Presentation is loading. Please wait.

Presentation is loading. Please wait.

Collusion-Resistant Anonymous Data Collection Method Mafruz Zaman Ashrafi See-Kiong Ng Institute for Infocomm Research Singapore.

Published byMichael Baker Modified over 8 years ago

Similar presentations

Presentation on theme: "Collusion-Resistant Anonymous Data Collection Method Mafruz Zaman Ashrafi See-Kiong Ng Institute for Infocomm Research Singapore."— Presentation transcript:

1

2 Collusion-Resistant Anonymous Data Collection Method Mafruz Zaman Ashrafi See-Kiong Ng Institute for Infocomm Research Singapore

3 Introduction  Quality data is a pre-requisite to obtain good data mining results.  Collecting good quality data requires efforts and money.  Internet is a convenient and low-cost platform for large-scale data collection.

4 Some Motivating Examples

5 Corporate Survey A large organization wishes to poll its employees for sensitive information.  eg. How satisfied they are with their bosses’ management skills. -Individuals need to rate their bosses. -However, they are afraid of the price to pay for honesty.

6 Health Information A drug company wishes to find out adverse effects of a drug.  eg. Relationship between the effects of a drug with other drugs. -Patients need to disclose all the drugs they are taking. -However, disclosing drug info may reveal health condition.

7 Traffic Monitoring Individual drivers wish to avoid roads with problematic conditions.  eg. Find out the congested road intersections and other bottlenecks. -Individuals need to disclose their GPS info. -However, disclosing GPS info may reveal current position.

8 Introduction Cont’d..  However, collecting data online has its challenges.  Privacy is the number-one concern for online respondents.  Respondents are reluctant to provide truthful information if their privacy is not protected.

9 Technical Challenges

10 Objective: Online Data Collection Two Actors: Data Collector and Respondents - The data collector wants to obtain the responses from a set of respondents. - The respondents submit honest responses only if the data collector is unable to link a particular response and its respondent.

11 Challenges 1.How does the data collector guarantee that it is unable to associate a particular response to the corresponding respondent? 2.How can a collusion attack be mitigated? 3.How can an honest respondent pull out his response without revealing it to the data collector if he finds a threat to his anonymity? 4.How can we reduce the computational and communication overhead?

12 Related Works 1. Randomized Response -Respondents’ responses are associated with the result of the toss of a coin. -Only a respondent knows whether the answer reflects the toss of the coin or his true experience. Pros: -A well-known technique. -Easy to use. Cons: -Adds noise to the result in response set that could distort the accuracy of the data mining results.

13 Related Works Cont’d… 2.Cryptographic Techniques -Respondents employ two sets of keys to encrypt their responses before sending to the data collector. -Each respondent strips off a layer off encryption sequentially and shuffles decrypted results. -All respondents verify the intermediate results before the data collector obtains the actual response set. Pros: -A deterministic technique. -The data mining results are accurate. Cons: -Vulnerable against collusion attacks. -Higher communication overhead.

14 Building Blocks of Our Approach 1.ElGamal Crypto - is a asymmetric public key encryption scheme. - is a probabilistic encryption. -achieves semantic security. - is malleable. 2. Substitution Cipher -Replace a character with another character. -Example:

15 The Hybrid Model ElGamal Encryption Substitution Cipher ElGamal Encryption Original response An Onion - Employs both ElGamal and Substitution Cipher. - Builds an Onion for a response. - Removes encryption layer (De-Onion) will result in the original response. An Onion Layer

16 The Hybrid Model Cont’d.. An example Onion De-Onion Original response 1234567890 9809364789 7893456720 2901560011 1234567890 9809364789 7893456720 2901560011 Original response

17 The Protocol

18 The Protocol has five phases 1.Data Preparation 2.Data Submission 3.Anonymization 4.Verification 5.Decryption

19 Phase I: Data Preparation Suppose there are 3 respondents (Alice, Bob and Carol). Bob’s Data Preparation Process 1234 6652 1039 Bob’s Original Response 8902 DM’s. Pri key 2453 Bob’s Sec. key 8091 Alice’s Sec. key 54367065 9081 2309 2098 3905 Bob’s Encrypted Response  d Bob 8893 7609 Carol’s Sec. key

20 Phase I: Data Preparation (cont’d..) Bob also computes an partial intermediate verification code W Bob … … … … … … BobAliceCarol Bob Alice Carol W Bob = 6652  4240  7056  b b

21 Phase II: Data Submission -Each participant submits an encrypted response i.e. and W to the data miner. The Data Miner -Computes the verification code Ω C = W Bob  W Alice  W Carol -Encrypts Ω C using its secondary key and sends the result in encrypted value to each participant. -Shuffles response set {d 1, d 2, d 3 } = {,, } -Sends {d 1, d 2, d 3 } to Carol.

