71,532 research outputs found
Privacy-Preserving Outsourcing of Large-Scale Nonlinear Programming to the Cloud
The increasing massive data generated by various sources has given birth to
big data analytics. Solving large-scale nonlinear programming problems (NLPs)
is one important big data analytics task that has applications in many domains
such as transport and logistics. However, NLPs are usually too computationally
expensive for resource-constrained users. Fortunately, cloud computing provides
an alternative and economical service for resource-constrained users to
outsource their computation tasks to the cloud. However, one major concern with
outsourcing NLPs is the leakage of user's private information contained in NLP
formulations and results. Although much work has been done on
privacy-preserving outsourcing of computation tasks, little attention has been
paid to NLPs. In this paper, we for the first time investigate secure
outsourcing of general large-scale NLPs with nonlinear constraints. A secure
and efficient transformation scheme at the user side is proposed to protect
user's private information; at the cloud side, generalized reduced gradient
method is applied to effectively solve the transformed large-scale NLPs. The
proposed protocol is implemented on a cloud computing testbed. Experimental
evaluations demonstrate that significant time can be saved for users and the
proposed mechanism has the potential for practical use.Comment: Ang Li and Wei Du equally contributed to this work. This work was
done when Wei Du was at the University of Arkansas. 2018 EAI International
Conference on Security and Privacy in Communication Networks (SecureComm
DEMO: integrating MPC in big data workflows
Secure multi-party computation (MPC) allows multiple parties to perform a joint computation without disclosing their private inputs. Many real-world joint computation use cases, however, involve data analyses on very large data sets, and are implemented by software engineers who lack MPC knowledge. Moreover, the collaborating parties -- e.g., several companies -- often deploy different data analytics stacks internally. These restrictions hamper the real-world usability of MPC. To address these challenges, we combine existing MPC frameworks with data-parallel analytics frameworks by extending the Musketeer big data workflow manager [4]. Musketeer automatically generates code for both the sensitive parts of a workflow, which are executed in MPC, and the remainder of the computation, which runs on scalable, widely-deployed analytics systems. In a prototype use case, we compute the Herfindahl-Hirschman Index (HHI), an index of market concentration used in antitrust regulation, on an aggregate 156GB of taxi trip data over five transportation companies. Our implementation computes the HHI in about 20 minutes using a combination of Hadoop and VIFF [1], while even "mixed mode" MPC with VIFF alone would have taken many hours. Finally, we discuss future research questions that we seek to address using our approach
Conclave: secure multi-party computation on big data (extended TR)
Secure Multi-Party Computation (MPC) allows mutually distrusting parties to
run joint computations without revealing private data. Current MPC algorithms
scale poorly with data size, which makes MPC on "big data" prohibitively slow
and inhibits its practical use.
Many relational analytics queries can maintain MPC's end-to-end security
guarantee without using cryptographic MPC techniques for all operations.
Conclave is a query compiler that accelerates such queries by transforming them
into a combination of data-parallel, local cleartext processing and small MPC
steps. When parties trust others with specific subsets of the data, Conclave
applies new hybrid MPC-cleartext protocols to run additional steps outside of
MPC and improve scalability further.
Our Conclave prototype generates code for cleartext processing in Python and
Spark, and for secure MPC using the Sharemind and Obliv-C frameworks. Conclave
scales to data sets between three and six orders of magnitude larger than
state-of-the-art MPC frameworks support on their own. Thanks to its hybrid
protocols, Conclave also substantially outperforms SMCQL, the most similar
existing system.Comment: Extended technical report for EuroSys 2019 pape
Towards Confidential Computing: A Secure Cloud Architecture for Big Data Analytics and AI
Cloud computing provisions computer resources at a cost-effective way based
on demand. Therefore it has become a viable solution for big data analytics and
artificial intelligence which have been widely adopted in various domain
science. Data security in certain fields such as biomedical research remains a
major concern when moving their workflows to cloud, because cloud environments
are generally outsourced which are more exposed to risks. We present a secure
cloud architecture and describes how it enables workflow packaging and
scheduling while keeping its data, logic and computation secure in transit, in
use and at rest.Comment: 2023 IEEE 16th International Conference on Cloud Computing (IEEE
CLOUD), Chicago, Illinois, USA, July 2-8, 202
Trace Oblivious Program Execution
The big data era has dramatically transformed our lives; however, security incidents such as data breaches can put sensitive data (e.g. photos, identities, genomes) at risk. To protect users' data privacy, there is a growing interest in building secure cloud computing systems, which keep sensitive data inputs hidden, even from computation providers. Conceptually, secure cloud computing systems leverage cryptographic techniques (e.g., secure multiparty
computation) and trusted hardware (e.g. secure processors) to instantiate a “secure” abstract machine consisting of a CPU and encrypted memory, so that an adversary cannot learn information through either the computation within the CPU or the data in the memory. Unfortunately, evidence has shown that side channels (e.g. memory accesses, timing, and termination) in such a “secure” abstract machine may potentially leak highly sensitive information, including cryptographic keys that form the root of trust for the secure
systems.
