Deploying secure multiparty computation for joint data analysis - a case study

Vaatleme olukorda, kus grupp samal alal tegutsevaid ettevõtteid soovib analüüsida oma tegevusvaldkonda. Kogu valdkonna analüüsiks tuleks vastavatelt ettevõtetelt nende tegevusnäitajad ühte kohta kokku koguda, et neid saaks korralikult analüüsida. Samas ei ole ettevõtted aga oma info jagamisest huvitatud, kuna see on üks osa nende ärisaladusest. Veelgi enam - kui see info peaks sisaldama ka näiteks ettevõtte klientide isiklikke andmeid, siis on sellise info jagamine teistele osapooltele seadusandlusega keelatud. Käesolev töö keskendub kirjeldatud probleemi ühele konkreetsele näitele. Infotehnoloogia ja Telekommunikatsiooni Liit (ITL) on mittetulundusühing, mis ühendab enam kui 60 info- ja kommunikatsioonitehnoloogia (IKT) alal tegutsevat ettevõtet Eestis. Kuna IKT on kiiresti arenev majandussektor, on need ettevõtted huvitatud ajakohaste majandusnäitajate võrdlemisest, et langetada paremaid strateegilisi otsuseid. Et ITL saaks neid andmeid turvaliselt koguda ja analüüsida, pakkusime välja lahenduse, kus kasutame Sharemindi raamistikku. Sharemind on hajus andmebaasi- ja rakendusserver, mis hoiab andmeid ühissalastatud kujul ning kasutab turvalise ühisarvutuse protokolle tagamaks, et üksikud algväärtused andmeanalüüsi käigus ei lekiks. Ühissalastatud andmete hoidmiseks kasutab Sharemind kolme sõltumatut osapoolt ehk andmekaevurit. Antud töö käigus arendsime välja ka JavaScripti teegi, mis võimaldab kasutajal andmeid oma veebilehitsejast sisestada. Sel juhul hoolitseb see teek andmete ühissalastuse eest ning jagab tekkinud osakud turvaliselt andmekaevurite vahel. Kirjeldatud lahendust kasutas ITL selle aasta alguses, et koguda oma liikmete majandusnäitajaid 2010. aasta kohta. Käesolevas töös on kirjeldatud nii kasutatud lahenduse tehnilised aspektid ja andmeanalüüs kui ka projekti ajaline käik. ITL-i juhatus on esimese andmekogumisperioodi tulemustega rahul ning soovib antud rakenduse kasutamist kindlasti jätkata.In this thesis we describe a situation where a consortium of companies working in the same field would like to jointly analyse the market in general. However, they cannot share their data with each other either because they are reluctant or prohibited to do so. We propose a solution where the consortium members could analyse the whole data set without breaching the privacy requirements. This is accomplished by using the Sharemind secure multiparty computation framework. As part of this thesis we have developed a JavaScript library that allows users to securely submit their data to the joint database using an online data entry application. Our work relies on a case-study of developing a prototype application for one of such consortiums, namely the Association of Information Technology and Telecommunications (ITL)

Applying Secure Multi-party Computation in Practice

In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them. The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency

