privacy as a service
play

Privacy as a Service Raymond Cheng Build practical cloud services - PowerPoint PPT Presentation

Oct 29, 2023 •516 likes •1.56k views

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

  1. Security Goal: Indistinguishability Any two access sequences from a client look indistinguishable to the adversary Randomness Randomness Randomness Randomness Randomness Randomness Randomness Randomness Randomness Randomness Randomness Randomness 57

  2. Talek Goals Security Goal: Indistinguishability Any two access sequences from a client look indistinguishable to the adversary Systems Goals: • Mobile-friendly: 1 message per request/response • Efficient: Thousands of online users sending a message every 5 seconds • General Purpose: messaging and newsfeeds • Low latency: ~5-10s 58

  3. Limitations Country W Country X Country Y Country Z ● Any unavailable cloud will prevent access ● Host in widely used cloud providers 59

  4. Anytrust Threat Model Country W Country X Country Y Country Z ● Application configured with >1 independent clouds ● Clouds logging everything about users At least 1 non-colluding 60

  5. Talek Threat Model Trusted groups Anytrust: At least 1 non-colluding Mutually distrusting users 61

  6. Private Information Retrieval (PIR) (Chor,1998) B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 Read bucket 2 Client q’=[0,0,1,0,0] 62

  7. Private Information Retrieval (PIR) B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 q0=[1,1,1,0,1] q1=[1,0,1,0,0] Random Random Read bucket 2 Client q’=[0,0,1,0,0] 63

  8. Private Information Retrieval (PIR) B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 q0=[1,1,1,0,1] q1=[1,0,1,0,0] q2=[0,1,1,0,1] =q’ ⊕ q0 ⊕ q1 Read bucket 2 Client q’=[0,0,1,0,0] 64

  9. Private Information Retrieval (PIR) B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 q0=[1,1,1,0,1] q1=[1,0,1,0,0] q2=[0,1,1,0,1] =q’ ⊕ q0 ⊕ q1 B0 ⊕ B1 ⊕ B2 ⊕ B4 B0 ⊕ B2 B1 ⊕ B2 ⊕ B4 Client 65

  10. Private Information Retrieval (PIR) B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 B0 B1 B2 B3 B4 q0=[1,1,1,0,1] q1=[1,0,1,0,0] q2=[0,1,1,0,1] =q’ ⊕ q0 ⊕ q1 B0 ⊕ B1 ⊕ B2 ⊕ B4 B0 ⊕ B2 B1 ⊕ B2 ⊕ B4 B0 ⊕ B1 ⊕ B2 ⊕ B4 ⊕ B0 ⊕ B2 ⊕ B1 ⊕ B2 ⊕ B4 Client = B2 66

  11. PIR Limitations ● Expensive: Read requires scan of database ● Equal-sized buckets ● Consistent snapshots across all servers ● Read-only 67

  12. Client Indistinguishability PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR PIR 68

  13. Talek Overview Write Read write queue read queue subscribe() publish() libtalek Client 69 Application

  14. Talek Overview Oblivious logging enables servers to operate Write Read on noise, while delivering pub/sub functionality write queue read queue subscribe() publish() libtalek Client 70 Application

  15. Oblivious Logging 1. How do we bound the cost of a PIR operation? 2. How do publishers write in a way that looks random? 3. How do subscribers find messages on the server? 4. How do we deal with write conflicts? 5. How do we keep all servers consistent? 71

  16. Fixed Size Server-side State n n n Write Read write queue read queue subscribe() publish() libtalek Client 72 Application

  17. Fixed Size Server-side State n n n 1. PIR Cost Write Read Bound the cost of a PIR by configuring the size of the database write queue read queue subscribe() publish() libtalek Client 73 Application

  18. Oblivious Logging Write(bucket, encryptedMsg) n 1. Remove oldest message 2. Insert message at specified bucket 74

  19. Oblivious Logging Write(bucket, encryptedMsg) n 1. Remove oldest message 2. Insert message at specified bucket 2. Random writes Write encrypted messages to random buckets 75

