an improved method for privacy preserving web based data
play

An improved method for privacy-preserving web-based data collection - PowerPoint PPT Presentation

An improved method for privacy-preserving web-based data collection Riivo Talviste Supervisor: Dan Bogdanov, MSc April 24, 2009 Outline of the Talk State of the Art Problem statement Improved architecture Implementation


  1. An improved method for privacy-preserving web-based data collection Riivo Talviste Supervisor: Dan Bogdanov, MSc April 24, 2009

  2. Outline of the Talk ● State of the Art ● Problem statement ● Improved architecture ● Implementation ● Demo

  3. The Danisco Auction (1) ● In Denmark farmers grow sugar beets, which they sell to the Danisco company. ● EU reduced support, so they conducted a nation-wide double auction. ● A survey showed that farmers really care about their confidentiality.

  4. Survey Results It is important that my bids are kept confidential Agree strongly 35% Agree 43% Don't know 18% Disagree 2% Disagree strongly 1% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

  5. The Danisco Auction (2) ● Auctioneer = {Danisco, DKS, SIMAP project} ● The first large-scale practival application of multiparty computation (MPC). ● Held in two phases: – Placing and gathering bids, – Processing bids and calculating market clearing price (MCP).

  6. The Danisco Auction Architecture Phase 1 Phase 2 Danisco session Web server Danisco website database MPC Java applet public keys login DKS SIMAP encrypted shares Farmer's computer

  7. Problem Statement ● Farmer has to trust the web server unconditionally, as it can send wrong public keys. ● Java applet is a fat-client application, not everybody has Java Runtime Environment (JRE) installed.

  8. Our Solution ● Similar to the Danisco auction architecture. ● Built on the Sharemind framework.

  9. Our Architecture Web server Miner 1 Miner 1 web server MPC Flex application share Miner 2 web server Miner 2 Miner 3 share client's share computer Miner 3 web server HTTPS connection

  10. Security Analysis Confidentiality is satisfied by: ● Secret sharing ● Public Key Infrastructure (PKI) and direct HTTPS connections. – Client does not have to trust anybody unconditionally – Potential security risk : malicious miners with certificates already trusted by client are still a threat.

  11. Implementation ● Adobe Flex technology – Free, open source framework, – MXML, a XML-based language for layout, – ActionScript 3, an object-oriented language for client logic, – Thin-client, – Run by Adobe Flash Player. ● Recent survey shows that 99.0% of Internet- enabled desktops have Flash Player.

  12. Demo

  13. Conclusion ● First large-scale practical MPC applications are already in use. ● We proposed an architecture with stronger confidentiality guarantees than the ones currently in use. ● We implemented it using Adobe Flex, the most spread web-based software platform.

  14. Questions!? Thank You!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend