Learning Character Strings via Mastermind Queries, with a Case Study Involving mtDNA

We study the degree to which a character string, $Q$, leaks details about itself any time it engages in comparison protocols with a strings provided by a querier, Bob, even if those protocols are cryptographically guaranteed to produce no additional information other than the scores that assess the degree to which $Q$ matches strings offered by Bob. We show that such scenarios allow Bob to play variants of the game of Mastermind with $Q$ so as to learn the complete identity of $Q$. We show that there are a number of efficient implementations for Bob to employ in these Mastermind attacks, depending on knowledge he has about the structure of $Q$, which show how quickly he can determine $Q$. Indeed, we show that Bob can discover $Q$ using a number of rounds of test comparisons that is much smaller than the length of $Q$, under reasonable assumptions regarding the types of scores that are returned by the cryptographic protocols and whether he can use knowledge about the distribution that $Q$ comes from. We also provide the results of a case study we performed on a database of mitochondrial DNA, showing the vulnerability of existing real-world DNA data to the Mastermind attack.Comment: Full version of related paper appearing in IEEE Symposium on Security and Privacy 2009, "The Mastermind Attack on Genomic Data." This version corrects the proofs of what are now Theorems 2 and 4

EsPRESSo: Efficient Privacy-Preserving Evaluation of Sample Set Similarity

Electronic information is increasingly often shared among entities without complete mutual trust. To address related security and privacy issues, a few cryptographic techniques have emerged that support privacy-preserving information sharing and retrieval. One interesting open problem in this context involves two parties that need to assess the similarity of their datasets, but are reluctant to disclose their actual content. This paper presents an efficient and provably-secure construction supporting the privacy-preserving evaluation of sample set similarity, where similarity is measured as the Jaccard index. We present two protocols: the first securely computes the (Jaccard) similarity of two sets, and the second approximates it, using MinHash techniques, with lower complexities. We show that our novel protocols are attractive in many compelling applications, including document/multimedia similarity, biometric authentication, and genetic tests. In the process, we demonstrate that our constructions are appreciably more efficient than prior work.Comment: A preliminary version of this paper was published in the Proceedings of the 7th ESORICS International Workshop on Digital Privacy Management (DPM 2012). This is the full version, appearing in the Journal of Computer Securit

Privacy-preserving power usage control in smart grids

The smart grid (SG) has been emerging as the next-generation intelligent power grid system because of its ability to efficiently monitor, predicate, and control energy generation, transmission, and consumption by analyzing users\u27 real-time electricity information. Consider a situation in which the utility company would like to smartly protect against a power outage. To do so, the company can determine a threshold for a neighborhood. Whenever the total power usage from the neighborhood exceeds the threshold, some or all of the households need to reduce their energy consumption to avoid the possibility of a power outage. This problem is referred to as threshold-based power usage control (TPUC) in the literature. In order to solve the TPUC problem, the utility company is required to periodically collect the power usage data of households. However, it has been well documented that these power usage data can reveal consumers\u27 daily activities and violate personal privacy. To avoid the privacy concerns, privacy-preserving power usage control (P-PUC) protocols are proposed under two strategies: adjustment based on maximum power usage and adjustment based on individual power usage. These protocols allow a utility company to manage power consumption effectively and at the same time, preserve the privacy of all involved parties. Furthermore, the practical value of the proposed protocols is empirically shown through various experiments --Abstract, page iii

Privacy-preserving document similarity detection

The document similarity detection is an important technique used in many applications. The existence of the tool that guarantees the privacy protection of the documents during the comparison will expand the area where this technique can be applied. The goal of this project is to develop a method for privacy-preserving document similarity detection capable to identify either semantically or syntactically similar documents. As the result two methods were designed, implemented, and evaluated. In the first method privacy-preserving data comparison protocol was applied for secure comparison. This original protocol was created as a part of this thesis. In the second method modified private-matching scheme was used. In both methods the Natural Language processing techniques were utilized to capture the semantic relations between documents. During the testing phase the first method was found to be too slow for the practical application. The second method, on the contrary, was rather fast and effective. It can be used for creation of the tool for detecting syntactical and semantic similarity in a privacy-preserving way

Privacy-Preserving Similarity-Based Text Retrieval

Article No.: 4</p

Privacy-preserving friend recommendations in online social networks

Online social networks, such as Facebook and Google+, have been emerging as a new communication service for users to stay in touch and share information with family members and friends over the Internet. Since the users are generating huge amounts of data on social network sites, an interesting question is how to mine this enormous amount of data to retrieve useful information. Along this direction, social network analysis has emerged as an important tool for many business intelligence applications such as identifying potential customers and promoting items based on their interests. In particular, since users are often interested to make new friends, a friend recommendation application provides the medium for users to expand his/her social connections and share information of interest with more friends. Besides this, it also helps to enhance the development of the entire network structure. The existing friend recommendation methods utilize social network structure and/or user profile information. However, these methods can no longer be applicable if the privacy of users is taken into consideration. This work introduces a set of privacy-preserving friend recommendation protocols based on different existing similarity metrics in the literature. Briefly, depending on the underlying similarity metric used, the proposed protocols guarantee the privacy of a user\u27s personal information such as friend lists. These protocols are the first to make the friend recommendation process possible in privacy-enhanced social networking environments. Also, this work considers the case of outsourced social networks, where users\u27 profile data are encrypted and outsourced to third-party cloud providers who provide social networking services to the users. Under such an environment, this work proposes novel protocols for the cloud to do friend recommendations in a privacy-preserving manner --Abstract, page iii