Secure Computation of Surveys Joan Feigenbaum Benny Pinkas Raphael S. Ryger Felipe Saint Jean Workshop on Secure Multiparty Protocols (SMP 2004)

Slides:

Advertisements

Similar presentations

Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.

Advertisements

Promotion and Tenure Workshop for MUSM Faculty A Faculty Development Opportunity Mercer University School of Medicine 2012.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Oblivious Branching Program Evaluation

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

Oblivious Transfer (OT) Alice (sender) has n secrets Alice wants to give k secrets to Bob Bob wants the secrets but does not want Alice to know which secrets.

Privacy Preserving Auctions and Mechanism Design Moni Naor Benny Pinkas Reuben Sumner Presented by: Raffi Margaliot.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

Facilitators: Janet Lange and Bob Munn

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

1 Progress on the PORTIA Project JOAN FEIGENBAUM March 21, 2005; Rutgers.

Jointly Restraining Big Brother: Using cryptography to reconcile privacy with data aggregation Ran Canetti IBM Research.

Private Analysis of Data Sets Benny Pinkas HP Labs, Princeton.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Workshop on Resilient Financial-Information Systems Sponsors: Treasury Dept. and NSF Dates: March 7 and 8, 2005 Location: Treasury Dept. Headquarters,

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Privacy Preserving Learning of Decision Trees Benny Pinkas HP Labs Joint work with Yehuda Lindell (done while at the Weizmann Institute)

Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.

Classroom Presenter: Supporting Active Learning with the Tablet PC Richard Anderson University of Washington March 19, 2007 Asia-Pacific Regional Workshop.

Information-Theoretic Security and Security under Composition Eyal Kushilevitz (Technion) Yehuda Lindell (Bar-Ilan University) Tal Rabin (IBM T.J. Watson)

Today’s Lecture application controls audit methodology.

ESS-VIP ICT Project ESSnet Workshop, Rome, 3-4 December 2012.

A Distributed and Privacy Preserving Algorithm for Identifying Information Hubs in Social Networks M.U. Ilyas, Z Shafiq, Alex Liu, H Radha Michigan State.

Social Networking and On-Line Communities: Classification and Research Trends Maria Ioannidou, Eugenia Raptotasiou, Ioannis Anagnostopoulos.

What do Graduate Learners Say about Instructor and Learner Discourse in their First Online Course? By Dr. Peter Kiriakidis, PhD Abstract This study was.

1 Progress on the PORTIA Project JOAN FEIGENBAUM June 5, 2006; Google; New York NY.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

Secure Computation of the k’th Ranked Element Gagan Aggarwal Stanford University Joint work with Nina Mishra and Benny Pinkas, HP Labs.

Chapter 13: Developing and Implementing Effective Accounting Information Systems

Insert presenter logo here on slide master. See hidden slide 4 for directions  Session ID: Session Classification: SEUNG GEOL CHOI UNIVERSITY OF MARYLAND.

Privacy-Aware Personalization for Mobile Advertising

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

On the Practical Feasibility of Secure Distributed Computing A Case Study Gregory Neven, Frank Piessens, Bart De Decker Dept. of Computer Science, K.U.Leuven.

13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1 Rate-Limited Secure Function Evaluation 21. Public Key Cryptography, March 1 st, 2013 Özgür.

1 Pattern Recognition: Statistical and Neural Lonnie C. Ludeman Lecture 21 Oct 28, 2005 Nanjing University of Science & Technology.

Jay Summet CS 1 with Robots IPRE Evaluation – Data Collection Overview.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Cryptography and Network Security (CS435) Part Eight (Key Management)

1 Privacy Preserving Data Mining Haiqin Yang Extracted from a ppt “Secure Multiparty Computation and Privacy” Added “Privacy Preserving SVM”

Copyright 2010, The World Bank Group. All Rights Reserved. ICT - a core management issue Part 1 Managing ICT resources Produced in Collaboration between.

Public key ciphers 2 Session 6.

Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa

SIA: Secure Information Aggregation in Sensor Networks B. Przydatek, D. Song, and A. Perrig. In Proc. of ACM SenSys 2003 Natalia Stakhanova cs610.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.

PROJECT TITLE:STRENGTHENING THE SKILLS AND CAPACITY OF FFW ORGANIZERS IN THE FORMAL ECONOMY TENTATIVE DURATION:Six (6) Months STARTING DATE:January 2007.

Faculty Satisfaction Survey Results October 2009.

Today’s Lecture Covers

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.

Fall 2006CS 395: Computer Security1 Confidentiality Using Symmetric Encryption.

Multi-Party Proofs and Computation Based in part on materials from Cornell class CS 4830.

By: Gang Zhou Computer Science Department University of Virginia 1 Medians and Beyond: New Aggregation Techniques for Sensor Networks CS851 Seminar Presentation.

Post University. INSTITUTION: Post University, Waterbury,CT NAMES of Team members: Dylan Clyne, Maura Bozeman and Randal Streck VISION – Our departmental.