22 Phase III: Anonymization -Carol “de-onions” one layer from each of the responses {d 1, d 2, d 3 }. eg, 8893 390570565607 ElGamal Decryption Substitution De-Cipher ElGamal Decryption d’ x Intermediate verification

23 Phase III: Anonymization (cont’d..) -… and computes intermediate verification V carol. AliceBobCarol Alice Bob …. -Shuffles the results in set {d’ y,d’ z,d’ x } = {,, } -Sends {d’ y,d’ z,d’ x } to the Data Miner. V Carol = 7809  2291  6790  V C

24 Phase III: Anonymization (cont’d..) -The Data Miner sends the randomize set {d’ y,d’ z,d’ x } to next participant (eg, Alice) -Similar to Carol, Alice also ‘de-onion’ one layer from each element of {d’ y,d’ z,d’ x }. -Computes intermediate verification. -Shuffles the results in set {d’ p,d’ q,d’ r }={,, } -Sends {d’ p,d’ q,d’ r } to the Data Miner.

25 Phase III: Anonymization (cont’d..) -The data miner sends {d’ p,d’ q,d’ r } to the last participant (i.e. Bob), who ‘de-onion’ another layer from this set. -Computes intermediate verification, shuffles the result in set ‘ S ’= {d’ m,d’ n,d’ o } and sends S to data miner.

26 Phase IV: Verification R -Data miner computes the final secondary encryption value ‘ R ’ from S. R -Sends ‘ R ’ along with its secondary secret key to all participants. -Bob, Alice and Carol decrypt intermediate verification code they received at Phase 2. -They also compute Ω V and check Ω V = Ω C -If ok, each of them sends their secondary secret key to the data miner.

27 Phase V: Decryption -Data miner uses the respondents’ secondary keys to strip off remaining encryption layers from S. -It uses its own primary key to strip off the final layer to reveal the original responses {….,1234,…..}.

28 Results and Analysis

29 Performance Analysis - Communication Overhead Brickell et al. KDD 2006

30 Complexity - Computation -Respondent’s, O(N) -Data Miner, O(N 2 ) -Communication -Participant’s, O(N)

31 Conclusion  The privacy of individual is an important issue in online data collection.  Ignoring respondents’ privacy will result in inaccuracy in the data.  Privacy-preserving online data collection must be (i) deterministic and (ii) efficient.

32 Conclusion  Deterministic: We employ crypto techniques  Collusion Resistance: We incorporate onion/de-onion technique (using ElGama + Substitution) to create a protective layer against collusion  Efficiency: Verification is done on single values instead of entire datasets

33 Thank you Q&A

34 The Protocol cont’d.. Suppose there are 3 respondents (Alice, Bob and Carol). 1.Data Preparation (Bob’s) 123489022453 DM’s. Pri key Bob’s Sec. key 8091 Alice’s Sec. key 7609 Carol’s Sec. key 6652 103990814240 2094 Bob’s Pri. key Substitution Cipher Alice’s Pri. key Substitution Cipher 5607 Alice’s Pri. key Carol’s Pri. key 7056 Substitution Cipher 3905 Carol’s Pri. key 8893 Bob’s Original Response - Bob generates a random number θ and computes b a = g θ and b b = gθ+7609 - Bob also generates W Bob = 6652  4240  7056  b b Bob’s Encrypted Response  d Bob

35 The Protocol cont’d.. Suppose there are 3 respondents (Alice, Bob and Carol). 1.Data Preparation (Bob’s) 123489022453 DM’s. Pri key Bob’s Sec. key 8091 Alice’s Sec. key 7609 Carol’s Sec. key 6652 103990814240 2094 Bob’s Pri. key Substitution Cipher Alice’s Pri. key Substitution Cipher 5607 Alice’s Pri. key Carol’s Pri. key 7056 Substitution Cipher 3905 Carol’s Pri. key 8893 Bob’s Original Response - Bob generates a random number θ and computes b a = g θ and b b = gθ+7609 - Bob also generates W Bob = 6652  4240  7056  b b Bob’s Encrypted Response  d Bob

36 Related Works Cont’d… 3.Mixed Networks -Respondents send response to an intermediate hop. -Each hop strips off a layer of encryption, which allows them to obtain the next hop’s address and forward the result to it. -The process continues till the response reached to the data collector. Pros: -Require less communication overhead. Cons: -Probabilistic approach and only works well if all participants and honest. -Intermediate hops can collaborate to breach an honest respondent’s anonymity.

37 The Hybrid Model Cont’d.. 1234567890 9809364789 2901560011 7893456720 An example 2901560011 7893456720 1234567890 9809364789 OnionDe-Onion ElGamal Encryption Substitution Cipher ElGamal Encryption ElGamal Decryption Substitution De-cipher ElGamal Decryption Original response

Download ppt "Collusion-Resistant Anonymous Data Collection Method Mafruz Zaman Ashrafi See-Kiong Ng Institute for Infocomm Research Singapore."

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format

Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Secure Socket Layer.

Secure Socket Layer.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
PRIVACY AND SECURITY ISSUES IN DATA MINING P.h.D. Candidate: Anna Monreale Supervisors Prof. Dino Pedreschi Dott.ssa Fosca Giannotti University of Pisa.

PRIVACY AND SECURITY ISSUES IN DATA MINING P.h.D. Candidate: Anna Monreale Supervisors Prof. Dino Pedreschi Dott.ssa Fosca Giannotti University of Pisa.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Similar presentations

Ads by Google