593 research outputs found
Prochlo: Strong Privacy for Analytics in the Crowd
The large-scale monitoring of computer users' software activities has become
commonplace, e.g., for application telemetry, error reporting, or demographic
profiling. This paper describes a principled systems architecture---Encode,
Shuffle, Analyze (ESA)---for performing such monitoring with high utility while
also protecting user privacy. The ESA design, and its Prochlo implementation,
are informed by our practical experiences with an existing, large deployment of
privacy-preserving software monitoring.
(cont.; see the paper
Peer-to-Peer Secure Multi-Party Numerical Computation Facing Malicious Adversaries
We propose an efficient framework for enabling secure multi-party numerical
computations in a Peer-to-Peer network. This problem arises in a range of
applications such as collaborative filtering, distributed computation of trust
and reputation, monitoring and other tasks, where the computing nodes is
expected to preserve the privacy of their inputs while performing a joint
computation of a certain function. Although there is a rich literature in the
field of distributed systems security concerning secure multi-party
computation, in practice it is hard to deploy those methods in very large scale
Peer-to-Peer networks. In this work, we try to bridge the gap between
theoretical algorithms in the security domain, and a practical Peer-to-Peer
deployment.
We consider two security models. The first is the semi-honest model where
peers correctly follow the protocol, but try to reveal private information. We
provide three possible schemes for secure multi-party numerical computation for
this model and identify a single light-weight scheme which outperforms the
others. Using extensive simulation results over real Internet topologies, we
demonstrate that our scheme is scalable to very large networks, with up to
millions of nodes. The second model we consider is the malicious peers model,
where peers can behave arbitrarily, deliberately trying to affect the results
of the computation as well as compromising the privacy of other peers. For this
model we provide a fourth scheme to defend the execution of the computation
against the malicious peers. The proposed scheme has a higher complexity
relative to the semi-honest model. Overall, we provide the Peer-to-Peer network
designer a set of tools to choose from, based on the desired level of security.Comment: Submitted to Peer-to-Peer Networking and Applications Journal (PPNA)
200
Stochastically robust personalized ranking for LSH recommendation retrieval
National Research Foundation (NRF) Singapore under NRF Fellowship Programm
Privacy-preserving recommendation system using federated learning
Federated Learning is a form of distributed learning which leverages edge devices for training. It aims to preserve privacy by communicating users’ learning parameters and gradient updates to the global server during the training while keeping the actual data on the users’ devices. The training on global server is performed on these parameters instead of user data directly while fine tuning of the model can be done on client’s devices locally. However, federated learning is not without its shortcomings and in this thesis, we present an overview of the learning paradigm and propose a new federated recommender system framework that utilizes homomorphic encryption. This results in a slight decrease in accuracy metrics but leads to greatly increased user-privacy. We also show that performing computations on encrypted gradients barely affects the recommendation performance while ensuring a more secure means of communicating user gradients to and from the global server
Secure Outsourced Computation on Encrypted Data
Homomorphic encryption (HE) is a promising cryptographic technique that supports computations on encrypted data without requiring decryption first. This ability allows sensitive data, such as genomic, financial, or location data, to be outsourced for evaluation in a resourceful third-party such as the cloud without compromising data privacy. Basic homomorphic primitives support addition and multiplication on ciphertexts. These primitives can be utilized to represent essential computations, such as logic gates, which subsequently can support more complex functions. We propose the construction of efficient cryptographic protocols as building blocks (e.g., equality, comparison, and counting) that are commonly used in data analytics and machine learning. We explore the use of these building blocks in two privacy-preserving applications. One application leverages our secure prefix matching algorithm, which builds on top of the equality operation, to process geospatial queries on encrypted locations. The other applies our secure comparison protocol to perform conditional branching in private evaluation of decision trees.
There are many outsourced computations that require joint evaluation on private data owned by multiple parties. For example, Genome-Wide Association Study (GWAS) is becoming feasible because of the recent advances of genome sequencing technology. Due to the sensitivity of genomic data, this data is encrypted using different keys possessed by different data owners. Computing on ciphertexts encrypted with multiple keys is a non-trivial task. Current solutions often require a joint key setup before any computation such as in threshold HE or incur large ciphertext size (at best, grows linearly in the number of involved keys) such as in multi-key HE. We propose a hybrid approach that combines the advantages of threshold and multi-key HE to support computations on ciphertexts encrypted with different keys while vastly reducing ciphertext size.
