1,748 research outputs found
SANNS: Scaling Up Secure Approximate k-Nearest Neighbors Search
The -Nearest Neighbor Search (-NNS) is the backbone of several
cloud-based services such as recommender systems, face recognition, and
database search on text and images. In these services, the client sends the
query to the cloud server and receives the response in which case the query and
response are revealed to the service provider. Such data disclosures are
unacceptable in several scenarios due to the sensitivity of data and/or privacy
laws.
In this paper, we introduce SANNS, a system for secure -NNS that keeps
client's query and the search result confidential. SANNS comprises two
protocols: an optimized linear scan and a protocol based on a novel sublinear
time clustering-based algorithm. We prove the security of both protocols in the
standard semi-honest model. The protocols are built upon several
state-of-the-art cryptographic primitives such as lattice-based additively
homomorphic encryption, distributed oblivious RAM, and garbled circuits. We
provide several contributions to each of these primitives which are applicable
to other secure computation tasks. Both of our protocols rely on a new circuit
for the approximate top- selection from numbers that is built from comparators.
We have implemented our proposed system and performed extensive experimental
results on four datasets in two different computation environments,
demonstrating more than faster response time compared to
optimally implemented protocols from the prior work. Moreover, SANNS is the
first work that scales to the database of 10 million entries, pushing the limit
by more than two orders of magnitude.Comment: 18 pages, to appear at USENIX Security Symposium 202
Private Data Transfer over a Broadcast Channel
We study the following private data transfer problem: Alice has a database of
files. Bob and Cathy want to access a file each from this database (which may
or may not be the same file), but each of them wants to ensure that their
choices of file do not get revealed even if Alice colludes with the other user.
Alice, on the other hand, wants to make sure that each of Bob and Cathy does
not learn any more information from the database than the files they demand
(the identities of which will be unknown to her). Moreover, they should not
learn any information about the other files even if they collude.
It turns out that it is impossible to accomplish this if Alice, Bob, and
Cathy have access only to private randomness and noiseless communication links.
We consider this problem when a binary erasure broadcast channel with
independent erasures is available from Alice to Bob and Cathy in addition to a
noiseless public discussion channel. We study the
file-length-per-broadcast-channel-use rate in the honest-but-curious model. We
focus on the case when the database consists of two files, and obtain the
optimal rate. We then extend to the case of larger databases, and give upper
and lower bounds on the optimal rate.Comment: To be presented at IEEE International Symposium on Information Theory
(ISIT 2015), Hong Kon
Communication Complexity and Secure Function Evaluation
We suggest two new methodologies for the design of efficient secure
protocols, that differ with respect to their underlying computational models.
In one methodology we utilize the communication complexity tree (or branching
for f and transform it into a secure protocol. In other words, "any function f
that can be computed using communication complexity c can be can be computed
securely using communication complexity that is polynomial in c and a security
parameter". The second methodology uses the circuit computing f, enhanced with
look-up tables as its underlying computational model. It is possible to
simulate any RAM machine in this model with polylogarithmic blowup. Hence it is
possible to start with a computation of f on a RAM machine and transform it
into a secure protocol.
We show many applications of these new methodologies resulting in protocols
efficient either in communication or in computation. In particular, we
exemplify a protocol for the "millionaires problem", where two participants
want to compare their values but reveal no other information. Our protocol is
more efficient than previously known ones in either communication or
computation
Privacy-Preserving Shortest Path Computation
Navigation is one of the most popular cloud computing services. But in
virtually all cloud-based navigation systems, the client must reveal her
location and destination to the cloud service provider in order to learn the
fastest route. In this work, we present a cryptographic protocol for navigation
on city streets that provides privacy for both the client's location and the
service provider's routing data. Our key ingredient is a novel method for
compressing the next-hop routing matrices in networks such as city street maps.
Applying our compression method to the map of Los Angeles, for example, we
achieve over tenfold reduction in the representation size. In conjunction with
other cryptographic techniques, this compressed representation results in an
efficient protocol suitable for fully-private real-time navigation on city
streets. We demonstrate the practicality of our protocol by benchmarking it on
real street map data for major cities such as San Francisco and Washington,
D.C.Comment: Extended version of NDSS 2016 pape
Secure bit commitment from relativistic constraints
We investigate two-party cryptographic protocols that are secure under
assumptions motivated by physics, namely relativistic assumptions
(no-signalling) and quantum mechanics. In particular, we discuss the security
of bit commitment in so-called split models, i.e. models in which at least some
of the parties are not allowed to communicate during certain phases of the
protocol. We find the minimal splits that are necessary to evade the
Mayers-Lo-Chau no-go argument and present protocols that achieve security in
these split models. Furthermore, we introduce the notion of local versus global
command, a subtle issue that arises when the split committer is required to
delegate non-communicating agents to open the commitment. We argue that
classical protocols are insecure under global command in the split model we
consider. On the other hand, we provide a rigorous security proof in the global
command model for Kent's quantum protocol [Kent 2011, Unconditionally Secure
Bit Commitment by Transmitting Measurement Outcomes]. The proof employs two
fundamental principles of modern physics, the no-signalling property of
relativity and the uncertainty principle of quantum mechanics.Comment: published version, IEEE format, 18 pages, 8 figure
Anonymous subject identification and privacy information management in video surveillance
The widespread deployment of surveillance cameras has raised serious privacy concerns, and many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. Of equal importance are the privacy and efficiency of techniques to first, identify those individuals for privacy protection and second, provide access to original surveillance video contents for security analysis. In this paper, we propose an anonymous subject identification and privacy data management system to be used in privacy-aware video surveillance. The anonymous subject identification system uses iris patterns to identify individuals for privacy protection. Anonymity of the iris-matching process is guaranteed through the use of a garbled-circuit (GC)-based iris matching protocol. A novel GC complexity reduction scheme is proposed by simplifying the iris masking process in the protocol. A user-centric privacy information management system is also proposed that allows subjects to anonymously access their privacy information via their iris patterns. The system is composed of two encrypted-domain protocols: The privacy information encryption protocol encrypts the original video records using the iris pattern acquired during the subject identification phase; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of our framework
- …