Abstract

Current solutions for privacy-preserving data sharing among multiple parties either depend on a centralized authority that must be trusted and provides only weakest-link security (e.g., the entity that manages private/secret cryptographic keys), or leverage on decentralized but impractical approaches (e.g., secure multi-party computation). When the data to be shared are of a sensitive nature and the number of data providers is high, these solutions are not appropriate. Therefore, we present UnLynx, a new decentralized system for efficient privacy-preserving data sharing. We consider m servers that constitute a collective authority whose goal is to verifiably compute on data sent from n data providers. UnLynx guarantees the confidentiality, unlinkability between data providers and their data, privacy of the end result and the correctness of computations by the servers. Furthermore, to support differentially private queries, UnLynx can collectively add noise under encryption. All of this is achieved through a combination of a set of new distributed and secure protocols that are based on homomorphic cryptography, verifiable shuffling and zero-knowledge proofs. UnLynx is highly parallelizable and modular by design as it enables multiple security/privacy vs. runtime tradeoffs. Our evaluation shows that UnLynx can execute a secure survey on 400,000 personal data records containing 5 encrypted attributes, distributed over 20 independent databases, for a total of 2,000,000 ciphertexts, in 24 minutes.

[1] Bluekrypt, cryptographic key length recommendation. https://www.keylength.com/fr/4/#Biblio4.

[2] DeDiS Research Lab at EPFL, advanced crypto library for the Go language. https://github.com/DeDiS/crypto.

[3] Dyadic security. https://www.dyadicsec.com/.

[5] The Go Programming Language. https://golang.org.

[6] Mininet, An Instant Virtual Network. http://mininet.org.

[7] Unlynx experimental implementation. https://github.com/lca1/unlynx.

[9] B. Anandan and C. Clifton. Laplace noise generation for two-party computational differential privacy. In 13th Annual Conference on Privacy, Security and Trust (PST), pages 54–61, 2015.

[10] Dixie B. Baker, Jane Kaye, and Sharon F. Terry. Privacy, Fairness, and Respect for Individuals. eGEMS (Generating Evidence & Methods to Improve Patient Outcomes), 4(2), 2016.

[11] M. Bellare, V. T. Hoang, S. Keelveedhi, and P. Rogaway. Efficient Garbling from a Fixed-Key Blockcipher. In 2013 IEEE Symposium on Security and Privacy (SP), pages 478–492, May 2013.

[12] D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y. Yang. High-speed high-security signatures. Journal of Cryptographic Engineering 2, pages 77–89, 2012.

[13] Dan Bogdanov, Liina Kamm, Baldur Kubo, Reimo Rebane, Ville Sokk, and Riivo Talviste. Students and taxes: a privacy-preserving study using secure computation. In Proceedings on Privacy Enhancing Technologies 2016, 2016.

[14] Dan Bogdanov, Sven Laur, and Jan Willemson. Sharemind: A framework for fast privacy-preserving computations. In European Symposium on Research in Computer Security, pages 192–206. Springer, 2008.

[15] Jan Camenisch, Rafik Chaabouni, and Abhi Shelat. Efficient protocols for set membership and range proofs. In ASIACRYPT 2008, pages 234–252, 2008.

[16] Jan Camenisch and Markus Stadler. Proof systems for general statements about discrete logarithms. Technical Report, (260), 1997.

[17] R. Chen, A. Reznichenko, P. Francis, and J. Gehrke. Statistical queries over distributed private user data. In NSDI. Vol. 12, 2012.

[18] Benny Chor, Shafi Goldwasser, Silvio Micali, and Baruch Awerbuch. Verifiable secret sharing and achieving simultaneity in the presence of faults. In 26th Annual Symposium on Foundations of Computer Science, pages 383–395. IEEE, 1985.

[19] Tulio de Souza, Joss Wright, Piers O’Hanlon, and Ian Brown. Set difference attacks in wireless sensor networks. International Conference on Security and Privacy in Communication Systems, 2012.

[20] Xin Dong, Jiadi Yu, Yuan Luo, Yingying Chen, Guangtao Xue, and Minglu Li. Achieving an effective, scalable and privacy-preserving data sharing service in cloud computing. Computers & security, 42:151–164, 2014.

[21] Yitao Duan, John Canny, and Justin Zhan. Efficient privacy-preserving association rule mining: P4P style. In Symposium on Computational Intelligence and Data Mining, pages 654–660. IEEE, 2007.

[22] C. Dwork, K. Kenthapadi, F. McSherry, I. Mironov, and M. Naor. Our data, ourselves: Privacy via distributed noise generation. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 486–503. Springer Berlin Heidelberg, 2006.

[23] Cynthia Dwork. Differential privacy. Venice, Italy, July 2006. Springer Verlag.

[24] Cynthia Dwork. A firm foundation for private data analysis. In Communications of the ACM, 54(1), pages 86–95, 2011.

[25] Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, pages 265–284. Springer, 2006.

