Taeho Jung,Junze Han,Xiang-Yang Li

DOI: https://doi.org/10.1109/tdsc.2016.2577034

2018-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Third-party analysis on private records is becoming increasingly important due to the widespread data collection for various analysis purposes. However, the data in its original form often contains sensitive information about individuals, and its publication will severely breach their privacy. In this paper, we present a novel Privacy-preserving Data Analytics framework PDA, which allows a third-party aggregator to obliviously conduct many different types of polynomial-based analysis on private data records provided by a dynamic sub-group of users. Notably, every user needs to keep only $O(n)$ keys to join data analysis among $O(2^n)$ different groups of users, and any data analysis that is represented by polynomials is supported by our framework. Besides, a real implementation shows the performance of our framework is comparable to the peer works who present ad-hoc solutions for specific data analysis applications. Despite such nice properties of PDA, it is provably secure against a very powerful attacker (chosen-plaintext attack) even in the Dolev-Yao network model where all communication channels are insecure.

Jianwei Chen,Huadong Ma

DOI: https://doi.org/10.1109/GLOCOM.2014.7037225

2014-01-01

Abstract:Participatory sensing applications can learn the aggregate statistics over personal data to produce useful knowledge about the world. Since personal data may be privacy-sensitive, the aggregator should only gain desired statistics without learning anything about the personal data. To guarantee differential privacy of personal data under an untrusted aggregator, existing approaches encrypt the noisy personal data, and allow the aggregator to get a noisy sum. However, these approaches suffer from either high computation overhead, or lack of efficient group management to support dynamic joins and leaves, or node failures. In this paper, we propose a novel privacy-preserving aggregation scheme to address these issues in participatory sensing applications. In our scheme, we first design an efficient group management protocol to deal with participants' dynamic joins and leaves. Specifically, when a participant joins or leaves, only three participants need to update their encryption keys. Moreover, we leverage the future ciphertext buffering mechanism to deal with node failures, which is combined with the group management protocol making low communication overhead. The analysis indicates that our scheme achieves desired properties, and the performance evaluation demonstrates the scheme's efficiency in terms of communication and computation overhead.

Yanjun Zhang,Guangdong Bai,Xue Li,Caitlin Curtis,Chen Chen,Ryan K L Ko

DOI: https://doi.org/10.48550/arXiv.2007.06953

2020-07-14

Abstract:Collaborative learning enables two or more participants, each with their own training dataset, to collaboratively learn a joint model. It is desirable that the collaboration should not cause the disclosure of either the raw datasets of each individual owner or the local model parameters trained on them. This privacy-preservation requirement has been approached through differential privacy mechanisms, homomorphic encryption (HE) and secure multiparty computation (MPC), but existing attempts may either introduce the loss of model accuracy or imply significant computational and/or communicational overhead. In this work, we address this problem with the lightweight additive secret sharing technique. We propose PrivColl, a framework for protecting local data and local models while ensuring the correctness of training processes. PrivColl employs secret sharing technique for securely evaluating addition operations in a multiparty computation environment, and achieves practicability by employing only the homomorphic addition operations. We formally prove that it guarantees privacy preservation even though the majority (n-2 out of n) of participants are corrupted. With experiments on real-world datasets, we further demonstrate that PrivColl retains high efficiency. It achieves a speedup of more than 45X over the state-of-the-art MPC/HE based schemes for training linear/logistic regression, and 216X faster for training neural network.

Cryptography and Security

Marcus Birgersson,Cyrille Artho,Musard Balliu

2024-10-14

Abstract:Many applications benefit from computations over the data of multiple users while preserving confidentiality. We present a solution where multiple mutually distrusting users' data can be aggregated with an acceptable overhead, while allowing users to be added to the system at any time without re-encrypting data. Our solution to this problem is to use a Trusted Execution Environment (Intel SGX) for the computation, while the confidential data is encrypted with the data owner's key and can be stored anywhere, without trust in the service provider. We do not require the user to be online during the computation phase and do not require a trusted party to store data in plain text. Still, the computation can only be carried out if the data owner explicitly has given permission. Experiments using common functions such as the sum, least square fit, histogram, and SVM classification, exhibit an average overhead of $1.6 \times$. In addition to these performance experiments, we present a use case for computing the distributions of taxis in a city without revealing the position of any other taxi to the other parties.

