24,558 research outputs found
Scalable secure multi-party network vulnerability analysis via symbolic optimization
Threat propagation analysis is a valuable tool in improving the cyber resilience of enterprise networks. As
these networks are interconnected and threats can propagate not only within but also across networks, a holistic view of the entire network can reveal threat propagation trajectories unobservable from within a single enterprise. However, companies are reluctant to share internal vulnerability measurement data as it is highly sensitive and (if leaked) possibly damaging. Secure Multi-Party Computation (MPC) addresses this concern. MPC is a cryptographic technique that allows distrusting parties to compute analytics over their joint data while protecting its confidentiality. In this work we apply MPC to threat propagation analysis on large, federated networks. To address the prohibitively high performance cost of general-purpose MPC we develop two novel applications of optimizations that can be leveraged to execute many relevant graph algorithms under MPC more efficiently: (1) dividing the computation into separate stages such that the first stage is executed privately by each party without MPC and the second stage is an MPC computation dealing with a much smaller shared network, and (2) optimizing the second stage by
treating the execution of the analysis algorithm as a symbolic expression that can be optimized to reduce the number of costly operations and subsequently executed under MPC.We evaluate the scalability of this technique by analyzing the potential for threat propagation on examples of network graphs and propose several directions along which this work can be expanded
Secure Graph Database Search with Oblivious Filter
With the emerging popularity of cloud computing, the problem of how to query over cryptographically-protected data has been widely studied. However, most existing works focus on querying protected relational databases, few work has shown interests in graph databases. In this paper, we first investigate and summarize two single-instruction queries, namely Graph Pattern Matching (GPM) and Graph Navigation (GN). Then we follow their design intuitions and leverage secure Multi-Party Computation (MPC) to implement their functionalities in a privacy-preserving manner. Moreover, we propose a general framework for processing multi-instruction query on secret-shared graph databases and present a novel cryptographic primitive Oblivious Filter (OF) as a core building block. Nevertheless, we formalize the problem of OF and present its constructions using homomorphic encryption. Finally, we conduct an empirical study to evaluate the efficiency of our proposed OF protocol
Privacy-preserving Cross-domain Routing Optimization -- A Cryptographic Approach
Today's large-scale enterprise networks, data center networks, and wide area
networks can be decomposed into multiple administrative or geographical
domains. Domains may be owned by different administrative units or
organizations. Hence protecting domain information is an important concern.
Existing general-purpose Secure Multi-Party Computation (SMPC) methods that
preserves privacy for domains are extremely slow for cross-domain routing
problems. In this paper we present PYCRO, a cryptographic protocol specifically
designed for privacy-preserving cross-domain routing optimization in Software
Defined Networking (SDN) environments. PYCRO provides two fundamental routing
functions, policy-compliant shortest path computing and bandwidth allocation,
while ensuring strong protection for the private information of domains. We
rigorously prove the privacy guarantee of our protocol. We have implemented a
prototype system that runs PYCRO on servers in a campus network. Experimental
results using real ISP network topologies show that PYCRO is very efficient in
computation and communication costs
On the Communication Complexity of Secure Computation
Information theoretically secure multi-party computation (MPC) is a central
primitive of modern cryptography. However, relatively little is known about the
communication complexity of this primitive.
In this work, we develop powerful information theoretic tools to prove lower
bounds on the communication complexity of MPC. We restrict ourselves to a
3-party setting in order to bring out the power of these tools without
introducing too many complications. Our techniques include the use of a data
processing inequality for residual information - i.e., the gap between mutual
information and G\'acs-K\"orner common information, a new information
inequality for 3-party protocols, and the idea of distribution switching by
which lower bounds computed under certain worst-case scenarios can be shown to
apply for the general case.
Using these techniques we obtain tight bounds on communication complexity by
MPC protocols for various interesting functions. In particular, we show
concrete functions that have "communication-ideal" protocols, which achieve the
minimum communication simultaneously on all links in the network. Also, we
obtain the first explicit example of a function that incurs a higher
communication cost than the input length in the secure computation model of
Feige, Kilian and Naor (1994), who had shown that such functions exist. We also
show that our communication bounds imply tight lower bounds on the amount of
randomness required by MPC protocols for many interesting functions.Comment: 37 page
Privacy-Preserving Quantum Two-Party Geometric Intersection
Privacy-preserving computational geometry is the research area on the
intersection of the domains of secure multi-party computation (SMC) and
computational geometry. As an important field, the privacy-preserving geometric
intersection (PGI) problem is when each of the multiple parties has a private
geometric graph and seeks to determine whether their graphs intersect or not
without revealing their private information. In this study, through
representing Alice's (Bob's) private geometric graph G_A (G_B) as the set of
numbered grids S_A (S_B), an efficient privacy-preserving quantum two-party
geometric intersection (PQGI) protocol is proposed. In the protocol, the oracle
operation O_A (O_B) is firstly utilized to encode the private elements of
S_A=(a_0, a_1, ..., a_(M-1)) (S_B=(b_0, b_1, ..., b_(N-1))) into the quantum
states, and then the oracle operation O_f is applied to obtain a new quantum
state which includes the XOR results between each element of S_A and S_B.
Finally, the quantum counting is introduced to get the amount (t) of the states
|a_i+b_j> equaling to |0>, and the intersection result can be obtained by
judging t>0 or not. Compared with classical PGI protocols, our proposed
protocol not only has higher security, but also holds lower communication
complexity
Programming support for an integrated multi-party computation and MapReduce infrastructure
We describe and present a prototype of a distributed computational infrastructure and associated high-level programming language that allow multiple parties to leverage their own computational resources capable of supporting MapReduce [1] operations in combination with multi-party computation (MPC). Our architecture allows a programmer to author and compile a protocol using a uniform collection of standard constructs, even when that protocol involves computations that take place locally within each participant’s MapReduce cluster as well as across all the participants using an MPC protocol. The highlevel programming language provided to the user is accompanied by static analysis algorithms that allow the programmer to reason about the efficiency of the protocol before compiling and running it. We present two example applications demonstrating how such an infrastructure can be employed.This work was supported in part
by NSF Grants: #1430145, #1414119, #1347522, and #1012798
- …