Deploying Secure Computing for Real-world Applications Dan - PowerPoint PPT Presentation

Deploying Secure Computing for 
 Real-world Applications Dan Bogdanov, PhD Head of Privacy Technology Development Cybernetica dan@cyber.ee

The Sharemind Privacy-preserving Computing Platform

Components for Privacy Encrypted 
 Privacy 
 Audit 
 computing policies support link sort late correlate Multi-party 
 Online verification MPC consensus Offline audit FHE Disclosure 
 Trusted 
 control hardware

Secure Computing Model Input Computing Result parties parties parties x 11 CP 1 ... y 1 IP 1 RP 1 x 1 y x k1 x 1i ... ... ... ... y i x ki x 1l IP k x k RP m y ... CP l y l x kl Step 1: Step 2: Step 3: upload and Sharemind publishing storage of inputs servers of results

Programmable Architecture Java/JavaScript/C/C++/Haskell Mobile apps Desktop apps Web apps interfaces SQL queries Rmind statistics package application servers database backends Host 1 Host 2 Host n

Sharemind’s Protocols num of num of num of Name input computin result Technology Status parties g parties parties In shared3p any 3 any LSS/MPC commercial use Under shared2p any 2 any LSS/MPC development Under sharednp any 3 or more any LSS/MPC development More are being planned

Student A Student B Score: 25 Score: 33 1. Pick random number a 1 = 57 1. Pick random number b 1 = 44 2. Pick random number a 2 = 13 2. Pick random number b 2 = 57 3. Find a 3 = 25 - 57 - 13 ≡ 55 mod 100 3. Find b 3 = 33 - 44 - 57 ≡ 32 mod 100 4. Send a k to Server k, (k ∈ {1, 2, 3}) 4. Send b k to Server k, (k ∈ {1, 2, 3}) a 1 = 57 a 2 = 13 a 3 = 55 b 1 = 44 b 2 = 57 b 2 = 32 c 1 = a 1 + b 1 = 101 c 2 = a 2 + b 2 = 70 c 3 = a 3 + b 3 = 87 ≡ 1 mod 100 ≡ 70 mod 100 ≡ 87 mod 100 Server 1 Server 2 Server 3 C calculates c = 1 + 70 + 87 = 158 ≡ 58 mod 100 Student C C learns that the sum of A’s and B’s score is 58 without learning the scores of either student.

Getting More Operations • (continued example) • Addition derives from the homomorphic property of additive secret sharing. • Further operations require network communication. • The challenge is finding non- trivial ways to simplify the more complex protocols to make them efficient and keep them composable. Dan Bogdanov, Margus Niitsoo, Tomas Toft, Jan Willemson. High-performance secure multi-party computation for data mining applications . International Journal of Information Security 11(6), pp 403-418. Springer. 2012.

Coding for Sharemind Analytics with Sharemind

Demo Contents • Programming SMC using SecreC • Parallel operations • Security protocol polymorphism • Usability of SMC • The Rmind statistics tool Dan Bogdanov, Peeter Laud, Jaak Randmets. A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols. In Proceedings of 22nd ACM Conference on Computer and Communications Security. 2015. Requirements specification based on the interviews. Usable and Efficient Secure Multiparty Computation project deliverable D1.2. http://usable-security.eu/files/d12final.pdf Expert Feedback on Prototype Application . Usable and Efficient Secure Multiparty Computation project deliverable D1.4. http://usable-security.eu/files/D1.4-web.pdf Dan Bogdanov, Liina Kamm, Sven Laur, Ville Sokk. Rmind: a tool for cryptographically secure statistical analysis. Cryptology ePrint Archive, Report 2014/512. 2014. (to appear) 
 http://eprint.iacr.org/2014/512.pdf

Secure Computing for 
 Governmental Statistics

It’s a Good Time to be in IT The fact that up to 900 000 jobs in the ICT sector remain unfilled because of a skills gap gives the clearest indication possible of what needs to be done,” says Manuel Kohnstamm, Liberty Global’s senior vice president and chief policy officer. http://careers.ieee.org/article/European_Job_Outlook_0414.php

IT Training has a Failure Rate New IT students Quit studies before November 2012 1800 1 769 Number of students 1 504 1350 1 438 1 398 1 352 1 180 1 165 796 796 900 661 661 616 616 583 583 558 558 486 486 450 89 89 0 2006 2007 2008 2009 2010 2011 2012 Year By 2012, a total of 43% of students enrolled in in the four largest IT higher learning institutions in Estonia during 2006-2012 had quit their studies. Source: Estonian Ministry of Education and Research, CentAR.

