Droplet: Decentralized Authorization for IoT Data Streams

This paper presents Droplet, a decentralized data access control service, which operates without intermediate trust entities. Droplet enables data owners to securely and selectively share their encrypted data while guaranteeing data confidentiality against unauthorized parties. Droplet's contribution lies in coupling two key ideas: (i) a new cryptographically-enforced access control scheme for encrypted data streams that enables users to define fine-grained stream-specific access policies, and (ii) a decentralized authorization service that handles user-defined access policies. In this paper, we present Droplet's design, the reference implementation of Droplet, and experimental results of three case-study apps atop of Droplet: Fitbit activity tracker, Ava health tracker, and ECOviz smart meter dashboard

Privacy-Centric Systems for Stream Data Processing

In recent years we have seen unprecedented growth in networked devices and services that collect increasingly detailed information about individuals. This trend of large-scale data collection prompts various important challenges, including ensuring that the collected data is protected from data breaches and misuse. Although increasing public perception and expectations toward data privacy have led to new data privacy regulations, modern data processing systems offer little to no privacy protection mechanisms, and users must fully entrust third parties with their data. To resolve this issue, many recent research efforts are exploring how to build data processing systems that follow the end-to-end encryption paradigm where data is encrypted at the source such that services never see data in the clear. Existing encrypted data processing systems show great promise by allowing for confidential computation, but they are often limited to a few aspects of the system design. Important functionalities such as notions of data ownership, selective release of information, or even guarantees about the robustness of the computations are missing. In this dissertation, we propose a new class of encrypted data processing tools and systems that expand to the requirements of streaming data applications. We present three privacy-centric systems designs, each addressing issues in employing encrypted data processing in data streaming pipelines and introducing new tools to support extended functionality. TimeCrypt presents techniques for time series databases to offer efficient queries on encrypted streaming data while supporting fine-grained access control. Zeph introduces the concept of providing a service with the means to extract value from encrypted streaming data safely while ensuring data confidentiality and privacy by serving only privacy-compliant views of the data. Zeph cryptographically enforces that privacy transformations are executed before releasing data. Lastly, RoFL extends collaborative analytics systems that stream ephemeral encrypted updates to a service with techniques that provide robustness guarantees. We present the design, implementation, and detailed evaluation for each of the three systems, demonstrating their feasibility

Secure Sharing of Partially Homomorphic Encrypted IoT Data

IoT applications often utilize the cloud to store and provide ubiquitousaccess to collected data. This naturally facilitates data sharingwith third-party services and other users, but bears privacy risks,due to data breaches or unauthorized trades with user data. Toaddress these concerns, we present Pilatus, a data protection platformwhere the cloud stores only encrypted data, yet is still ableto process certain queries (e.g., range, sum). More importantly,Pilatus features a novel encrypted data sharing scheme based on reencryption,with revocation capabilities and in situ key-update. Oursolution includes a suite of novel techniques that enable efficientpartially homomorphic encryption, decryption, and sharing. Wepresent performance optimizations that render these cryptographictools practical for mobile platforms. We implement a prototypeof Pilatus and evaluate it thoroughly. Our optimizations achieve aperformance gain within one order of magnitude compared to stateof-the-art realizations; mobile devices can decrypt hundreds of datapoints in a few hundred milliseconds. Moreover, we discuss practicalconsiderations through two example mobile applications (Fitbitand Ava) that run Pilatus on real-world data

TimeCrypt: Encrypted Data Stream Processing at Scale with Cryptographic Access Control

A growing number of devices and services collect detailed time series data that is stored in the cloud. Protecting the confidentiality of this vast and continuously generated data is an acute need for many applications in this space. At the same time, we must preserve the utility of this data by enabling authorized services to securely and selectively access and run analytics. This paper presents TimeCrypt, a system that provides scalable and real-time analytics over large volumes of encrypted time series data. TimeCrypt allows users to define expressive data access and privacy policies and enforces it cryptographically via encryption. In TimeCrypt, data is encrypted end-to-end, and authorized parties can only decrypt and verify queries within their authorized access scope. Our evaluation of TimeCrypt shows that its memory overhead and performance are competitive and close to operating on data in the clear

RoFL: Robustness of Secure Federated Learning

Even though recent years have seen many attacks exposing severe vulnerabilities in Federated Learning (FL), a holistic understanding of what enables these attacks and how they can be mitigated effectively is still lacking. In this work, we demystify the inner workings of existing (targeted) attacks. We provide new insights into why these attacks are possible and why a definitive solution to FL robustness is challenging. We show that the need for ML algorithms to memorize tail data has significant implications for FL integrity. This phenomenon has largely been studied in the context of privacy; our analysis sheds light on its implications for ML integrity. We show that certain classes of severe attacks can be mitigated effectively by enforcing constraints such as norm bounds on clients' updates. We investigate how to efficiently incorporate these constraints into secure FL protocols in the single-server setting. Based on this, we propose RoFL, a new secure FL system that extends secure aggregation with privacy-preserving input validation. Specifically, RoFL can enforce constraints such as L-2 and L-infinity bounds on high-dimensional encrypted model updates

Zeph: Cryptographic Enforcement of End-to-End Data Privacy

As increasingly more sensitive data is being collected to gain valuable insights, the need to natively integrate privacy controls in data analytics frameworks is growing in importance. Today, privacy controls are enforced by data curators with full access to data in the clear. However, a plethora of recent data breaches show that even widely trusted service providers can be compromised. Additionally, there is no assurance that data processing and handling comply with the claimed privacy policies. This motivates the need for a new approach to data privacy that can provide strong assurance and control to users. This paper presents Zeph, a system that enables users to set privacy preferences on how their data can be shared and processed. Zeph enforces privacy policies cryptographically and ensures that data available to third-party applications complies with users' privacy policies. Zeph executes privacy-adhering data transformations in real-time and scales to thousands of data sources, allowing it to support large-scale low-latency data stream analytics. We introduce a hybrid cryptographic protocol for privacy-adhering trans-formations of encrypted data. We develop a prototype of Zeph on Apache Kafka to demonstrate that Zeph can perform large-scale privacy transformations with low overhead