ebook img

RIIVO TALVISTE Applying Secure Multi-party Computation in Practice PDF

144 Pages·2016·2.29 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview RIIVO TALVISTE Applying Secure Multi-party Computation in Practice

R DISSERTATIONES I I MATHEMATICAE V O UNIVERSITATIS T TARTUENSIS A 104 L V I S T E A RIIVO TALVISTE p p l y i n Applying Secure Multi-party g S ec Computation in Practice u r e M u l t i - p a r t y C o m p u t a t i o n i n P r a c t i c e Tartu 2016 1 ISSN 1024-4212 ISBN 978-9949-77-047-2 DISSERTATIONES MATHEMATICAE UNIVERSITATIS TARTUENSIS 104 DISSERTATIONES MATHEMATICAE UNIVERSITATIS TARTUENSIS 104 RIIVO TALVISTE Applying Secure Multi-party Computation in Practice Institute of Computer Science, Faculty of Mathematics and Computer Science, UniversityofTartu,Estonia Dissertation is accepted for the commencement of the degree of Doctor of Phi- losophy (PhD) on February 3, 2016 by the Council of the Institute of Computer Science,UniversityofTartu. Supervisors: Dr. Tech. SvenLaur UniversityofTartu Tartu,Estonia Ph.D DanBogdanov CyberneticaAS Tartu,Estonia Opponents: Prof. Ph.D KurtRohloff NewJerseyInstituteofTechnology Newark,NJ,UnitedStatesofAmerica Prof. Dr. StefanKatzenbeisser TechnischeUniversitätDarmstadt Darmstadt,Germany ThepublicdefensewilltakeplaceonMarch14,2016at16:15inJ.Liivi2–405. ThepublicationofthisdissertationwasfinancedbyInstituteofComputerScience, UniversityofTartu. Copyright: RiivoTalviste,2016 ISSN1024-4212 ISBN978-9949-77-047-2i(print) ISBN978-9949-77-048-9i(pdf) UniversityiofiTartuiPress http://www.tyk.ee Contents Abstract 9 1 Introduction 10 1.1 Dataprivacyandsecurecomputation . . . . . . . . . . . . . . . . 10 1.2 Claimsofthisthesis . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3 Outlineandauthor’scontributions . . . . . . . . . . . . . . . . . 11 2 InformationsystemsandSMC 15 2.1 Datasecurityinmoderninformationsystems . . . . . . . . . . . 15 2.2 Securecomputation . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.2.1 Yao’sgarbledcircuits . . . . . . . . . . . . . . . . . . . . 16 2.2.2 Fullyhomomorphicencryption . . . . . . . . . . . . . . 17 2.2.3 Linearsecretsharing . . . . . . . . . . . . . . . . . . . . 18 2.2.4 SHAREMINDSMCframework . . . . . . . . . . . . . . . 20 2.2.5 SecuritymodelforSMC . . . . . . . . . . . . . . . . . . 21 2.2.6 RolesinSMCdeployment . . . . . . . . . . . . . . . . . 25 2.3 CombiningSMCintoinformationsystems . . . . . . . . . . . . . 26 2.3.1 Inputparties . . . . . . . . . . . . . . . . . . . . . . . . 26 2.3.2 Computationparties . . . . . . . . . . . . . . . . . . . . 28 2.3.3 Resultparties . . . . . . . . . . . . . . . . . . . . . . . . 28 3 Challengesindevelopingreal-worldSMCapplications 30 3.1 Stateoftheartinreal-worldSMC . . . . . . . . . . . . . . . . . 30 3.1.1 Danishsugarbeetauction . . . . . . . . . . . . . . . . . 30 3.1.2 FinancialbenchmarkingwithSMC . . . . . . . . . . . . 31 3.2 Missingcapabilitiesandalgorithms . . . . . . . . . . . . . . . . 34 3.3 Lackofbestpracticesindeliveringandadministration . . . . . . 35 3.4 Limitedpracticalvalidation . . . . . . . . . . . . . . . . . . . . . 35 5 4 DeployingSMCforwebapplications 37 4.1 Dataflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 4.2 Overcomingbarriers . . . . . . . . . . . . . . . . . . . . . . . . 38 4.2.1 Secretsharinginwebbrowsers . . . . . . . . . . . . . . . 38 4.2.2 Communicatingwithcomputationparties . . . . . . . . . 40 4.3 Prototypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.3.1 Clouddemo . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.3.2 Internalemployeesatisfactionsurvey . . . . . . . . . . . 46 4.3.3 Taxfrauddetectionprototype . . . . . . . . . . . . . . . 46 4.3.4 Securesurveysystem . . . . . . . . . . . . . . . . . . . . 47 4.4 Bestpractices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5 Privacy-preservingdatabaselinking 50 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.2 Privacy-preservingjoinoperation . . . . . . . . . . . . . . . . . . 