Government has the Data Education Tax records records How is working 
 related to not 
 graduating 
 on time? When did the Has the student student enrol? 
 worked? 
 When did he or she In which period? 
 graduate? 
 Barriers 
 In an IT company? In an IT curriculum? Data Protection 
 Tax Secrecy

Sharemind Deployment 600 000 records Estonian Estonian ... collected data Information Information Education System's Authority System's Authority in an encrypted form, records Ministry of Education ... prevented any server 
 and Research from opening the data, Ministry of Statistician Universities Ministry of ... ran queries without 
 Employment Companies Finance Finance from Centar removing encryption tax records Policymakers IT Center IT Center Estonian Tax and Customs Board and enforced restrictions 
 on result publishing. 10 000 000 records Cybernetica Cybernetica Dan Bogdanov, Liina Kamm, Baldur Kubo, Reimo Rebane, Ville Sokk, Riivo Talviste. Students and Taxes: a Privacy-Preserving Social Study Using Secure Computation . 
 In Proceedings on Privacy Enhancing Technologies, PoPETs, 2016 (3), pp 117–135, 2016.

Secure Computing for 
 Tax Fraud Prevention

VAT Evasion is a Problem MEUR x e e e x e a s s s T a s t i i i A t i c c c c e x x V l x x a m e e e e i c o l o g l e o c o c n u S n h c i F I g a o b a c k l o A c T a P

The Story of the 1000 € Law • In 2013, the Estonian parliament ratified the Value- Added Tax Act and the Accounting Act Amendment Act that would force enterprises to report all invoices above 1000 € to the Tax and Customs Board (MTA). • MTA then matches outgoing invoices to the incoming invoices reported by others and find companies trying to get refunds for fraudulently declared input VAT. • President Ilves refused to proclaim the law, as 
 “…creating a database containing almost all of Estonia’s business secrets cannot be justified with a hypothetical, unproven conjecture that the tax hole would diminish.” 
 http://news.err.ee/v/politics/5b358dbd-8836-43ca-992c-973d206a3ec6

Prototype with SMC Benefits Benefits Encryption is applied on the Analyze, combine and build data directly at the source. reports without decrypting data. The data is cryptographically Confidentiality is guaranteed protected during processing. against all servers and against malicious hackers. No need to unconditionally Taxpayer's Tax Office trust a single organization. Values are only decrypted when association's server secure multi - party all hosts agree to do so. server computation system with database k s i R s Transactions e i r e u q k s i R s e r Watchdog o c s NGO server Tax Office Taxpayers Dan Bogdanov, Marko Jõemets, Sander Siim, Meril Vaht. How the Estonian Tax and Customs Board Evaluated a Tax Fraud Detection System Based on Secure Multi-party Computation. Financial Cryptography and Data Security - 19th International Conference. 2015.

Large-scale Benchmarks

Even Larger Data Size No. of companies No. of transaction partner Total no. of transactions pairs 20 000 200 000 25 000 000 40 000 400 000 50 000 000 80 000 800 000 100 000 000 The source data for 100 000 000 transactions had a 
 total size of 35 GB in XML format (about 1 GB in the 
 secret-shared database).

Computing Environment Computing Latency Setup Client parties (round-trip) us-east – < 0.1ms between all us-east – 12x c3.8xlarge 1 c3.8xlarge nodes eu-west – eu-west – 8x c3.8xlarge 
 < 0.1ms inside eu-west 
 2 c3.8xlarge eu-central – 4x c3.8xlarge 19ms (eu-west/eu-central) us-east – 4x c3.8xlarge 
 77ms (us-east/us-west) 
 us-east – us-west – 4x c3.8xlarge 
 133ms (us-west/eu-west) 
 3 c3.8xlarge eu-west – 4x c3.8xlarge 76ms (us-east/eu-west)

Cross-ocean SMC Runtime us 2 − eu 2 − us,1 − eu 08:53:00 9 hours 8 hours 7 hours Computation time 6 hours Computation phase 05:05:16 5 hours Risk analysis 04:26:15 Aggregation 4 hours Upload 02:47:53 3 hours 02:25:12 2 hours 01:23:10 01:14:36 1 hours 38:44 0 hours 20k 40k 80k 20k 40k 80k 20k 40k 80k Number of companies

Rather Acceptable Costs $126 $223 2 − us,1 − eu Deployment regions $61 $91 $150 Deployment regions us ● 2 − eu 2 − eu ● 2 − us,1 − eu ● $27 $49 $71 ● us 20k 40k 80k Number of companies Dan Bogdanov, Marko Jõemets, Sander Siim, Meril Vaht. Privacy-preserving tax fraud detection in the cloud with realistic data volumes. Real World Crypto 2016 Lightning Talk. 
 https://drive.google.com/file/d/0Bzm_4XrWnl5zVnRTRF9wT0EtUW8/view?pref=2&pli=1

Brute force risk analysis us 2 − eu 111:16:25 110 hours 100 hours 90 hours 80 hours Computation time 70 hours Computation phase Risk analysis 60 hours Aggregation 48:41:02 50 hours Upload 40 hours 33:34:07 30 hours 22:38:25 20 hours 09:29:57 10 hours 02:55:40 0 hours 20k 40k 80k 20k 40k 80k Number of companies