Cryptography and Security

Daniel Bachlechner,Ruben Hetfleisch,Stephan Krenn,Thomas Lorünser,Michael Rader

2024-08-28

Abstract:The federated analysis of sensitive time series has huge potential in various domains, such as healthcare or manufacturing. Yet, to fully unlock this potential, requirements imposed by various stakeholders must be fulfilled, regarding, e.g., efficiency or trust assumptions. While many of these requirements can be addressed by deploying advanced secure computation paradigms such as fully homomorphic encryption, certain aspects require an integration with additional privacy-preserving technologies. In this work, we perform a qualitative requirements elicitation based on selected real-world use cases. We match the derived requirements categories against the features and guarantees provided by available technologies. For each technology, we additionally perform a maturity assessment, including the state of standardization and availability on the market. Furthermore, we provide a decision tree supporting application developers in identifying the most promising technologies available matching their needs. Finally, existing gaps are identified, highlighting research potential to advance the field.

Cryptography and Security

Iqra Nawaz,Munam Ali Shah,Abid Khan,Seunggil Jeon

DOI: https://doi.org/10.1007/s11276-024-03651-2

IF: 2.701

2024-03-09

Wireless Networks

Abstract:In recent years, service provided based on the location has brought a tremendous change in our lives. However, one of the biggest challenges is to preserve users' privacy which upon leakage could have disastrous consequences. Privacy preservation has gained remarkable consideration as a notable number of users have started being conscious about privacy protection. Most solutions that have been developed in such a distributed scenario need a third party for data anonymization. In a system of public data sharing, one of the most popular and useful anonymization techniques is local differential privacy (LDP). Without requiring a third party to perturb the data, LDP allows users to perturb their data locally and individually, resulting in stronger privacy guarantees. Based on this principle the proposed system provides anonymity and integrity during communication and independent key generation by using secure authentication mechanism i.e., Physical Unclonable Function (PUF) with elliptical curve cryptography and remove third party dependency for data anonymization by using LDP with Hadamard count mean sketch (HCMS) protocol. For scalability, and quantum secrecy IOTA ledger is used on top of LDP anonymization technique. Our experimental results show that using PUF with ECC for authentication can reduce the computational overhead and increase the secrecy of the communication, LDP with HCMS achieves high privacy while also showing the tradeoff between utility and privacy. Furthermore, the IOTA ledger provides more scalability than the existing technique. Hence, the privacy of an individual will be preserved without compromising accuracy while sharing information to the third party for using location-based services.

computer science, information systems,telecommunications,engineering, electrical & electronic

Peeyush Gupta,Sharad Mehrotra,Shantanu Sharma,Nalini Venkatasubramanian,Guoxi Wang

DOI: https://doi.org/10.48550/arXiv.2102.05238

2021-02-10

Cryptography and Security

Abstract:This paper proposes a system, entitled Concealer that allows sharing time-varying spatial data (e.g., as produced by sensors) in encrypted form to an untrusted third-party service provider to provide location-based applications (involving aggregation queries over selected regions over time windows) to users. Concealer exploits carefully selected encryption techniques to use indexes supported by database systems and combines ways to add fake tuples in order to realize an efficient system that protects against leakage based on output-size. Thus, the design of Concealer overcomes two limitations of existing symmetric searchable encryption (SSE) techniques: (i) it avoids the need of specialized data structures that limit usability/practicality of SSE in large scale deployments, and (ii) it avoids information leakages based on the output-size, which may leak data distributions. Experimental results validate the efficiency of the proposed algorithms over a spatial time-series dataset (collected from a smart space) and TPC-H datasets, each of 136 Million rows, the size of which prior approaches have not scaled to.

