6 research outputs found
Private Data System Enabling Self-Sovereign Storage Managed by Executable Choreographies
With the increased use of Internet, governments and large companies store and
share massive amounts of personal data in such a way that leaves no space for
transparency. When a user needs to achieve a simple task like applying for
college or a driving license, he needs to visit a lot of institutions and
organizations, thus leaving a lot of private data in many places. The same
happens when using the Internet. These privacy issues raised by the centralized
architectures along with the recent developments in the area of serverless
applications demand a decentralized private data layer under user control. We
introduce the Private Data System (PDS), a distributed approach which enables
self-sovereign storage and sharing of private data. The system is composed of
nodes spread across the entire Internet managing local key-value databases. The
communication between nodes is achieved through executable choreographies,
which are capable of preventing information leakage when executing across
different organizations with different regulations in place. The user has full
control over his private data and is able to share and revoke access to
organizations at any time. Even more, the updates are propagated instantly to
all the parties which have access to the data thanks to the system design.
Specifically, the processing organizations may retrieve and process the shared
information, but are not allowed under any circumstances to store it on long
term. PDS offers an alternative to systems that aim to ensure self-sovereignty
of specific types of data through blockchain inspired techniques but face
various problems, such as low performance. Both approaches propose a
distributed database, but with different characteristics. While the
blockchain-based systems are built to solve consensus problems, PDS's purpose
is to solve the self-sovereignty aspects raised by the privacy laws, rules and
principles.Comment: DAIS 201
A Protocol for the Secure Linking of Registries for HPV Surveillance
In order to monitor the effectiveness of HPV vaccination in Canada the linkage of multiple data registries may be required. These registries may not always be managed by the same organization and, furthermore, privacy legislation or practices may restrict any data linkages of records that can actually be done among registries. The objective of this study was to develop a secure protocol for linking data from different registries and to allow on-going monitoring of HPV vaccine effectiveness.A secure linking protocol, using commutative hash functions and secure multi-party computation techniques was developed. This protocol allows for the exact matching of records among registries and the computation of statistics on the linked data while meeting five practical requirements to ensure patient confidentiality and privacy. The statistics considered were: odds ratio and its confidence interval, chi-square test, and relative risk and its confidence interval. Additional statistics on contingency tables, such as other measures of association, can be added using the same principles presented. The computation time performance of this protocol was evaluated.The protocol has acceptable computation time and scales linearly with the size of the data set and the size of the contingency table. The worse case computation time for up to 100,000 patients returned by each query and a 16 cell contingency table is less than 4 hours for basic statistics, and the best case is under 3 hours.A computationally practical protocol for the secure linking of data from multiple registries has been demonstrated in the context of HPV vaccine initiative impact assessment. The basic protocol can be generalized to the surveillance of other conditions, diseases, or vaccination programs
Hardware-Assisted Secure Computation
The theory community has worked on Secure Multiparty Computation (SMC) for more than two decades, and has produced many protocols for many settings. One common thread in these works is that the protocols cannot use a Trusted Third Party (TTP), even though this is conceptually the simplest and most general solution. Thus, current protocols involve only the direct players---we call such protocols self-reliant. They often use blinded boolean circuits, which has several sources of overhead, some due to the circuit representation and some due to the blinding. However, secure coprocessors like the IBM 4758 have actual security properties similar to ideal TTPs. They also have little RAM and a slow CPU.We call such devices Tiny TTPs. The availability of real tiny TTPs opens the door for a different approach to SMC problems. One major challenge with this approach is how to execute large programs on large inputs using the small protected memory of a tiny TTP, while preserving the trust properties that an ideal TTP provides. In this thesis we have investigated the use of real TTPs to help with the solution of SMC problems. We start with the use of such TTPs to solve the Private Information Retrieval (PIR) problem, which is one important instance of SMC. Our implementation utilizes a 4758. The rest of the thesis is targeted at general SMC. Our SMC system, Faerieplay, moves some functionality into a tiny TTP, and thus avoids the blinded circuit overhead. Faerieplay consists of a compiler from high-level code to an arithmetic circuit with special gates for efficient indirect array access, and a virtual machine to execute this circuit on a tiny TTP while maintaining the typical SMC trust properties. We report on Faerieplay\u27s security properties, the specification of its components, and our implementation and experiments. These include comparisons with the Fairplay circuit-based two-party system, and an implementation of the Dijkstra graph shortest path algorithm. We also provide an implementation of an oblivious RAM which supports similar tiny TTP-based SMC functionality but using a standard RAM program. Performance comparisons show Faerieplay\u27s circuit approach to be considerably faster, at the expense of a more constrained programming environment when targeting a circuit
Privacy-preserving data mining
In the research of privacy-preserving data mining, we address issues related to extracting
knowledge from large amounts of data without violating the privacy of the data owners.
In this study, we first introduce an integrated baseline architecture, design principles, and
implementation techniques for privacy-preserving data mining systems. We then discuss
the key components of privacy-preserving data mining systems which include three
protocols: data collection, inference control, and information sharing. We present and
compare strategies for realizing these protocols. Theoretical analysis and experimental
evaluation show that our protocols can generate accurate data mining models while
protecting the privacy of the data being mined