privacy preserving personal information management
play

Privacy-Preserving Personal Information Management Mohamed Layouni - PowerPoint PPT Presentation

Mar 08, 2023 •25 likes •325 views

Introduction ASPIR Multi-Authorizer ASPIR Conclusion Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 1 / 25 Introduction ASPIR Multi-Authorizer ASPIR

  1. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 1 / 25

  2. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Main Focus of this Work Designing protocols that are : Secure Privacy-preserving User-centric 2 / 25

  3. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Main Contributions of this Thesis (1/2) Studied/Surveyed Privacy-Preserving Credentials Compared the most complete/elaborate ones Proposed an extension to the Camenisch-Lysyanskaya credential system ∗ Proposed two privacy-preserving protocols for controlling access to remotely-stored DB records , where access is performed according to policies defined by the owners of those records . 3 / 25

  4. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Main Contributions of this Thesis (2/2) Proposed protocols to solve real-world problems using privacy-preserving credentials: Prescription-handling for the Belgian Healthcare System ∗ (e.g., protecting patients’ privacy from administrative entities involved in the processing of insurance claims) Tele-monitoring of patients’ health outside Hospital (Protocol for collecting patients’ health measurements in a user-centric and privacy-preserving way) 4 / 25

  5. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Presentation Outline Introduction 1 Accredited Symmetrically Private 2 Information Retrieval (ASPIR) Multi-Authorizer ASPIR 3 Conclusion 4 5 / 25

  6. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Settings and Parties Involved Data Subject 1 Database Server Receiver Data Subject 2 ... ... ID3 DB[ID3] ... ... Data Subject 3 ... ID2 DB[ID2] Data Subject 4 ID4 DB[ID4] ... ... ID1 DB[ID1] ... ... Data Subject N Figure: Setting of the ASPIR Protocol 6 / 25

  7. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Requirements Privacy for Receiver: DB Server should not be able to compute the index of the retrieved record (and hence the ID of data-subject) Privacy for DB Server: For each query, the Receiver can compute information only on one record (defined in the query), and nothing about the other records in DB. Privacy for Data Subject: DB records cannot be retrieved without authorization It should be intractable for a quorum of players to forge an authorization for a record that none of them owns. DB Server should be able to verify the validity of an authorization presented by the Receiver, without learning the identity of the Data-Subject who issued it. 7 / 25

  8. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) 8 / 25

  9. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) 9 / 25

  10. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Symmetrically Private Information Retrieval (SPIR) Receiver DB Server DB[1] Interested i in record i DB[i] ... DB[n] Figure: A Simple Database Query 10 / 25

  11. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Symmetrically Private Information Retrieval (SPIR) Receiver DB Server DB[1] Q=Query(Secret−Key,i) Interested in record i Response R ... DB[i]:=Recover(Secret−Key,i,R) DB[n] Figure: Symmetrically Private Information Retrieval 11 / 25

  12. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) Similar to an Oblivious Transfer ∗ scheme, Higher efficiency, but Weaker security. 12 / 25

  13. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) Similar to an Oblivious Transfer ∗ scheme, Higher efficiency, but Weaker security. 13 / 25

  14. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Privacy-Preserving Credentials Show Cred A1,..,An Prove Pred(A1,...,An) Issuer User Verifier Cred Provide Service Deposit Verifiers Showing Transcript Figure: Privacy-Preserving Credentials Issuing, Showing, and Depositing 14 / 25

  15. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Privacy-Preserving Credentials Properties of Privacy-Preserving Credentials Selective disclosure (in the sense of Zero Knowledge) Soundness (no false claims) Untraceability (showings unlinkable to user’s identity) Unlinkability (between showings) . . . Constructions from the Literature Camenisch and Lysyanskaya (IBM’s IDEMIX ) Brands (Microsoft’s U-Prove ) 15 / 25