Moreover, we propose the SparkFHE framework to support large-scale secure data analytics in the Cloud. SparkFHE integrates Apache Spark with Fully HE to support secure distributed data analytics and machine learning and make two novel contributions: (1) enabling Spark to perform efficient computation on large datasets while preserving user privacy, and (2) accelerating intensive homomorphic computation through parallelization of tasks across clusters of computing nodes. To our best knowledge, SparkFHE is the first addressing these two needs simultaneously
Cloud-based homomorphic encryption for privacy-preserving machine learning in clinical decision support
While privacy and security concerns dominate public cloud services, Homomorphic Encryption (HE) is seen as an emerging solution that ensures secure processing of sensitive data via untrusted networks in the public cloud or by third-party cloud vendors. It relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data meaningfully while still in encrypted form; although there are major stumbling blocks to overcome before the technology is considered mature for production cloud environments. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. Machine Learning (ML) is employed in CDS applications that typically learn and can personalise actions based on individual behaviour. A relatively simple-to-implement, common and consistent framework is sought that can overcome most limitations of Fully Homomorphic Encryption (FHE) in order to offer an expanded and flexible set of HE capabilities. In the absence of a significant breakthrough in FHE efficiency and practical use, it would appear that a solution relying on client interactions is the best known entity for meeting the requirements of private CDS-based computation, so long as security is not significantly compromised. A hybrid solution is introduced, that intersperses limited two-party interactions amongst the main homomorphic computations, allowing exchange of both numerical and logical cryptographic contexts in addition to resolving other major FHE limitations. Interactions involve the use of client-based ciphertext decryptions blinded by data obfuscation techniques, to maintain privacy. This thesis explores the middle ground whereby HE schemes can provide improved and efficient arbitrary computational functionality over a significantly reduced two-party network interaction model involving data obfuscation techniques. This compromise allows for the powerful capabilities of HE to be leveraged, providing a more uniform, flexible and general approach to privacy-preserving system integration, which is suitable for cloud deployment. The proposed platform is uniquely designed to make HE more practical for mainstream clinical application use, equipped with a rich set of capabilities and potentially very complex depth of HE operations. Such a solution would be suitable for the long-term privacy preserving-processing requirements of a cloud-based CDS system, which would typically require complex combinatorial logic, workflow and ML capabilities
Recommended from our members
Toward practical and private online services
Today's common online services (social networks, media streaming, messaging,
email, etc.) bring convenience. However, these services are susceptible to
privacy leaks. Certainly, email snooping by rogue employees, email server
hacks, and accidental disclosures of user ratings for movies are some
sources of private information leakage. This dissertation investigates the
following question: Can we build systems that (a) provide strong privacy
guarantees to the users, (b) are consistent with existing commercial and policy
regimes, and (c) are affordable?
Satisfying all three requirements simultaneously is challenging, as providing
strong privacy guarantees usually necessitates either sacrificing functionality,
incurring high resource costs, or both. Indeed, there are powerful cryptographic
protocols---private information retrieval (PIR), and secure two-party
computation (2PC)---that provide strong guarantees but are orders of magnitude
more expensive than their non-private counterparts. This dissertation takes
these protocols as a starting point and then substantially reduces their costs
by tailoring them using application-specific properties. It presents two
systems, Popcorn and Pretzel, built on this design ethos.
Popcorn is a Netflix-like media delivery system, that provably hides, even from
the content distributor (for example, Netflix), which movie a user is watching.
Popcorn tailors PIR protocols to the media domain. It amortizes the server-side
overhead of PIR by batching requests from the large number of concurrent users
retrieving content at any given time; and, it forms large batches without
introducing playback delays by leveraging the properties of media streaming.
Popcorn is consistent with the prevailing commercial regime (copyrights, etc.),
and its per-request dollar cost is 3.87 times that of a non-private system.
The other system described in this dissertation, Pretzel, is an email system
that encrypts emails end-to-end between senders and intended recipients, but
allows the email service provider to perform content-based spam filtering and
targeted advertising. Pretzel refines a 2PC protocol. It reduces the resource
consumption of the protocol by replacing the underlying encryption scheme with a
more efficient one, applying a packing technique to conserve invocations of the
encryption algorithm, and pruning the inputs to the protocol. Pretzel's costs,
versus a legacy non-private implementation, are estimated to be up to 5.4 times
for the email provider, with additional but modest client-side requirements.
Popcorn and Pretzel have fundamental connections. For instance, the
cryptographic protocols in both systems securely compute vector-matrix products.
However, we observe that differences in the vector and matrix dimensions lead to
different system designs.
Ultimately, both systems represent a potentially appealing compromise: sacrifice
some functionality to build in strong privacy properties at affordable costs.Computer Science
Algorithmic Mechanism Construction bridging Secure Multiparty Computation and Intelligent Reasoning
This work presents the construction of intelligent algorithmic mechanism based on multidimensional view of intelligent reasoning, threat analytics, cryptographic solutions and secure multiparty computation. It is basically an attempt of the cross fertilization of distributed AI, algorithmic game theory and cryptography. The mechanism evaluates innate and adaptive system immunity in terms of collective, machine, collaborative, business and security intelligence. It also shows the complexity analysis of the mechanism and experimental results on three test cases: (a) intrusion detection, (b) adaptively secure broadcast and (c) health security
- …