An improved method for privacy-preserving web-based data collection - - PowerPoint PPT Presentation

an improved method for privacy preserving web based data
SMART_READER_LITE
LIVE PREVIEW

An improved method for privacy-preserving web-based data collection - - PowerPoint PPT Presentation

Oct 09, 2023 277 likes •423 views

An improved method for privacy-preserving web-based data collection Riivo Talviste Supervisor: Dan Bogdanov, MSc April 24, 2009 Outline of the Talk State of the Art Problem statement Improved architecture Implementation

slide-1
SLIDE 1

An improved method for privacy-preserving web-based data collection

Riivo Talviste Supervisor: Dan Bogdanov, MSc

April 24, 2009

slide-2
SLIDE 2

Outline of the Talk

  • State of the Art
  • Problem statement
  • Improved architecture
  • Implementation
  • Demo
slide-3
SLIDE 3

The Danisco Auction (1)

  • In Denmark farmers grow sugar beets, which

they sell to the Danisco company.

  • EU reduced support, so they conducted a

nation-wide double auction.

  • A survey showed that farmers really care about

their confidentiality.

slide-4
SLIDE 4

Survey Results

Agree strongly Agree Don't know Disagree Disagree strongly 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 35% 43% 18% 2% 1%

It is important that my bids are kept confidential

slide-5
SLIDE 5

The Danisco Auction (2)

  • Auctioneer = {Danisco, DKS, SIMAP project}
  • The first large-scale practival application of

multiparty computation (MPC).

  • Held in two phases:

– Placing and gathering bids, – Processing bids and calculating market clearing

price (MCP).

slide-6
SLIDE 6

The Danisco Auction Architecture

Danisco website Farmer's computer Web server

session Java applet public keys encrypted shares database

Danisco DKS SIMAP

MPC

Phase 1 Phase 2

login

slide-7
SLIDE 7

Problem Statement

  • Farmer has to trust the web server

unconditionally, as it can send wrong public keys.

  • Java applet is a fat-client application, not

everybody has Java Runtime Environment (JRE) installed.

slide-8
SLIDE 8

Our Solution

  • Similar to the Danisco auction architecture.
  • Built on the Sharemind framework.
slide-9
SLIDE 9

Our Architecture

client's computer Web server

Flex application

Miner 1 Miner 2 Miner 3

MPC share share share

HTTPS connection

Miner 1 web server Miner 2 web server Miner 3 web server

slide-10
SLIDE 10

Security Analysis

Confidentiality is satisfied by:

  • Secret sharing
  • Public Key Infrastructure (PKI) and direct

HTTPS connections.

– Client does not have to trust anybody

unconditionally

– Potential security risk: malicious miners with

certificates already trusted by client are still a threat.

slide-11
SLIDE 11

Implementation

  • Adobe Flex technology

– Free, open source framework, – MXML, a XML-based language for layout, – ActionScript 3, an object-oriented language for

client logic,

– Thin-client, – Run by Adobe Flash Player.

  • Recent survey shows that 99.0% of Internet-

enabled desktops have Flash Player.

slide-12
SLIDE 12

Demo

slide-13
SLIDE 13

Conclusion

  • First large-scale practical MPC applications are

already in use.

  • We proposed an architecture with stronger

confidentiality guarantees than the ones currently in use.

  • We implemented it using Adobe Flex, the most

spread web-based software platform.

slide-14
SLIDE 14

Questions!? Thank You!