51 5.2.1 Databasejoinforuniquekeyvalues . . . . . . . . . . . . 52 5.2.2 Handlinguniquemulti-columnkeyvalues . . . . . . . . . 55 5.2.3 Databasejoinfornon-uniquekeyvalues . . . . . . . . . . 58 5.2.4 Relatedwork . . . . . . . . . . . . . . . . . . . . . . . . 61 5.3 ObliviousAES . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 5.3.1 ObliviousimplementationoftheS-box . . . . . . . . . . 63 5.3.2 Securityanalysis . . . . . . . . . . . . . . . . . . . . . . 66 5.3.3 Performancetweaks . . . . . . . . . . . . . . . . . . . . 67 5.4 Benchmarkingresults . . . . . . . . . . . . . . . . . . . . . . . . 67 5.4.1 Testsetup . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5.4.2 AESperformance . . . . . . . . . . . . . . . . . . . . . . 68 5.4.3 Securedatabasejoin . . . . . . . . . . . . . . . . . . . . 71 6 Oblivioussorting 74 6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 6.2 Oblivioussortingalgorithms . . . . . . . . . . . . . . . . . . . . 75 6.2.1 Constructionsbasedonobliviousshuffling . . . . . . . . 75 6.2.2 Sortingnetworks . . . . . . . . . . . . . . . . . . . . . . 77 6.2.3 Radixsort . . . . . . . . . . . . . . . . . . . . . . . . . . 78 6.3 Optimisations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.3.1 Vectorisation . . . . . . . . . . . . . . . . . . . . . . . . 79 6.3.2 Sharerepresentation . . . . . . . . . . . . . . . . . . . . 80 6.3.3 Assuringuniqueness . . . . . . . . . . . . . . . . . . . . 80 6.3.4 Optimisingsortingnetworks . . . . . . . . . . . . . . . . 81 6.4 Sortingsecret-sharedmatrices . . . . . . . . . . . . . . . . . . . 81 6.5 Benchmarkingresults . . . . . . . . . . . . . . . . . . . . . . . . 83 6 6.5.1 Algorithmimplementations . . . . . . . . . . . . . . . . 83 6.5.2 Testsetup . . . . . . . . . . . . . . . . . . . . . . . . . . 84 6.5.3 Sortingvectors . . . . . . . . . . . . . . . . . . . . . . . 85 6.5.4 Sortingmatrices . . . . . . . . . . . . . . . . . . . . . . 88 6.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 7 DeployingSMCfordataintegration 91 7.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 7.2 ThePRISTproject . . . . . . . . . . . . . . . . . . . . . . . . . 92 7.3 Overcomingbarriers . . . . . . . . . . . . . . . . . . . . . . . . 93 7.3.1 Toolsforstatisticians . . . . . . . . . . . . . . . . . . . . 93 7.3.2 Dataprotectionregulation . . . . . . . . . . . . . . . . . 94 7.3.3 Taxsecrecy . . . . . . . . . . . . . . . . . . . . . . . . . 95 7.3.4 Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . 96 7.4 Projectlifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . 97 7.4.1 Developmentandtesting . . . . . . . . . . . . . . . . . . 97 7.4.2 Deliveryandsetup . . . . . . . . . . . . . . . . . . . . . 98 7.4.3 Setupandadministration . . . . . . . . . . . . . . . . . . 100 7.4.4 Postmortem . . . . . . . . . . . . . . . . . . . . . . . . 103 7.5 Bestpracticesandlessonslearned . . . . . . . . . . . . . . . . . 105 7.5.1 Faulttolerance . . . . . . . . . . . . . . . . . . . . . . . 105 7.5.2 Performancetweaks . . . . . . . . . . . . . . . . . . . . 106 7.5.3 RMINDrecodefunction . . . . . . . . . . . . . . . . . . 107 7.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 8 Privacy-preservingdataintegrationonfederateddatabases 109 8.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 8.2 TheUnifiedeXchangePlatform . . . . . . . . . . . . . . . . . . 110 8.2.1 RequirementsforSMC . . . . . . . . . . . . . . . . . . . 110 8.2.2 StatusofprivacyprotectiononUXP . . . . . . . . . . . . 111 8.2.3 UXPcomponents . . . . . . . . . . . . . . . . . . . . . . 111 8.3 SHAREMINDasaUXPservice . . . . . . . . . . . . . . . . . . . 113 8.3.1 Rolesanddataflow . . . . . . . . . . . . . . . . . . . . . 113 8.3.2 Ahybridsetup . . . . . . . . . . . . . . . . . . . . . . . 115 8.3.3 PRISTasaservice . . . . . . . . . . . . . . . . . . . . . 116 8.3.4 Finalconsiderations . . . . . . . . . . . . . . . . . . . . 