Thomas Leaute,Boi Faltings

DOI: https://doi.org/10.1613/jair.3983

2014-07-13

Abstract:As large-scale theft of data from corporate servers is becoming increasingly common, it becomes interesting to examine alternatives to the paradigm of centralizing sensitive data into large databases. Instead, one could use cryptography and distributed computation so that sensitive data can be supplied and processed in encrypted form, and only the final result is made known. In this paper, we examine how such a paradigm can be used to implement constraint satisfaction, a technique that can solve a broad class of AI problems such as resource allocation, planning, scheduling, and diagnosis. Most previous work on privacy in constraint satisfaction only attempted to protect specific types of information, in particular the feasibility of particular combinations of decisions. We formalize and extend these restricted notions of privacy by introducing four types of private information, including the feasibility of decisions and the final decisions made, but also the identities of the participants and the topology of the problem. We present distributed algorithms that allow computing solutions to constraint satisfaction problems while maintaining these four types of privacy. We formally prove the privacy properties of these algorithms, and show experiments that compare their respective performance on benchmark problems.

Artificial Intelligence,Cryptography and Security,Multiagent Systems

Han Qiu,Meikang Qiu,Meiqin Liu,Gerard Memmi

DOI: https://doi.org/10.48550/arXiv.1904.08270

2019-04-17

Cryptography and Security

Abstract:The recent spades of cyber security attacks have compromised end users' data safety and privacy in Medical Cyber-Physical Systems (MCPS). Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted by a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as end user's smartphone and lets the end user to control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove the efficiency.

Fabio Ricciato,Martin Burkhart

DOI: https://doi.org/10.48550/arXiv.1101.5509

2011-01-28

Abstract:Privacy-preserving techniques for distributed computation have been proposed recently as a promising framework in collaborative inter-domain network monitoring. Several different approaches exist to solve such class of problems, e.g., Homomorphic Encryption (HE) and Secure Multiparty Computation (SMC) based on Shamir's Secret Sharing algorithm (SSS). Such techniques are complete from a computation-theoretic perspective: given a set of private inputs, it is possible to perform arbitrary computation tasks without revealing any of the intermediate results. In fact, HE and SSS can operate also on secret inputs and/or provide secret outputs. However, they are computationally expensive and do not scale well in the number of players and/or in the rate of computation tasks. In this paper we advocate the use of "elementary" (as opposite to "complete") Secure Multiparty Computation (E-SMC) procedures for traffic monitoring. E-SMC supports only simple computations with private input and public output, i.e., it can not handle secret input nor secret (intermediate) output. Such a simplification brings a dramatic reduction in complexity and enables massive-scale implementation with acceptable delay and overhead. Notwithstanding its simplicity, we claim that an E-SMC scheme is sufficient to perform a great variety of computation tasks of practical relevance to collaborative network monitoring, including, e.g., anonymous publishing and set operations. This is achieved by combining a E-SMC scheme with data structures like Bloom Filters and bitmap strings.

Networking and Internet Architecture

Taeho Jung,Xiang-Yang Li,Meng Wan

DOI: https://doi.org/10.1109/TDSC.2014.2309134

2015-01-01

Abstract:Much research has been conducted to securely outsource multiple parties' data aggregation to an untrusted aggregator without disclosing each individual's privately owned data, or to enable multiple parties to jointly aggregate their data while preserving privacy. However, those works either require secure pair-wise communication channels or suffer from high complexity. In this paper, we consider how an external aggregator or multiple parties can learn some algebraic statistics (e.g., sum, product) over participants' privately owned data while preserving the data privacy. We assume all channels are subject to eavesdropping attacks, and all the communications throughout the aggregation are open to others. We first propose several protocols that successfully guarantee data privacy under semi-honest model, and then present advanced protocols which tolerate up to k passive adversaries who do not try to tamper the computation. Under this weak assumption, we limit both the communication and computation complexity of each participant to a small constant. At the end, we present applications which solve several interesting problems via our protocols.

