SoK: Privacy Preserving Machine Learning using Functional Encryption: Opportunities and Challenges

With the advent of functional encryption, new possibilities for computation on encrypted data have arisen. Functional Encryption enables data owners to grant third-party access to perform specified computations without disclosing their inputs. It also provides computation results in plain, unlike Fully Homomorphic Encryption. The ubiquitousness of machine learning has led to the collection of massive private data in the cloud computing environment. This raises potential privacy issues and the need for more private and secure computing solutions. Numerous efforts have been made in privacy-preserving machine learning (PPML) to address security and privacy concerns. There are approaches based on fully homomorphic encryption (FHE), secure multiparty computation (SMC), and, more recently, functional encryption (FE). However, FE-based PPML is still in its infancy and has not yet gotten much attention compared to FHE-based PPML approaches. In this paper, we provide a systematization of PPML works based on FE summarizing state-of-the-art in the literature. We focus on Inner-product-FE and Quadratic-FE-based machine learning models for the PPML applications. We analyze the performance and usability of the available FE libraries and their applications to PPML. We also discuss potential directions for FE-based PPML approaches. To the best of our knowledge, this is the first work to systematize FE-based PPML approaches

Functional Encryption을 이용한 프라이버시 보호 온라인 타겟 광고 시스템

학위논문(석사) -- 서울대학교대학원 : 공과대학 컴퓨터공학부, 2023. 2. 권태경.As interest in protecting user privacy began to surge, the online advertising industry, a multi-billion market, is also facing the same challenge. Currently, online ads are delivered through real-time bidding (RTB) and behavioral targeting of users. This is done by tracking users across websites to infer their interests and preferences and then used when selecting ads to present to the user. The user profile sent in the ad request contains data that infringes on user privacy and is delivered to various RTB ecosystem actors, not to mention the data stored by the bidders to increase their performance and profitability. I propose a framework named FAdE to preserve user privacy while enabling behavioral targeting and supporting the current RTB ecosystem by introducing minimal changes in the protocols and data structure. My design leverages the functional encryption (FE) scheme to preserve the user's privacy in behavioral targeted advertising. Specifically, I introduce a trusted third party (TTP) who is the key generator in my FE scheme. The user's profile originally used for behavioral targeting is now encrypted and cannot be decrypted by the participants of the RTB ecosystem. However, the demand-side platforms (DSPs) can submit their functions to the TTP and receive function keys. This function derives a metric, a user score, based on the user profile that can be used in their bidding algorithm. Decrypting the encrypted user profiles with the function keys results in the function's output with the user profile as its input. As a result, the user's privacy is preserved within the RTB ecosystem, while DSPs can still submit their bids through behavioral targeting. My evaluation showed