Turvalise ühisarvutuse rakendamine

Andmetest on kasu vaid siis kui neid saab kasutada. Eriti suur lisandväärtus tekib siis, kui ühendada andmed erinevatest allikatest. Näiteks, liites kokku maksu- ja haridusandmed, saab riik läbi viia kõrghariduse erialade tasuvusanalüüse. Sama kehtib ka erasektoris - ühendades pankade maksekohustuste andmebaasid, saab efektiivsemalt tuvastada kõrge krediidiriskiga kliente. Selline andmekogude ühendamine on aga tihti konfidentsiaalsus- või privaatsusnõuete tõttu keelatud. Õigustatult, sest suuremahulised ühendatud andmekogud on atraktiivsed sihtmärgid nii häkkeritele kui ka ametnikele ja andmebaaside administraatoritele, kes oma õigusi kuritarvitada võivad. Seda sorti rünnete vastus aitab turvalise ühisarvutuse tehnoloogia kasutamine, mis võimaldab mitmed osapoolel andmeid ühiselt analüüsida, ilma et keegi neist pääseks ligi üksikutele kirjetele. Oma esimesest rakendamisest praktikas 2008. aastal on turvalise ühisarvutuse tehnoloogia praeguseks jõudnud seisu, kus seda juurutatakse hajusates rakendustes üle interneti ning seda pakutakse ka osana teistest teenustest. Käesolevas töös keskendume turvalise ühisarvutuse praktikas rakendamise tehnilistele küsimustele. Alustuseks tutvustame esimesi selle tehnoloogia rakendusi, tuvastame veel lahendamata probleeme ning pakume töö käigus välja lahendusi. Töö põhitulemus on samm-sammuline ülevaade sellise juurutuse elutsüklist, kasutades näitena esimest turvalise ühisarvutuse abil läbi viidud suuremahulisi registriandmeid hõlmavat uuringut. Sealhulgas anname ülevaate ka mittetehnilistest toimingutest nagu lepingute sõlmimine ja Andmekaitse Inspektsiooniga suhtlemine, mis tulenevad suurte organisatsioonide kaasamisest nagu seda on riigiasutused. Tulevikku vaadates pakume välja lahenduse, mis ühendab endas födereeritud andmevahetusplatvormi ja turvalise ühisarvutuse tehnoloogiat. Konkreetse lahendusena pakume Eesti riigi andmevahetuskihi X-tee täiustamist turvalise ühisarvutuse teenusega Sharemind. Selline arhitektuur võimaldaks mitmeid olemasolevaid andmekogusid uuringuteks liita efektiivselt ja turvaliselt, ilma üksikisikute privaatsust rikkumata.Data is useful only when used. This is especially true if one is able to combine several data sets. For example, combining income and educational data, it is possible for a government to get a return of investment overview of educational investments. The same is true in private sector. Combining data sets of financial obligations of their customers, banks could issue loans with lower credit risks. However, this kind of data sharing is often forbidden as citizens and customers have their privacy expectations. Moreover, such a combined database becomes an interesting target for both hackers as well as nosy officials and administrators taking advantage of their position. Secure multi-party computation is a technology that allows several parties to collaboratively analyse data without seeing any individual values. This technology is suitable for the above mentioned scenarios protecting user privacy from both insider and outsider attacks. With first practical applications using secure multi-party computation developed in 2000s, the technology is now mature enough to be used in distributed deployments and even offered as part of a service. In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them. The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency. Looking into the future, we propose to deploy secure multi-party computation technology as a service on a federated data exchange infrastructure. This allows privacy-preserving analysis to be carried out faster and more conveniently, thus promoting a more informed government

Deploying secure multi-party computation for financial data analysis

In this paper we describe a secure system for jointly collecting and analyzing financial data for a consortium of ICT companies. To guarantee each participant\u27s privacy, we use secret sharing and secure multi-party computation (MPC) techniques. While MPC has been used to solve real-life problems beforehand, this is the first time where the actual MPC computation was done over the internet with computing nodes spread geographically apart. We describe the system architecture, security considerations and implementation details. We also present the user feedback analysis revealing that secure multi-party computation techniques give sufficient assurance for data donors to submit their sensitive information, and act as a critical enabling feature for privacy-preserving data mining

MCMix: Anonymous Messaging via Secure Multiparty Computation

We present ‘MCMix’, an anonymous messaging system that completely hides communication metadata and can scale in the order of hundreds of thousands of users. Our approach is to isolate two suitable functionalities, called dialing and conversation, that when used in succession realize anonymous messaging. With this as a starting point, we apply secure multiparty computation (``MC\u27\u27 or MPC) and proceed to realize them. We present an implementation using a prevalent MPC system (Sharemind) that is competitive in terms of latency with previous messaging systems that only offer much weaker privacy guarantees. Our solution can be instantiated in a variety of different ways with different MPC implementations, overall illustrating how MPC is a viable and competitive alternative to mix-nets and DC-nets for anonymous communication

Students and Taxes: a Privacy-Preserving Social Study Using Secure Computation

We describe the use of secure multi-party computation for performing a large-scale privacy-preserving statistical study on real government data. In 2015, statisticians from the Estonian Center of Applied Research (CentAR) conducted a big data study to look for correlations between working during university studies and failing to graduate in time. The study was conducted by linking the database of individual tax payments from the Estonian Tax and Customs Board and the database of higher education events from the Ministry of Education and Research. Data collection, preparation and analysis were conducted using the Sharemind secure multi-party computation system that provided end-to-end cryptographic protection to the analysis. Using ten million tax records and half a million education records in the analysis, this is the largest cryptographically private statistical study ever conducted on real data