Liehuang Zhu,Meng Li,Zijian Zhang

DOI: https://doi.org/10.1109/jiot.2019.2902459

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:The development and ubiquity of smart mobile devices have produced the idea of crowdsensing, where people report and request data in a community via a cloud server. Recently, fog is introduced to assist the cloud server by providing location-sensitive and latency-aware local data management. However, interaction between users and server without appropriate sanitation puts serious security threats to user' privacy (e.g., data content and preference). While existing work already has a wide range of privacy-preserving schemes, they hardly consider collusion attacks (CAs) between the server and users, let alone CAs between fog nodes and users. To solve this problem, we first define four specific CAs in fog-assisted crowdsensing and propose a novel privacy-preserving data reporting and requesting (PARE) scheme with collusion resistance. PARE is constructed by leveraging one-way hash chains, marked mix-nets, and grouping-based secure searchable encryption to securely collect users' reports and respond to users' requests under CAs. Then, we consider one extreme scenario and provide a solution by introducing a role of sentry reporter while reducing computational costs and communication overhead. Thorough security and privacy analysis shows that PARE is secure and collusion resistant and we also quantitatively measure privacy with mutual information. Extensive performance evaluation results indicate that PARE is lightweight with respect to computational cost and communication overhead. To the best of our knowledge, this paper is the first one that gives four formal definitions of CAs in fog-assisted crowdsensing and aim to defend them at the same time.

Emiliano De Cristofaro,Claudio Soriente

DOI: https://doi.org/10.48550/arXiv.1201.4376

2013-02-08

Abstract:Participatory Sensing is an emerging computing paradigm that enables the distributed collection of data by self-selected participants. It allows the increasing number of mobile phone users to share local knowledge acquired by their sensor-equipped devices, e.g., to monitor temperature, pollution level or consumer pricing information. While research initiatives and prototypes proliferate, their real-world impact is often bounded to comprehensive user participation. If users have no incentive, or feel that their privacy might be endangered, it is likely that they will not participate. In this article, we focus on privacy protection in Participatory Sensing and introduce a suitable privacy-enhanced infrastructure. First, we provide a set of definitions of privacy requirements for both data producers (i.e., users providing sensed information) and consumers (i.e., applications accessing the data). Then, we propose an efficient solution designed for mobile phone users, which incurs very low overhead. Finally, we discuss a number of open problems and possible research directions.

Cryptography and Security,Networking and Internet Architecture

Ayshika Kapoor,Dheeraj Kumar

DOI: https://doi.org/10.1016/j.pmcj.2024.101875

IF: 3.848

2024-01-11

Pervasive and Mobile Computing

Abstract:Federated learning based participatory sensing has gained much attention lately for the vital task of urban sensing due to privacy and security issues in conventional machine learning. However, inference attacks by the honest-but-curious application server or a malicious adversary can leak the personal attributes of the participants, such as their home and workplace locations, routines, and habits. Approaches proposed in the literature to prevent such information leakage, such as secure multi-party computation and homomorphic encryption, are infeasible for urban sensing applications owing to high communication and computation costs due to multiple rounds of communication between the user and the server. Moreover, for effective modeling of urban sensing phenomenon, the application model needs to be updated frequently - every few minutes or hours, resulting in periodic data-intensive updates by the participants, which severely strains the already limited resources of their mobile devices. This paper proposes a novel low-cost privacy-preserving framework for enhanced protection against the inference of participants' personal and private attributes from the data leaked through inference attacks. We propose a novel approach of strategically leaking selected location traces by providing computation and communication-light direct (local) model updates, whereas the rest of the model updates (when the user is at sensitive locations) are provided using secure multi-party computation. We propose two new methods based on spatiotemporal entropy and Kullback–Leibler divergence for automatically deciding which model updates need to be sent through secure multi-party computation and which can be sent directly. The proposed approach significantly reduces the computation and communication overhead for participants compared to the fully secure multi-party computation protocols. It provides enhanced protection against the deduction of personal attributes from inferred location traces compared to the direct model updates by confusing the application server or malicious adversary while inferring personal attributes from location traces. Numerical experiments on the popular Geolife GPS trajectories dataset validate our proposed approach by reducing the computation and communication requirements by the participants significantly and, at the same time, enhancing privacy by decreasing the number of inferred sensitive and private locations of participants.

