685 research outputs found
Reuse It Or Lose It: More Efficient Secure Computation Through Reuse of Encrypted Values
Two-party secure function evaluation (SFE) has become significantly more
feasible, even on resource-constrained devices, because of advances in
server-aided computation systems. However, there are still bottlenecks,
particularly in the input validation stage of a computation. Moreover, SFE
research has not yet devoted sufficient attention to the important problem of
retaining state after a computation has been performed so that expensive
processing does not have to be repeated if a similar computation is done again.
This paper presents PartialGC, an SFE system that allows the reuse of encrypted
values generated during a garbled-circuit computation. We show that using
PartialGC can reduce computation time by as much as 96% and bandwidth by as
much as 98% in comparison with previous outsourcing schemes for secure
computation. We demonstrate the feasibility of our approach with two sets of
experiments, one in which the garbled circuit is evaluated on a mobile device
and one in which it is evaluated on a server. We also use PartialGC to build a
privacy-preserving "friend finder" application for Android. The reuse of
previous inputs to allow stateful evaluation represents a new way of looking at
SFE and further reduces computational barriers.Comment: 20 pages, shorter conference version published in Proceedings of the
2014 ACM SIGSAC Conference on Computer and Communications Security, Pages
582-596, ACM New York, NY, US
DeepSecure: Scalable Provably-Secure Deep Learning
This paper proposes DeepSecure, a novel framework that enables scalable
execution of the state-of-the-art Deep Learning (DL) models in a
privacy-preserving setting. DeepSecure targets scenarios in which neither of
the involved parties including the cloud servers that hold the DL model
parameters or the delegating clients who own the data is willing to reveal
their information. Our framework is the first to empower accurate and scalable
DL analysis of data generated by distributed clients without sacrificing the
security to maintain efficiency. The secure DL computation in DeepSecure is
performed using Yao's Garbled Circuit (GC) protocol. We devise GC-optimized
realization of various components used in DL. Our optimized implementation
achieves more than 58-fold higher throughput per sample compared with the
best-known prior solution. In addition to our optimized GC realization, we
introduce a set of novel low-overhead pre-processing techniques which further
reduce the GC overall runtime in the context of deep learning. Extensive
evaluations of various DL applications demonstrate up to two
orders-of-magnitude additional runtime improvement achieved as a result of our
pre-processing methodology. This paper also provides mechanisms to securely
delegate GC computations to a third party in constrained embedded settings
Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications
We present Chameleon, a novel hybrid (mixed-protocol) framework for secure
function evaluation (SFE) which enables two parties to jointly compute a
function without disclosing their private inputs. Chameleon combines the best
aspects of generic SFE protocols with the ones that are based upon additive
secret sharing. In particular, the framework performs linear operations in the
ring using additively secret shared values and nonlinear
operations using Yao's Garbled Circuits or the Goldreich-Micali-Wigderson
protocol. Chameleon departs from the common assumption of additive or linear
secret sharing models where three or more parties need to communicate in the
online phase: the framework allows two parties with private inputs to
communicate in the online phase under the assumption of a third node generating
correlated randomness in an offline phase. Almost all of the heavy
cryptographic operations are precomputed in an offline phase which
substantially reduces the communication overhead. Chameleon is both scalable
and significantly more efficient than the ABY framework (NDSS'15) it is based
on. Our framework supports signed fixed-point numbers. In particular,
Chameleon's vector dot product of signed fixed-point numbers improves the
efficiency of mining and classification of encrypted data for algorithms based
upon heavy matrix multiplications. Our evaluation of Chameleon on a 5 layer
convolutional deep neural network shows 133x and 4.2x faster executions than
Microsoft CryptoNets (ICML'16) and MiniONN (CCS'17), respectively
GraphSE: An Encrypted Graph Database for Privacy-Preserving Social Search
In this paper, we propose GraphSE, an encrypted graph database for online
social network services to address massive data breaches. GraphSE preserves
the functionality of social search, a key enabler for quality social network
services, where social search queries are conducted on a large-scale social
graph and meanwhile perform set and computational operations on user-generated
contents. To enable efficient privacy-preserving social search, GraphSE
provides an encrypted structural data model to facilitate parallel and
encrypted graph data access. It is also designed to decompose complex social
search queries into atomic operations and realise them via interchangeable
protocols in a fast and scalable manner. We build GraphSE with various
queries supported in the Facebook graph search engine and implement a
full-fledged prototype. Extensive evaluations on Azure Cloud demonstrate that
GraphSE is practical for querying a social graph with a million of users.Comment: This is the full version of our AsiaCCS paper "GraphSE: An
Encrypted Graph Database for Privacy-Preserving Social Search". It includes
the security proof of the proposed scheme. If you want to cite our work,
please cite the conference version of i
Anonymous subject identification and privacy information management in video surveillance
The widespread deployment of surveillance cameras has raised serious privacy concerns, and many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. Of equal importance are the privacy and efficiency of techniques to first, identify those individuals for privacy protection and second, provide access to original surveillance video contents for security analysis. In this paper, we propose an anonymous subject identification and privacy data management system to be used in privacy-aware video surveillance. The anonymous subject identification system uses iris patterns to identify individuals for privacy protection. Anonymity of the iris-matching process is guaranteed through the use of a garbled-circuit (GC)-based iris matching protocol. A novel GC complexity reduction scheme is proposed by simplifying the iris masking process in the protocol. A user-centric privacy information management system is also proposed that allows subjects to anonymously access their privacy information via their iris patterns. The system is composed of two encrypted-domain protocols: The privacy information encryption protocol encrypts the original video records using the iris pattern acquired during the subject identification phase; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of our framework
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
UFace: Your universal password no one can see
With the advantage of not having to memorize long passwords, facial authentication has become a topic of interest among researchers. However, since many users store images containing their face on social networking sites, a new challenge emerges in preventing attackers from impersonating these users by using these online photos. Another problem with most current facial authentication protocols is that they require an unencrypted image of each registered user\u27s face to compare against. Moreover, they might require the user\u27s device to execute computationally expensive multiparty protocols which presents a problem for mobile devices with limited processing power. Finally, these authentication protocols will not be able to be implemented in real systems because they take too long to execute. In this paper, we present a novel privacy preserving facial authentication system, called UFace. Not only does UFace limit the amount of computation for a user\u27s mobile device, but it also prevents unencrypted images from leaving a user\u27 possession while finishing the authentication protocol within seconds. Web services can now outsource their authentication protocol to UFace so that each web service only needs to handle its own functionality. UFace guarantees that it can correctly authenticate each user with 90% accuracy, prevent attacks from using online photos and that all data used in the authentication protocol is done on encrypted randomized data. In other words, only the user can see the facial image and feature vector used for authentication; all other parties execute the protocol using seemingly random information. UFace was implemented through two facets: a mobile client application to obtain and encrypt the feature vector of each user\u27s facial image, and a server protocol to securely authenticate a feature vector using secure multiparty computations. The experimental results demonstrate that UFace can be used as a third party authentication tool for any number of web services --Abstract, page iii
- …