Approximate Two-Party Privacy-Preserving String Matching with Linear Complexity

Consider two parties who want to compare their strings, e.g., genomes, but do not want to reveal them to each other. We present a system for privacy-preserving matching of strings, which differs from existing systems by providing a deterministic approximation instead of an exact distance. It is efficient (linear complexity), non-interactive and does not involve a third party which makes it particularly suitable for cloud computing. We extend our protocol, such that it mitigates iterated differential attacks proposed by Goodrich. Further an implementation of the system is evaluated and compared against current privacy-preserving string matching algorithms.Comment: 6 pages, 4 figure

Secure and Sustainable Benchmarking in Clouds A Multi-Party Cloud Application with an Untrusted Service Provider

Cloud computing entails a novel securitythreat: The cloud service provideris entrusted with the data of all its customers.Thismay not be sustainable forhighly confidential data. Encryption, ormore generally cryptography,may providea solution by computing on dataencrypted by the customers. While thissolution is theoretically appealing, itraises a number of research questionsin information system design.Using the example of collaborativebenchmarking the author presents andevaluates an exemplary design and implementationof a cloud applicationthat operates only on encrypted data,thus protecting the confidentiality ofthe customer’s data against the cloudservice provider. The cloud applicationcomputes common statistics forbenchmarking without disclosing theindividual key performance indicators.Benchmarking is an important processfor companies to stay competitivein today’s markets. It allows them toevaluate their performance against thestatistics of their peers and implementtargeted improvement measures

Practical Privacy-Preserving Multiparty Linear Programming Based on Problem Transformation

International audienceCryptographic solutions to privacy-preserving multi-party linear programming are slow. This makes them unsuitable for many economically important applications, such as supply chain optimization, whose size exceeds their practically feasible input range. In this paper we present a privacy-preserving transformation that allows secure outsourcing of the linear program computation in an efficient manner. We evaluate security by quantifying the leakage about the input after the transformation and present implementation results. Using this transformation, we can mostly replace the costly cryptographic operations and securely solve problems several orders of magnitude larger

From a Barrier to a Bridge: Data-Privacy in Deregulated Smart Grids

The introduction of so-called smart meters involves detailed consumption data. While this data plays a key role in integrating volatile renewable energy sources, a side effect is that it can reveal sensitive personal information. Concerns and protests led to a stopped smart meter rollout yet. In deregulated electricity markets, data-privacy is even more at risk: The UK, Texas and Ontario decided for a nation-wide communication intermediary in order to facilitate the exchange of the vast amount of smart meter data. However, this operational efficiency is achieved by the fact that an intermediary is a single point of failure. We present an approach based on encryption to secure the intermediary against privacy invasions and we can show that our prototypical implementation meets even restrictive requirements for large-scale data handling and processing. By aiming at customers’ confidence in smart metering, our solution might lay the ground for an ecosystem of energy services

IHOP: Improved Statistical Query Recovery against Searchable Symmetric Encryption through Quadratic Optimization

Effective query recovery attacks against Searchable Symmetric Encryption (SSE) schemes typically rely on auxiliary ground-truth information about the queries or dataset. Query recovery is also possible under the weaker statistical auxiliary information assumption, although statistical-based attacks achieve lower accuracy and are not considered a serious threat. In this work we present IHOP, a statistical-based query recovery attack that formulates query recovery as a quadratic optimization problem and reaches a solution by iterating over linear assignment problems. We perform an extensive evaluation with five real datasets, and show that IHOP outperforms all other statistical-based query recovery attacks under different parameter and leakage configurations, including the case where the client uses some access-pattern obfuscation defenses. In some cases, our attack achieves almost perfect query recovery accuracy. Finally, we use IHOP in a frequency-only leakage setting where the client's queries are correlated, and show that our attack can exploit query dependencies even when PANCAKE, a recent frequency-hiding defense by Grubbs et al., is applied. Our findings indicate that statistical query recovery attacks pose a severe threat to privacy-preserving SSE schemes.Comment: 18 page