computer science, information systems,telecommunications

Beibei Li,Ziqing Zhu,Linghao Zhang,Zhengwei Chang,Liang Zhao,Arun Kumar

DOI: https://doi.org/10.1016/j.future.2023.07.026

IF: 7.307

2023-07-27

Future Generation Computer Systems

Abstract:Outsourcing encrypted data and query services to clouds have been widely adopted by data owners, such as in the energy, healthcare, and transportation sectors, usually for economic considerations. However, this is usually prone to data privacy breaches. In smart grids, although many privacy-preserving data query solutions have been presented in the literature, they either suffer from low query efficiencies or limited capabilities of statistics queries (say the aggregation, variance, or extrema only). To mitigate this gap, in this paper we propose an e fficient and p rivacy- p reserving s tatistics q uery scheme over encrypted data in smart grids, coined EPPSQ, which can achieve diverse statistics queries in an efficient and privacy-preserving way. Specifically, we first develop a symmetric homomorphic encryption based secure data collection protocol for data owners. Then, we design a two-server model based privacy-preserving statistics query protocol for data requesters. In addition, four algorithms respectively for securely computing the statistics (i.e., max/min , variance , mean , and count ) over the encrypted data in smart grids are crafted. Security analysis shows that the proposed EPPSQ scheme can effectively guarantee data privacy while outsourcing the encrypted data and query services in smart grids. Further, extensive experiments demonstrate that the proposed EPPSQ scheme outperforms existing CKKS-based or BFV-based studies in terms of computational efficiency.

computer science, theory & methods

Emiliano De Cristofaro,Claudio Soriente

DOI: https://doi.org/10.1109/tifs.2013.2287092

IF: 7.231

2013-12-01

IEEE Transactions on Information Forensics and Security

Abstract:Participatory sensing is emerging as an innovative computing paradigm that targets the ubiquity of always-connected mobile phones and their sensing capabilities. In this paper, a multitude of pioneering applications increasingly carry out pervasive collection and dissemination of information and environmental data, such as traffic conditions, pollution, temperature, and so on. Participants collect and report measurements from their mobile devices and entrust them to the cloud to be made available to applications and users. Naturally, due to the personal information associated to the reports (e.g., location, movements, etc.), a number of privacy concerns need to be considered prior to a large-scale deployment of these applications. Motivated by the need for privacy protection in participatory sensing, this paper presents a privacy-enhanced participatory sensing infrastructure. We explore realistic architectural assumptions and a minimal set of formal requirements aiming at protecting privacy of both data producers and consumers. We propose two instantiations that attain privacy guarantees with provable security at very low additional computational cost and almost no extra communication overhead.

computer science, theory & methods,engineering, electrical & electronic

Marcella Hastings,Brett Hemenway Falk,Gerry Tsoukalas

DOI: https://doi.org/10.2139/ssrn.3680000

2020-01-01

SSRN Electronic Journal

Abstract:We develop a new privacy-preserving framework for a general class of financial network models, leveraging cryptographic principles from secure multi-party computation and decentralized systems. We show how aggregate-level network statistics required for stability assessment and stress testing, can be derived from real data, without any individual node revealing its private information to any outside party, be it other nodes in the network, or even a central agent. Our work bridges the gap between established theories of financial network contagion and systemic risk, that assume agents have full network information, and the real world, where information sharing is hindered by privacy and security concerns.