  20. Topics and Log Trails Write(bucket, encryptedMsg) 3 4 Topic Handle: n { topicId: uint128, encKey: byte[] seed: uint128 2 } Log Trail: 1 PRF(seed, seqNo) mod n 76

  21. Topics and Log Trails Write(bucket, encryptedMsg) 3 4 Topic Handle: n { 3. Zero Coordination topicId: uint128, Publishers and subscribers use secret topic encKey: byte[] seed: uint128 handles to coordinate 2 } Log Trail: 1 PRF(seed, seqNo) mod n 77

  22. Indistinguishable Writes { topicId: uint128, encKey: byte[], seed: uint128 } Write bucket payload Dummy PRF(idleSeed, i | 1) mod b Enc(idleKey, PRF(idle, i | 2)) Legitimate PRF(seed, seqNo) mod b Enc(encKey, message) 78

  23. Handling Conflicts 3 Write(bucket, encryptedMsg) 4 n 2 1 79

  24. Cuckoo Hashing Write(bucket1,bucket2,encryptedMsg) n 80

  25. Cuckoo Evictions Write(bucket1,bucket2,encryptedMsg) n Eviction 81

  26. Cuckoo Hashing 4 Write(bucket1,bucket2,encryptedMsg) 3 Topic Handle: { 4 topicId: uint128, 1 2n encKey: byte[] seed1: uint128 2 seed2: uint128 } 2 Log Trail: PRF(seed1, seqNo) mod n 1 3 PRF(seed2, seqNo) mod n 82

  27. Blocked Cuckoo Table 3 4 2 { topicId: uint128, encKey: byte[] 1 5 seed1: uint128, seed2: uint128 4 } b 3 PRF(seed1, seqNo) mod b 2 5 PRF(seed2, seqNo) mod b 1 d 83

  28. Blocked Cuckoo Table 3 4 2 { topicId: uint128, encKey: byte[] 1 5 seed1: uint128, seed2: uint128 4 } b 3 4. Dense data structures Blocked cuckoo hashing handles writes conflicts with high density PRF(seed1, seqNo) mod b 2 5 PRF(seed2, seqNo) mod b 1 d 84

  29. Consistency Follower Leader Follower Writes globally Read requests ordered encrypted write queue read queue subscribe() publish() libtalek Client 85 Application

  30. Consistency Follower Leader Follower 4. Leaders enforce consistency Writes globally Read requests Timestamp ordering achieves sequential ordered encrypted consistency write queue read queue subscribe() publish() libtalek Client 86 Application

  31. Indistinguishable Writes { topicId: uint128, seed1: uint128, seed2: uint128, encKey: byte[] } Write bucket1 bucket2 payload Dummy PRF(idle, i | 1) mod b PRF(idle, i | 2) mod b Enc(idle, PRF(idle, i | 3)) Legitimate PRF(seed1, seqNo) mod b PRF(seed2, seqNo) mod b Enc(encKey, message) 87

  32. Indistinguishable Reads { topicId: uint128, seed1: uint128, seed2: uint128, encKey: byte[] } Read server0 server1 server2 Dummy Enc(serverKey0, pirVector) Enc(serverKey1, pirVector) Enc(serverKey2, pirVector) Legitimate Enc(serverKey0, pirVector) Enc(serverKey1, pirVector) Enc(serverKey2, pirVector) 88

  33. Scheduling Reads Follower Leader Follower Topic 1 write queue read queue Topic 2 Topic 3 subscribe() publish() libtalek Client 89 Application

  34. Private Notifications Follower Leader Follower GetUpdates() returns Global Interest Vector: Privately which messages readable on the server Topic 1 write queue read queue Topic 2 Topic 3 subscribe() publish() libtalek Client 90 Application

  35. Talek Overview Follower Leader Follower Write GetUpdates Read Topic 1 write queue read queue Topic 2 Topic 3 subscribe() publish() libtalek Client 91 Application

  36. Experiment Setup AWS EC2 Write every 5 sec Read every 5 sec Thousands of Clients write queue read queue subscribe() publish() libtalek 92 Messaging