that when using a user profile bit vector of length 2,000, it took less than 20ms to decrypt the encrypted user profile and derive the user score metric through the inner-product function. This is much smaller than my criteria of 50ms, which is based on the typical bidding timeframe (100–1,000ms) used in the ad industry. Moreover, my result is smaller than the state-of-the-art privacy-preserving proposals using homomorphic encryption or multi-party computations. To demonstrate the potential for real-world deployment., I build a prototype implementation of my design that consists of a publisher's website, an ad exchange (ADX), the DSP, and the TTP.최근 사용자 개인 정보 보호에 대한 관심이 급증하면서 수십억 규모의 시장인 온라인 광고 산업도 같은 문제에 직면해 있다. 현재의 온라인 광고는 Real-time Bidding (RTB)과 사용자 타깃 광고 (targeted advertising)로 대표된다. 이는 웹사이트에서 사용자의 정보를 바탕으로 관심과 선호도를 추정하고 이를 이용해 사용자에게 표시할 적절한 광고를 입찰, 선택하는 방식이다. 광고 요청을 위해 전송되는 user profile에는 사용자의 개인 정보를 침해하는 데이터가 포함되어 있으며, RTB 생태계의 여러 참여자에게 있는 그대로 전달되는 문제점이 있다. 본 연구는 사용자의 개인 정보를 보호하는 동시에 기존의 프로토콜 및 데이터 구조에는 최소한의 변경을 도입함으로써 현재의 RTB 생태계에서 계속해서 타깃 광고가 가능하도록 지원하는 FAdE를 제안한다. 제안하는 디자인은 Functional Encryption (FE)과 그 key 생성자인 Trusted Third Party (TTP)의 도입을 통해 개인정보 보호가 가능한 타깃 광고를 제공한다. 본 디자인에서는, 기존 타깃 광고를 위해 사용되던 user profile을 암호화(encrypt)하여 전달하므로 다른 RTB 환경의 참여자가 해독(decrypt)할 수 없다. Demand Side Platform (DSP)은 광고 요청에 대한 입찰 여부와 입찰가격을 결정하기 위해 암호화된 유저 데이터(encrypted user data, ciphertext)를 사용한다. DSP는 사전에 사용자의 점수를 연산하기 위한 function을 작성하고 이를 TTP에 제출하여 function key를 획득한다. 이 function key를 이용해 암호화된 유저 데이터를 해독(decrypt) 하면 DSP의 내부 입찰 알고리즘에 메트릭(metric)으로 활용할 수 있는 user score를 얻게 되고 이를 입찰 결정에 활용하게 된다. 결과적으로 RTB 환경 내에서 사용자의 개인정보는 보호하면서 DSP는 사용자의 숨겨진 정보를 기반으로 타깃 광고 입찰에 참여할 수 있다. 마지막으로, FAdE 디자인의 실제 활용 가능성에 대한 분석을 진행한다. user profile은 충분한 길이로 확인된 2,000 길이의 0과 1로 이루어진 벡터 (bit vector) 형태로 생성한다. 이 user profile vector를 FE로 암호화(encrypt)한 후, weight vector에 해당하는 임의의 function과 벡터 내적(Inner product) 연산에 소요되는 시간을 측정하였을 때, user score를 도출하는 데 20ms 미만이 소요되는 것을 확인한다. 이는 광고 업계에서 일반적으로 사용되는 입찰 제한 시간(100-1,000ms)을 바탕으로 정의한 본 연구의 자체 기준 50ms 보다 충분히 작은 값에 해당한다. 이 결과는 동형 암호화(Homomorphic Encryption) 또는 Multi-Party Computation(MPC) 등을 사용하는 온라인 광고에서의 다른 개인정보 보호 제안보다 성능 상의 이점을 갖는다. 또한 제안 디자인을 활용해 타깃광고가 실제로 가능함을 확인하기 위해 Publisher 웹사이트, Ad Exchange(ADX), 3개의 DSP 그리고 TTP로 구성된 제안 디자인의 프로토타입 구현을 제시한다. 본 연구에서 제안된 FAdE를 통해 사용자의 개인 정보는 보호하면서 기존과 같은 수준의 타깃 광고가 가능하고, 이를 수용 가능한 수준의 적은 오버헤드로 적용이 가능하였음을 확인하였다. 연구의 결과가 향후 실제 온라인 광고 생태계에서 사용자의 프라이버시 보호에 기여할 수 있을 것으로 기대한다.Chapter 1 Introduction 1 Chapter 2 Background 5 2.1 Online Advertising 5 2.1.1 RTB Ecosystem 6 2.1.2 OpenRTB 8 2.2 Functional Encryption 9 2.2.1 Overview of FE 10 2.2.2 Difference between FE and FHE 11 2.2.3 Information Leakage in Functional Encryption 12 2.2.4 Inner Product Functional Encryption (IPFE) 13 Chapter 3 Design 14 3.1 The approach to preserving privacy 15 3.1.1 Encrypted user profile using FE 15 3.2 Setup phase 18 3.2.1 TTP 18 3.2.2 User Browser 18 3.2.3 DSP 19 3.3 Bidding Phase 20 3.3.1 Browser (User) 21 3.3.2 DSP 21 Chapter 4 Evaluation 24 4.1 Criteria 24 4.1.1 Time 24 4.1.2 File size 25 4.2 Environment 26 4.2.1 Testbed 26 4.2.2 FE Library 26 4.3 Result 26 4.3.1 FAdE design 26 4.3.2 Extra test 30 4.4 Prototyping 33 Chapter 5 Related work 36 Chapter 6 Conculsion 40 Appendix A 48 A.1 Bid Request Sample (OpenRTB 2.5) 48 A.2 Functional Encryption Algorithm 50 국문초록 53석