118 Conclusion 119 Bibliography 121 7 Acknowledgments 134 Kokkuvõte(SummaryinEstonian) 135 Listoforiginalpublications 137 CurriculumVitae 138 Elulookirjeldus 139 8 ABSTRACT The only way one can benefit from stored data is by using it. This is especially true if data from several sources are combined. For example, by combining data fromseveralofitsinstitutions,astatecandiscovertrendsorpin-pointproblematic issues. However,thisisoftenforbiddenduetoprivacyconcerns,asthecombined datasetbecomesanattractivetargetforbothinsiderandoutsiderattacks. Secure multi-party computation is a technology that allows data to be pro- cessed so that the computation servers see no actual data values. With the first practical implementations emerging in the 2000s, the technology is now mature enoughtobeusedforprivacy-preservingdataanalysisonrealdata. Thisthesislooksatthetechnicalandorganisationalchallengesthatarisefrom developing secure multi-party computation from a lab prototype to a real-world system. First,wegiveabriefoverviewofthetwosecuremulti-partyapplications that were first used on real-data: the Danish sugar beet auction and the ITL fi- nancial benchmarking application in Estonia. We address several shortcomings of these applications. Among others, we concentrate on challenges specific to web-baseddatagatheringandresultsharingforsuchapplications,andintegrating themwithexistinginformationsystems. Our main achievement is the world’s first large-scale registry-based statisti- cal study on linked databases using secure multi-party computation technology. We discuss the technical and legal issues that rise in such deployments. Finally, we propose to deploy secure multi-party technology as a service on a federated database infrastructure. As an example, we describe a deployment for the Es- tonian governmental data exchange layer X-Road. This makes similar registry- basedprivacy-preservingstudiesmoreaffordableandtransparentinthefuture. 9 CHAPTER 1 INTRODUCTION 1.1 Data privacy and secure computation Already in ancient Greece, the Spartans were worried about the privacy of their messages during military conflicts and used a transposition cipher (scytale) to render their messages illegible to others. By now, the need to protect the privacy ofone’sdatahastransferredfromthemilitarytothecivilsphere. Withtheadventofbigdata,moreandmoreorganisationsdonothavein-house resourcestostoreandprocessthecollecteddata. Storingdatainthecloudisseen as a valid solution, but in many cases the data itself is confidential or sensitive. Encrypting data (on the client side) to store it in the cloud solves the problem of protectingdataatrest,butalsorendersitunusableforfurtherprocessing. Down- loading a copy of the data and decrypting it for processing is not a viable option formostorganisations,takingintoaccounttoday’sdatavolumes. Withthegrowth ofcomputationalpowerandnetworkthroughput,privacy-preservingcomputation is an option for securely outsourcing computations so that no parties learn indi- vidualinputvalues. Secure multi-party computation (SMC) is a distributed computation model, whereseveralpartiescollaborativelycomputeacommonfunctiononeachother’s inputs, whilekeepingtheirowninputsprivateandonlylearningthecomputation result. SMCprotocolsareprivacy-preservingtotheextentthattheyleaknothing about the input values other than what can be deduced from the output or other explicitly published values during the protocol run. Thus, SMC does not hide inputvaluesthatcanbedirectlyinferredfromthecomputationresult. Even though secure multi-party computation has been around for more than 30years[129,43,67],itsadoptioninpracticehasbeenscarce. Althoughsomeof the SMC related research papers contain benchmarking results, these are mostly academicprototypestailoredforaspecificpurpose. Thefirsttrulypracticallarge- scaleSMCapplicationwastheDanishsugarbeetauctionin2008[32]. Sincethen, 10

Description:
AngularJS,supports all data a e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79 b e7 c8 37 6d Pullbacks and flatness properties of acts. Tartu
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.