  16. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Solution Overview Database Server Data Subject i Receiver ... ... Q:=Query(i,Rec−Public−Key) ID3 DB[ID3] Auth = SPK{ (i,j) : Cred.ID = j ^ ... Inv(Q) = i ^ i = j } (RecID, Policy...) ... Q + Auth Q + Auth + RecID + Policy ID2 DB[ID2] ID4 DB[ID4] Check Auth, RecID, ... if Policy is satisfied ... SPIR−Process Q ID1 DB[ID1] Response R ... ... DB[i]:=Recover(Rec−Secret−Key,R) Figure: Accredited SPIR Protocol: High-Level Overview 16 / 25

  17. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Overview Multi-Authorizer ASPIR is : A new approach to constructing ASPIR schemes (also 1 useful for single-Authorizer ASPIR) An extension of ASPIR to a setting where: 2 A DB record belongs to multiple owners simultaneously Receiver can recover a DB record only if he: Complies with privacy policy defined by record owners. Has authorizations from: — All owners of target record, — Any subset of owners of size larger than a threshold , — Certain subsets of owners (general access structure) 17 / 25

  18. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Settings and Parties Involved Data Subject 1 Database Server Receiver Data Subject 2 ... ... {ID2,ID3,ID4} DB[ID ] 2,3,4 ... ... Data Subject 3 ... {ID1,ID2,ID3} DB[ID ] 1,2,3 ... Data Subject 4 ... ... ... {ID1,ID3,ID4} DB[ID ] 1,3,4 ... ... Data Subject N Figure: Setting of the Multi-Authorizer ASPIR Protocol 18 / 25

  19. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Requirements Privacy for Receiver: DB Server cannot compute the index of the retrieved record (and hence the IDs of its owners) Privacy for DB Server: For each query, the Receiver learns information only on one record (defined in the query), and nothing about the other records in DB. Privacy for Data Subject: DB records cannot be recovered without the necessary authorizations It should be intractable for a quorum of players to forge an authorization for a record that none of them owns. 19 / 25

  20. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Solution Overview Multi-Authorizer ASPIR is a completely new construction : We use different building blocks : Pairing-based signatures instead of Credentials. (Security relies on Bilinear Diffie-Hellman assumption). We use SPIR schemes in a black-box fashion ; Construction works with any SPIR scheme, not only Lipmaa’s SPIR scheme as in ASPIR. The new scheme is more efficient than previous ASPIR. 20 / 25

  21. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Solution Overview Auth i = F (s,RecID,Policy) i Auth 1 Database Server Receiver ... ... = U Auth 1,2,3 Auth i {ID2,ID3,ID4} DB[ID ] 2,3,4 i ... ... Data Subject 1 s = index(ID ) {ID1,ID2,ID3} DB[ID ] 1,2,3 1,2,3 ... ... ... Q = Query SPIR (s) ... Auth 2 {ID1,ID3,ID4} DB[ID ] 1,3,4 ... Q,RecID,Policy ... Data Subject 2 If Policy satisfied Response R SPIR−process Q Auth DKey = F(Auth 1,2,3 , R) 3 DB[ID ] = Recover(DKey, R) 1,2,3 Data Subject 3 Figure: Multi-Authorizer ASPIR Protocol (Basic Construction) 21 / 25

  22. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Further Extensions The proposed protocols have the following extra functionalities: Receiver can retrieve multiple records belonging to a tuple of data-subjects (2 Constructions) Idea 1: Change the way the SPIR query is processed (Technique similar to the one used in the General and Threshold Access Structure variants) Idea 2: Two Databases : one for Keys, one for Ciphertexts. Retrieve key with MASPIR, and use it to decrypt all records of owners’ tuple being considered. 22 / 25

  23. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Summary: Proposed two privacy-preserving protocols for controlling 1 access to remotely-stored DB records , where access is performed according to policies defined by the owners of those records . Proposed Privacy-Preserving eHealth protocols (e.g., 2 Prescription-handling for the Belgian Healthcare System) Surveyed the State of the Art in Privacy-Preserving 3 Credential Systems , and provided a Comparison of the most elaborate/complete ones. 23 / 25