SoK: Cryptographically Protected Database Search

Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases. At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. To address these challenges, we provide the following contributions: 1) An identification of the important primitive operations across database paradigms. We find there are a small number of base operations that can be used and combined to support a large number of database paradigms. 2) An evaluation of the current state of protected search systems in implementing these base operations. This evaluation describes the main approaches and tradeoffs for each base operation. Furthermore, it puts protected search in the context of unprotected search, identifying key gaps in functionality. 3) An analysis of attacks against protected search for different base queries. 4) A roadmap and tools for transforming a protected search system into a protected database, including an open-source performance evaluation platform and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac

Functional encryption based approaches for practical privacy-preserving machine learning

Machine learning (ML) is increasingly being used in a wide variety of application domains. However, deploying ML solutions poses a significant challenge because of increasing privacy concerns, and requirements imposed by privacy-related regulations. To tackle serious privacy concerns in ML-based applications, significant recent research efforts have focused on developing privacy-preserving ML (PPML) approaches by integrating into ML pipeline existing anonymization mechanisms or emerging privacy protection approaches such as differential privacy, secure computation, and other architectural frameworks. While promising, existing secure computation based approaches, however, have significant computational efficiency issues and hence, are not practical. In this dissertation, we address several challenges related to PPML and propose practical secure computation based approaches to solve them. We consider both two-tier cloud-based and three-tier hybrid cloud-edge based PPML architectures and address both emerging deep learning models and federated learning approaches. The proposed approaches enable us to outsource data or update a locally trained model in a privacy-preserving manner by employing computation over encrypted datasets or local models. Our proposed secure computation solutions are based on functional encryption (FE) techniques. Evaluation of the proposed approaches shows that they are efficient and more practical than existing approaches, and provide strong privacy guarantees. We also address issues related to the trustworthiness of various entities within the proposed PPML infrastructures. This includes a third-party authority (TPA) which plays a critical role in the proposed FE-based PPML solutions, and cloud service providers. To ensure that such entities can be trusted, we propose a transparency and accountability framework using blockchain. We show that the proposed transparency framework is effective and guarantees security properties. Experimental evaluation shows that the proposed framework is efficient

Secure and Efficient Federated Learning in LEO Constellations using Decentralized Key Generation and On-Orbit Model Aggregation

Satellite technologies have advanced drastically in recent years, leading to a heated interest in launching small satellites into low Earth orbit (LEOs) to collect massive data such as satellite imagery. Downloading these data to a ground station (GS) to perform centralized learning to build an AI model is not practical due to the limited and expensive bandwidth. Federated learning (FL) offers a potential solution but will incur a very large convergence delay due to the highly sporadic and irregular connectivity between LEO satellites and GS. In addition, there are significant security and privacy risks where eavesdroppers or curious servers/satellites may infer raw data from satellites' model parameters transmitted over insecure communication channels. To address these issues, this paper proposes FedSecure, a secure FL approach designed for LEO constellations, which consists of two novel components: (1) decentralized key generation that protects satellite data privacy using a functional encryption scheme, and (2) on-orbit model forwarding and aggregation that generates a partial global model per orbit to minimize the idle waiting time for invisible satellites to enter the visible zone of the GS. Our analysis and results show that FedSecure preserves the privacy of each satellite's data against eavesdroppers, a curious server, or curious satellites. It is lightweight with significantly lower communication and computation overheads than other privacy-preserving FL aggregation approaches. It also reduces convergence delay drastically from days to only a few hours, yet achieving high accuracy of up to 85.35% using realistic satellite images

On the Leakage of Fuzzy Matchers

In a biometric recognition system, the matcher compares an old and a fresh template to decide if it is a match or not. Beyond the binary output (`yes' or `no'), more information is computed. This paper provides an in-depth analysis of information leakage during distance evaluation, with an emphasis on threshold-based obfuscated distance (\textit{i.e.}, Fuzzy Matcher). Leakage can occur due to a malware infection or the use of a weakly privacy-preserving matcher, exemplified by side channel attacks or partially obfuscated designs. We provide an exhaustive catalog of information leakage scenarios as well as their impacts on the security concerning data privacy. Each of the scenarios leads to generic attacks whose impacts are expressed in terms of computational costs, hence allowing the establishment of upper bounds on the security level.Comment: Minor correction