[26] Benjamin Fabian, Tatiana Ermakova, and Philipp Junghanns. Collaborative and secure sharing of healthcare data in multi-clouds. Information Systems, 48:132–150, March 2015.

[27] Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Conference on the Theory and Application of Cryptographic Techniques, pages 186–194. Springer, 1986.

[28] Chang Liu, Xiao Shaun Wang, K. Nayak, Yan Huang, and E. Shi. ObliVM: A Programming Framework for Secure Computation. In 2015 IEEE Symposium on Security and Privacy (SP), pages 359–376, May 2015.

[29] F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-Level Cache Side-Channel Attacks are Practical. In 2015 IEEE Symposium on Security and Privacy, pages 605–622, May 2015.

[30] Xuefeng Liu, Yuqing Zhang, Boyang Wang, and Jingbo Yan. Mona: secure multi-owner data sharing for dynamic groups in the cloud. IEEE Transactions on Parallel and Distributed Systems, 24(6):1182–1191, 2013.

[31] N. Mohammed, D. Alhadidi, BCM. Fung, and M. Debbabi. Secure two-party differentially private data release for vertically partitioned data. In IEEE Trans Dependable Secur Comput 11, pages 59–71, 2014.

[32] A. Narayan and A. Haeberlen. Djoin: Differentially private join queries over distributed databases. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation, OSDI’12, pages 149–162, 2012.

[33] K. Nayak, X. S. Wang, S. Ioannidis, U. Weinsberg, N. Taft, and E. Shi. GraphSC: Parallel Secure Computation Made Easy. In 2015 IEEE Symposium on Security and Privacy (SP), pages 377–394, May 2015.

[34] C Andrew Neff. Verifiable mixing (shuffling) of ElGamal pairs (2004).

[35] C Andrew Neff. A verifiable secret shuffle and its application to e-voting. In Proceedings ACM-CCS 2001, pages 116–125, 2001.

[36] Wee Siong Ng, Beng Chin Ooi, Kian-Lee Tan, and Aoying Zhou. PeerDB: A P2P-based system for distributed data sharing. In Data Engineering, 2003. Proceedings. 19th International Conference on, pages 633–644. IEEE, 2003.

[37] Olga Ohrimenko, Manuel Costa, Cédric Fournet, Christos Gkantsidis, Markulf Kohlweiss, and Divya Sharma. Observing and Preventing Leakage in MapReduce. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pages 1570–1581, 2015.

[38] Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi-party machine learning on trusted processors. In 25th USENIX Security Symposium (USENIX Security 16), 2016.

[39] Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan. CryptDB: protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, pages 85–100. ACM, 2011.

[40] A. Rastogi, M. A. Hammer, and M. Hicks. Wysteria: A Programming Language for Generic, Mixed-Mode Multiparty Computations. In 2014 IEEE Symposium on Security and Privacy, pages 655–670, May 2014.

[41] F. Schuster, M. Costa, C. Fournet, C. Gkantsidis, M. Peinado, G. Mainar-Ruiz, and M. Russinovich. VC3: Trustworthy Data Analytics in the Cloud Using SGX. In 2015 IEEE Symposium on Security and Privacy, pages 38–54, May 2015.

[42] E. M. Songhori, S. U. Hussain, A. R. Sadeghi, T. Schneider, and F. Koushanfar. TinyGarble: Highly Compressed and Scalable Sequential Garbled Circuits. In 2015 IEEE Symposium on Security and Privacy, pages 411–428, May 2015.

[43] L Sweeney. k-anonymity: A Model for Protecting Privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10(5):557–570, 2002.

[44] Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, and Bryan Ford. Keeping Authorities” Honest or Bust” with Decentralized Witness Cosigning. arXiv preprint arXiv:1503.08768, 2015.

[45] U.S. Department of Health and Human Services. Breach portal: Notice to the secretary of hhs breach of unsecured protected health information. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. Last Accessed: September 27, 2017.

[46] David I Wolinsky, Henry Corrigan-Gibbs, Bryan Ford, and Aaron Johnson. Scalable anonymous group communication in the anytrust model. In 5th European Workshop on System Security, 2012.

[47] Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In Proceedings of the 2015 IEEE Symposium on Security and Privacy, pages 640–656, 2015.

[48] Min Yang and Yuanyuan Yang. An efficient hybrid peer-to-peer system for distributed data sharing. IEEE Transactions on computers, 59(9):1158–1171, 2010.

[49] Mahdi Zamani, Mahnush Movahedi, and Jared Saia. Millions of millionaires: Multiparty computation in large networks. IACR Cryptology ePrint Archive, 2014:149, 2014.

[50] Ning Zhang, Ming Li, and Wenjing Lou. Distributed data mining with differential privacy. In 2011 IEEE International Conference on Communications (ICC), pages 1–5. IEEE, 2011.

Journal Information

Cited By

Metrics

All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 281 281 47
PDF Downloads 187 187 43