Recommend

Tools for Preserving Your Personal and Intellectual Privacy Wendy Stephens Jacksonville State

Tools for Preserving Your Personal and Intellectual Privacy Wendy Stephens Jacksonville State

Tools for Preserving Your Personal and Intellectual Privacy Wendy Stephens Jacksonville State University Thursday, July 20, 1:15 2:15pm Eastern A project of the University of Michigan School of Information, U-M Library, and U-M School of

683 views • 39 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu, Shicong Meng, and Balaji Palanisamy College of Computing, Georgia Institute of Technology Talk Overview Motivation Content Privacy issues in

963 views • 33 slides
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei Networked Systems Security Group (NSS) November 1, 2016 July 2, 2018

1.03k views • 38 slides
DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

212 views • 17 slides
Privacy-Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu Advisor: Dawn

Privacy-Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu Advisor: Dawn

Privacy-Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu Advisor: Dawn Song dawnsong@cmu.edu Why Share? Many applications require mutually distrustful parties to share information Many examples in two major

783 views • 39 slides
There is a lot of personal information. There are lots of inappropriate photos. Your privacy

There is a lot of personal information. There are lots of inappropriate photos. Your privacy

There is a lot of personal information. There are lots of inappropriate photos. Your privacy settings are weak. There are people you dont know. Its safe, private and secure. Only post photos you want everyone to see. Keep your personal

481 views • 6 slides
Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation. Obfuscation-Based Location Privacy. Location information is sensitive.

521 views • 20 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

3/27/2015 Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program Considerations August 14, 2014 Presentation by: Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 Todays Privacy &

475 views • 24 slides
Privacy Preserving Record Linkage Linkage Elizabeth Ashley Durham Health Information Privacy

Privacy Preserving Record Linkage Linkage Elizabeth Ashley Durham Health Information Privacy

11/25/2010 Privacy Preserving Record Linkage Linkage Elizabeth Ashley Durham Health Information Privacy Lab Department of Biomedical Informatics Department of Biomedical Informatics Vanderbilt University Wednesday, 24 November, 2010 1 Record

766 views • 30 slides
L'Anonymisation des donnes du DMP Etat des lieux du Privacy Preserving Data Publishing

L'Anonymisation des donnes du DMP Etat des lieux du Privacy Preserving Data Publishing

Partage et Secret de l'Information de Sant Nancy 15/10/10 L'Anonymisation des donnes du DMP Etat des lieux du Privacy Preserving Data Publishing T. Allard & B.Nguyen Institut National de Recherches en Informatique et

497 views • 35 slides
PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner

PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner

PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner WHERE WE ARE PRIVACY ACT 1993 Principle 1 - 4: Collection of personal information Principle 5: Storage and security of personal information Principle

276 views • 13 slides
Building a Privacy Management Program February 26, 2013 Office of the Information and Privacy

Building a Privacy Management Program February 26, 2013 Office of the Information and Privacy

Building a Privacy Management Program February 26, 2013 Office of the Information and Privacy Commissioner of Alberta Session Overview Reasons for having a PMP Strategies to deal with current and future privacy challenges at your

469 views • 33 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
PrivPy: Scalable and General Privacy-Preserving Data Mining Yi Li , Yitao Duan , Yu Yu

PrivPy: Scalable and General Privacy-Preserving Data Mining Yi Li , Yitao Duan , Yu Yu

PrivPy: Scalable and General Privacy-Preserving Data Mining Yi Li , Yitao Duan , Yu Yu , Shouyao Zhao , Wei Xu Institute for Interdisciplinary Information Sciences, Tsinghua University NetEase Youdao Shanghai Jiaotong

2.29k views • 23 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides

More recommend