This thesis broadly expands the investigation of a research direction called trace
oblivious computation, where programming language techniques are employed to prevent side channel information leakage. We demonstrate the feasibility of trace oblivious computation, by formalizing and building several systems, including GhostRider, which is a hardware-software co-design to provide a hardware-based trace oblivious computing solution, SCVM, which is an automatic RAM-model secure computation system, and ObliVM, which is a programming framework to facilitate programmers to develop applications. All of these systems enjoy formal security guarantees while demonstrating a better performance than prior systems, by one to several orders of magnitude
Security Infrastructure Technology for Integrated Utilization of Big Data
This open access book describes the technologies needed to construct a secure big data infrastructure that connects data owners, analytical institutions, and user institutions in a circle of trust. It begins by discussing the most relevant technical issues involved in creating safe and privacy-preserving big data distribution platforms, and especially focuses on cryptographic primitives and privacy-preserving techniques, which are essential prerequisites. The book also covers elliptic curve cryptosystems, which offer compact public key cryptosystems; and LWE-based cryptosystems, which are a type of post-quantum cryptosystem. Since big data distribution platforms require appropriate data handling, the book also describes a privacy-preserving data integration protocol and privacy-preserving classification protocol for secure computation. Furthermore, it introduces an anonymization technique and privacy risk evaluation technique. This book also describes the latest related findings in both the living safety and medical fields. In the living safety field, to prevent injuries occurring in everyday life, it is necessary to analyze injury data, find problems, and implement suitable measures. But most cases don’t include enough information for injury prevention because the necessary data is spread across multiple organizations, and data integration is difficult from a security standpoint. This book introduces a system for solving this problem by applying a method for integrating distributed data securely and introduces applications concerning childhood injury at home and school injury. In the medical field, privacy protection and patient consent management are crucial for all research. The book describes a medical test bed for the secure collection and analysis of electronic medical records distributed among various medical institutions. The system promotes big-data analysis of medical data with a cloud infrastructure and includes various security measures developed in our project to avoid privacy violations
Limits of Practical Sublinear Secure Computation
Secure computations on big data call for protocols that have sublinear communication complexity in the input length. While fully homomorphic encryption (FHE) provides a general solution to the problem, employing it on a large scale is currently quite far from being practical. This is also the case for secure computation tasks that reduce to weaker forms of FHE such as \u27\u27somewhat homomorphic encryption\u27\u27 or single-server private information retrieval (PIR).
Quite unexpectedly, Aggarwal, Mishra, and Pinkas (Eurocrypt 2004), Brickell and Shmatikov (Asiacrypt 2005), and shelat and Venkitasubramaniam (Asiacrypt 2015) have shown that in several natural instances of secure computation on big data, there are practical sublinear communication protocols that only require sublinear local computation and minimize the use of expensive public-key operations. This raises the question of whether similar protocols exist for other natural problems.
In this paper we put forward a framework for separating \u27\u27practical\u27\u27 sublinear protocols from \u27\u27impractical\u27\u27 ones, and establish a methodology for identifying \u27\u27provably hard\u27\u27 big-data problems that do not admit practical protocols. This is akin to the use of NP-completeness to separate hard algorithmic problems from easy ones. We show that while the previous protocols of Aggarwal et al., Brickell and Shmatikov, and shelat and Venkitasubramaniam are indeed classified as being \u27\u27practical\u27\u27 in this framework, slight variations of the problems they solve and other natural computational problems on big data are hard.
Our negative results are established by showing that the problem at hand is \u27\u27PIR-hard\u27\u27 in the sense that any secure protocol for the problem implies PIR on a large database. This imposes a barrier on the local computational cost of secure protocols for the problem. We also identify a new natural relaxation of PIR that we call semi-PIR, which is useful for establishing \u27\u27intermediate hardness\u27\u27 of several practically motivated secure computation tasks. We show that semi-PIR implies slightly sublinear PIR via an adaptive black-box reduction and that ruling out a stronger black-box reduction would imply a major breakthrough in complexity theory. We also establish information-theoretic separations between semi-PIR and PIR, showing that some problems that we prove to be semi-PIR-hard are not PIR-hard
PRIVACY PRESERVING POLICY UPDATE FOR BIG DATA ACCESS CONTROL IN THE CLOUD COMPUTING
Big data majorly associated with the high volume and velocity , it is an effective option to store big data in the cloud, as the cloud has capabilities of storing big data and processing high volume of user access requests. Attribute-Based Encryption (ABE) is a promising technique to ensure the end-to-end security of big data in the cloud. However, the policy updating has always been a challenging issue when ABE is used to construct access control schemes. A trivial implementation is to let data owners retrieve the data and re-encrypt it under the new access policy, and then send it back to the cloud. This method, however, incurs a high communication overhead and heavy computation burden on data owners. A novel scheme is proposed that enable efficient access control with dynamic policy updating for big data in the cloud. Developing an outsourced policy updating method for ABE systems is focused. This method can avoid the transmission of encrypted data and minimize the computation work of data owners, by making use of the previously encrypted data with old access policies. Policy updating algorithms is proposed for different types of access policies. An efficient and secure method is proposed that allows data owner to check whether the cloud server has updated the ciphertexts correctly. The analysis shows that this policy updating outsourcing scheme is correct, complete, secure and efficient
- …