. Crucially, we show that the noise parameter is tight, and taking a lower one leads to an efficient adversary against such a system. We expand our definitions and analysis to the case of multikey and threshold homomorphic encryption for approximate arithmetic. Such schemes allow users to evaluate a function on their combined inputs and learn the output without leaking anything on the inputs. A special case of multikey and threshold encryption schemes defines a so-called partial decryption algorithm where each user publishes a ``masked\u27\u27 version of its secret key, allowing all users to decrypt a ciphertext. Similarly, in this case, we show that applying a proper differentially private mechanism gives us IND-CPA-style security where the adversary additionally gets as input the partial decryptions. This is the first security analysis of approximate homomorphic encryption schemes that consider the knowledge of partial decryptions. As part of our study, we scrutinize recent proposals for the definition and constructions of threshold homomorphic encryption schemes and show new random oracle uninstantiability results that may be of independent interest

Unstructured Direct Elicitation of Decision Rules

We investigate the feasibility of unstructured direct-elicitation (UDE) of decision rules consumers use to form consideration sets. With incentives to think hard and answer truthfully, tested formats ask respondents to state non-compensatory, compensatory, or mixed rules for agents who will select a product for the respondents. In a mobile-phone study two validation tasks (one delayed 3 weeks) ask respondents to indicate which of 32 mobile phones they would consider from a fractional 4[superscript 5]x2[superscript 2] design of features and levels. UDE predicts consideration sets better, across profiles and across respondents, than a structured direct-elicitation method (SDE). It predicts comparably to established incentive-aligned compensatory, non-compensatory, and mixed decompositional methods. In a more-complex (20x7x5[superscript 2]x4x3[superscript 4]x2[superscript 2]) automobile study, non-compensatory decomposition is not feasible and additive-utility decomposition is strained, but UDE scales well. Incentives are aligned for all methods using prize indemnity insurance to award a chance at $40,000 for an automobile plus cash. UDE predicts consideration sets better than either additive decomposition or an established SDE method (Casemap). We discuss the strengths and weaknesses of UDE relative to established methods.Research Grants Council (Hong Kong, China) (SAR (9041182, CityU 1454/06H))Pennsylvania State University (Smeal Small Research Grant