An improved method for privacy-preserving web-based data collection Riivo Talviste Supervisor: Dan Bogdanov, MSc April 24, 2009
Outline of the Talk ● State of the Art ● Problem statement ● Improved architecture ● Implementation ● Demo
The Danisco Auction (1) ● In Denmark farmers grow sugar beets, which they sell to the Danisco company. ● EU reduced support, so they conducted a nation-wide double auction. ● A survey showed that farmers really care about their confidentiality.
Survey Results It is important that my bids are kept confidential Agree strongly 35% Agree 43% Don't know 18% Disagree 2% Disagree strongly 1% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
The Danisco Auction (2) ● Auctioneer = {Danisco, DKS, SIMAP project} ● The first large-scale practival application of multiparty computation (MPC). ● Held in two phases: – Placing and gathering bids, – Processing bids and calculating market clearing price (MCP).
The Danisco Auction Architecture Phase 1 Phase 2 Danisco session Web server Danisco website database MPC Java applet public keys login DKS SIMAP encrypted shares Farmer's computer
Problem Statement ● Farmer has to trust the web server unconditionally, as it can send wrong public keys. ● Java applet is a fat-client application, not everybody has Java Runtime Environment (JRE) installed.
Our Solution ● Similar to the Danisco auction architecture. ● Built on the Sharemind framework.
Our Architecture Web server Miner 1 Miner 1 web server MPC Flex application share Miner 2 web server Miner 2 Miner 3 share client's share computer Miner 3 web server HTTPS connection
Security Analysis Confidentiality is satisfied by: ● Secret sharing ● Public Key Infrastructure (PKI) and direct HTTPS connections. – Client does not have to trust anybody unconditionally – Potential security risk : malicious miners with certificates already trusted by client are still a threat.
Implementation ● Adobe Flex technology – Free, open source framework, – MXML, a XML-based language for layout, – ActionScript 3, an object-oriented language for client logic, – Thin-client, – Run by Adobe Flash Player. ● Recent survey shows that 99.0% of Internet- enabled desktops have Flash Player.
Demo
Conclusion ● First large-scale practical MPC applications are already in use. ● We proposed an architecture with stronger confidentiality guarantees than the ones currently in use. ● We implemented it using Adobe Flex, the most spread web-based software platform.
Questions!? Thank You!
Recommend
More recommend