  37. Comparison to Previous Work 93

  38. Comparison to Previous Work Pung (OSDI 2016): - Stronger threat model - Uses computational PIR 94

  39. Comparison to Previous Work Riposte (Oakland 2015): - Same threat model - Anonymous writes by “PIR in reverse” 95

  40. Scaling Clients 96

  41. https://github.com/privacylab/talek 97

  42. Future Work: Scale Private Cloud Services Scale out architectures 98

  43. Future Work: Support Diverse Functionality Oblivious Cloud Services Machine Storage Pub/Sub Analytics Search Learning Scale out architectures 99

  44. Future Work: Application Integration Oblivious Cloud Services Machine Storage Pub/Sub Analytics Search Learning Scale out architectures Application Integration 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service Automotive Industry Privacy Principles Nov. 12, 2014 Auto Alliance and Global Automakers come together to create a set of privacy principles

419 views • 20 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
What to check when subscribing to online services a privacy perspective. Does the service

What to check when subscribing to online services a privacy perspective. Does the service

What to check when subscribing to online services a privacy perspective. Does the service provider have a clearly expressed and up to date privacy policy available on their website? The service provider should have a clearly expressed and

827 views • 3 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
ePPI: Locator Service in Information Networks with Personalized Privacy Preservation Yuzhe Tang,

ePPI: Locator Service in Information Networks with Personalized Privacy Preservation Yuzhe Tang,

ePPI: Locator Service in Information Networks with Personalized Privacy Preservation Yuzhe Tang, Ling Liu, Arun Iyengar, Kisung Lee and Qi Zhang 1 Outline Background ePPI: Personalized privacy preservation Practical ePPI

516 views • 29 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are

Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are

Streaming Multimedia Applications Multimedia Networking Multimedia Applications? What are they? An application that deals with one of more of the following data types: Text Images Audio Video Most common scenario

742 views • 62 slides
Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM

Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM

Name-Based Replica/on Priori/es in Disaster Cases IEEE INFOCOM Name-Oriented Mobility (NOM) Workshop April 28, 2014 I. Psaras, L. Saino, M.

186 views • 14 slides
Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor?

Tor: a quick overview Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity software and network Open source, freely available Community of researchers, developers, users, and relay operators 2

660 views • 50 slides
Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds

Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds

Group- Group -per per- -Region Allocation Region Allocation Region Bounds Region Bounds An entity has to change its target An entity has to change its target Partition the world into regions Partition the world into regions

72 views • 4 slides
IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF

IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF

IRTF Overview Allison Mankin EDU at IETF99 Note Well All of IRTF is Meeting This Week (IETF 99)! Crypto Forum (CFRG) Proposed PANRG Global Access to the Internet for All Network Coding Research Group (GAIA) (NWCRG) Human

506 views • 29 slides
Analyzing "Global Access to the Internet for All" Projects Sascha Rushing Chair for

Analyzing "Global Access to the Internet for All" Projects Sascha Rushing Chair for

Analyzing "Global Access to the Internet for All" Projects Sascha Rushing Chair for Network Architectures and Services Department for Computer Science Technische Universitt Mnchen January 14, 2016 Technische Universitt Mnchen

577 views • 26 slides
Agenda Tennessee Community-Engagement Research Alliance Against COVID-19 ( TN CEAL) Member

Agenda Tennessee Community-Engagement Research Alliance Against COVID-19 ( TN CEAL) Member

Tennessee Health Disparities Task Force Agenda Tennessee Community-Engagement Research Alliance Against COVID-19 ( TN CEAL) Member Comments/Announcements Office of Health Disparities Elimination October 22, 2020

488 views • 16 slides
CTSA Program Steering Committee Monday, July 9, 2018 2:30 4:00 ET Agenda 2:30 Welcome

CTSA Program Steering Committee Monday, July 9, 2018 2:30 4:00 ET Agenda 2:30 Welcome

CTSA Program Steering Committee Monday, July 9, 2018 2:30 4:00 ET Agenda 2:30 Welcome Christopher Austin 2:30 2:40 Directors Update Christopher Austin Mike Kurilla 2:40 3:30 Review Action Items List All DCI and Cancer

369 views • 19 slides

More recommend