Riad Ladjel,Nicolas Anciaux,Aurélien Bellet,Guillaume Scerri

DOI: https://doi.org/10.48550/arXiv.2112.12411

2021-12-23

Abstract:Imagine a group of citizens willing to collectively contribute their personal data for the common good to produce socially useful information, resulting from data analytics or machine learning computations. Sharing raw personal data with a centralized server performing the computation could raise concerns about privacy and a perceived risk of mass surveillance. Instead, citizens may trust each other and their own devices to engage into a decentralized computation to collaboratively produce an aggregate data release to be shared. In the context of secure computing nodes exchanging messages over secure channels at runtime, a key security issue is to protect against external attackers observing the traffic, whose dependence on data may reveal personal information. Existing solutions are designed for the cloud setting, with the goal of hiding all properties of the underlying dataset, and do not address the specific privacy and efficiency challenges that arise in the above context. In this paper, we define a general execution model to control the data-dependence of communications in user-side decentralized computations, in which differential privacy guarantees for communication patterns in global execution plans can be analyzed by combining guarantees obtained on local clusters of nodes. We propose a set of algorithms which allow to trade-off between privacy, utility and efficiency. Our formal privacy guarantees leverage and extend recent results on privacy amplification by shuffling. We illustrate the usefulness of our proposal on two representative examples of decentralized execution plans with data-dependent communications.

Cryptography and Security,Databases,Distributed, Parallel, and Cluster Computing,Machine Learning

Xingting Liu,Siwang Zhou,Wei Zhang,Ting Dong,Keqin Li

DOI: https://doi.org/10.1109/JSYST.2023.3274812

2023-01-01

Abstract:In mobile crowdsensing (MCS) system, a variety of sensors are required to operate together to glean and upload sensory data to clouds for processing. In real practice, truth discovery has been widely explored to find reliable information from various mobile devices. Under the requirement of MCS security, privacy-preserving truth discovery (PPTD) causes wide concern, which refers to discovering truthful information from these unreliable uploaded data while protecting users' private information. Although many PPTD mechanisms have been proposed, they can either not guarantee low communication from users to the cloud, or fail to realize fully strong privacy protect including sensing data privacy, weight privacy, intermediate privacy, and estimated truth privacy. This study designs a collaborative cloud encryption architecture. In this framework, we propose a new system architecture that adapts a two-cloud peer model while leveraging garbled circuit (GC). Users only need to transfer data to two clouds once, which realizes low users workloads while supporting dynamic users. The two cloud terminals cooperate to complete the weight update through the GC but execute the truth discovery algorithm, respectively. In this way, the noninteractive comes true and the users' workloads are transferred to the cloud server side. The weight update finish and weight privacy are fulfilled through GC, meanwhile the other intermediate values maintain strong privacy. At the same time, because the collaborative cloud architecture of the two clouds ensures the confidentiality of the truth value in the cloud and the homomorphism at the inquiry side, it ensures the strong privacy of the whole process from users to inquiries. The performance of this proposed method is verified through extensive evaluations.

Xiaochen Yang,Ming Xu,Shaojing Fu,Yuchuan Luo

DOI: https://doi.org/10.1007/978-3-030-18576-3_14

2019-01-01

Applied Sciences

Abstract:Mobile sensing mines group information through sensing and aggregating users' data. Among major mobile sensing applications, the distinct counting problem aiming to find the number of distinct elements in a data stream with repeated elements, is extremely important for avoiding waste of resources. Besides, the privacy protection of users is also a critical issue for aggregation security. However, it is a challenge to meet these two requirements simultaneously since normal privacy-preserving methods would have negative influence on the accuracy and efficiency of distinct counting. In this paper, we propose a Privacy-Preserving Distinct Counting scheme (PPDC) for mobile sensing. Through integrating the basic idea of homomorphic encryption into Flajolet-Martin (FM) sketch, PPDC allows an aggregator to conduct distinct counting over large-scale datasets without disrupting privacy of users. Moreover, PPDC supports various forms of sensing data, including camera images, location data, etc. PPDC expands each bit of the hashing values of users' original data, FM sketch is thus enhanced for encryption to protect users' privacy. We prove the security of PPDC under known-plaintext model. The theoretic and experimental results show that PPDC achieves high counting accuracy and practical efficiency with scalability over large-scale data sets.