Verifiable Threshold Secret Sharing and Full Fair Secure Two-party Computation YE Jian-wei March 7, 2009.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

Dining with Diabetes IRB Training 2017.

Committed MPC Multiparty Computation from Homomorphic Commitments

Ethical questions on the use of big data in official statistics

The Italian Academic Community’s Electronic Voting System

Presentation transcript:

Secure Computation of Surveys Joan Feigenbaum Benny Pinkas Raphael S. Ryger Felipe Saint Jean Workshop on Secure Multiparty Protocols (SMP 2004)

Surveys and other Naturally Centralized Multiparty Computations ● Consider – Sealed-bid auctions – Elections – Referenda – Surveys ● Each participant weighs the hoped-for payoffs against any revelation penalty (“loss of privacy”) and is concerned that the computation be fault-free and honest. ● The implementor, in control of the central computation, must configure auxiliary payoffs and privacy assurances to encourage (honest) participation.

CRA Taulbee Survey: Computer Science Faculty Salaries ● Computer science departments in four tiers, all the rest ● Academic faculty in four ranks: full, associate, and assistant professors, and non-tenure-track teaching faculty ● Intention: Convey salary distribution statistics per tier-rank to the community at large without revealing department-specific information.

CRA Taulbee Survey: The Current Computation ● Inputs, per department and faculty rank: – Minimum – Maximum – Median – Mean ● Outputs, per tier and faculty rank: – Minimum, maximum, mean of department minima – Minimum, maximum, mean of department maxima – Median of department means (not weighted) – Mean (weighted mean of department means)

CRA Taulbee Survey: The Problem ● CRA wishes to provide fuller statistics than the meager data currently collected can support. ● The current level of data collection already compromises department-specific information. Asking for submission of full faculty-salary information greatly raises the threshold for trust in CRA's intentions and its security competence. Furthermore, detailed disclosure, even if anonymized, may be explicitly prohibited by the school. ● Hence, there is a danger of significant non- participation in the Taulbee Survey.

Communication Pattern: General Secure Function Evaluation

Communication Pattern: Surveys (Insecure, Natural Computation), or SFE “Ideal Model” (Trusted Party)

Communication Pattern: M-for-N-Party Secure Function Evaluation

Real-World Human-Input Network Computation ● Opportunistic participation: Input is provided if/when humans, computers, and networking are available and operative. The exact participation is not predictable. ● The “function” being computed, then, is not known until the input-collection phase is closed, at which point the participants are generally no longer available for interaction. ● Solution: Two major modular phases, – secure collection of (“N”) inputs into M-node hub – M-party secure function evaluation ● The entire process to be supervised by a control node.

CRA Taulbee Survey: Secure Input Collection Participant Control Register

CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID

CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID Compute 1 Compute 2 Session ID, Data Shares Session ID, Data Shares

CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID Compute 1 Compute 2 Session ID, Data Shares Session ID, Data Shares Session ID, # Data Points Session ID, # Data Points

CRA Taulbee Survey: Secure Input Collection Participant Control Register Participant Control Log In Session ID Acknowledgment Compute 1 Compute 2 Session ID, Data Shares Session ID, Data Shares Session ID, # Data Points Session ID, # Data Points

CRA Taulbee Survey: Securely evaluate what function(s)? ● The implemented prototype supports secure computation of salary distribution statistics in each tier-rank. ● Exactly the same approach is applicable to the secure computation of distribution statistics for the departmental rank aggregates – minima, maxima, medians, and means – for each rank, for each tier. ● The approach strives to compute as little as possible securely, a minimal secure computation feeding a postprocessing phase that computes the statistics CRA wishes to publish.

CRA Taulbee Survey: The Proposed Computation (1) ● Secure input collection (control aside): – Salary and rank data entry by department head – Per rank, in JavaScript, computation of XOR shares of the individual salaries for the two (M = 2) computation servers – Per rank, HTTPS transmission of XOR shares to their respective computation servers CRA closes the input-collection phase, and then...

CRA Taulbee Survey: The Proposed Computation (2) ● Per tier and rank, construction of a Boolean circuit to – reconstruct inputs by XOR-ing their shares – sort the inputs in an odd-even sorting network ● Secure computation, per tier and rank: – Fairplay implementation of the Yao two-party SFE protocol for the constructed circuit and the collected input shares – output is a sorted list of all salaries in the tier-rank ● Postprocessing, per tier and rank: – arbitrary, insecure computation on the sorted, cross-departmental salary list

Open Questions ● Input “sanity checking” in a privacy-preserving system lacking strong natural incentives for truthfulness and accuracy: – data-entry error trapping – detection/deterrence of intentional, possibly gross misrepresentation by participants ● Traditional SFE considerations regarding maliciousness, as they arise in the M-for-N-party protocol setting ● Economy of the core (symmetric) SFE protocols ● Economy of the Boolean circuits and of their generation. ● The legal difficulty: uncharted territory.