privacy preserving personal information management
play

Privacy-Preserving Personal Information Management Mohamed Layouni - PowerPoint PPT Presentation

Mar 08, 2023 •25 likes •325 views

Introduction ASPIR Multi-Authorizer ASPIR Conclusion Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 1 / 25 Introduction ASPIR Multi-Authorizer ASPIR

  1. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 1 / 25

  2. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Main Focus of this Work Designing protocols that are : Secure Privacy-preserving User-centric 2 / 25

  3. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Main Contributions of this Thesis (1/2) Studied/Surveyed Privacy-Preserving Credentials Compared the most complete/elaborate ones Proposed an extension to the Camenisch-Lysyanskaya credential system ∗ Proposed two privacy-preserving protocols for controlling access to remotely-stored DB records , where access is performed according to policies defined by the owners of those records . 3 / 25

  4. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Main Contributions of this Thesis (2/2) Proposed protocols to solve real-world problems using privacy-preserving credentials: Prescription-handling for the Belgian Healthcare System ∗ (e.g., protecting patients’ privacy from administrative entities involved in the processing of insurance claims) Tele-monitoring of patients’ health outside Hospital (Protocol for collecting patients’ health measurements in a user-centric and privacy-preserving way) 4 / 25

  5. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Presentation Outline Introduction 1 Accredited Symmetrically Private 2 Information Retrieval (ASPIR) Multi-Authorizer ASPIR 3 Conclusion 4 5 / 25

  6. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Settings and Parties Involved Data Subject 1 Database Server Receiver Data Subject 2 ... ... ID3 DB[ID3] ... ... Data Subject 3 ... ID2 DB[ID2] Data Subject 4 ID4 DB[ID4] ... ... ID1 DB[ID1] ... ... Data Subject N Figure: Setting of the ASPIR Protocol 6 / 25

  7. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Requirements Privacy for Receiver: DB Server should not be able to compute the index of the retrieved record (and hence the ID of data-subject) Privacy for DB Server: For each query, the Receiver can compute information only on one record (defined in the query), and nothing about the other records in DB. Privacy for Data Subject: DB records cannot be retrieved without authorization It should be intractable for a quorum of players to forge an authorization for a record that none of them owns. DB Server should be able to verify the validity of an authorization presented by the Receiver, without learning the identity of the Data-Subject who issued it. 7 / 25

  8. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) 8 / 25

  9. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) 9 / 25

  10. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Symmetrically Private Information Retrieval (SPIR) Receiver DB Server DB[1] Interested i in record i DB[i] ... DB[n] Figure: A Simple Database Query 10 / 25

  11. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Symmetrically Private Information Retrieval (SPIR) Receiver DB Server DB[1] Q=Query(Secret−Key,i) Interested in record i Response R ... DB[i]:=Recover(Secret−Key,i,R) DB[n] Figure: Symmetrically Private Information Retrieval 11 / 25

  12. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) Similar to an Oblivious Transfer ∗ scheme, Higher efficiency, but Weaker security. 12 / 25

  13. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Solution combines two main building blocks : Privacy-Preserving Credential System (Brands’00) Symmetrically Private Information Retrieval System (Lipmaa’05) Similar to an Oblivious Transfer ∗ scheme, Higher efficiency, but Weaker security. 13 / 25

  14. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Privacy-Preserving Credentials Show Cred A1,..,An Prove Pred(A1,...,An) Issuer User Verifier Cred Provide Service Deposit Verifiers Showing Transcript Figure: Privacy-Preserving Credentials Issuing, Showing, and Depositing 14 / 25

  15. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Building Blocks Privacy-Preserving Credentials Properties of Privacy-Preserving Credentials Selective disclosure (in the sense of Zero Knowledge) Soundness (no false claims) Untraceability (showings unlinkable to user’s identity) Unlinkability (between showings) . . . Constructions from the Literature Camenisch and Lysyanskaya (IBM’s IDEMIX ) Brands (Microsoft’s U-Prove ) 15 / 25

  16. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Solution Overview Database Server Data Subject i Receiver ... ... Q:=Query(i,Rec−Public−Key) ID3 DB[ID3] Auth = SPK{ (i,j) : Cred.ID = j ^ ... Inv(Q) = i ^ i = j } (RecID, Policy...) ... Q + Auth Q + Auth + RecID + Policy ID2 DB[ID2] ID4 DB[ID4] Check Auth, RecID, ... if Policy is satisfied ... SPIR−Process Q ID1 DB[ID1] Response R ... ... DB[i]:=Recover(Rec−Secret−Key,R) Figure: Accredited SPIR Protocol: High-Level Overview 16 / 25

  17. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Overview Multi-Authorizer ASPIR is : A new approach to constructing ASPIR schemes (also 1 useful for single-Authorizer ASPIR) An extension of ASPIR to a setting where: 2 A DB record belongs to multiple owners simultaneously Receiver can recover a DB record only if he: Complies with privacy policy defined by record owners. Has authorizations from: — All owners of target record, — Any subset of owners of size larger than a threshold , — Certain subsets of owners (general access structure) 17 / 25

  18. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Settings and Parties Involved Data Subject 1 Database Server Receiver Data Subject 2 ... ... {ID2,ID3,ID4} DB[ID ] 2,3,4 ... ... Data Subject 3 ... {ID1,ID2,ID3} DB[ID ] 1,2,3 ... Data Subject 4 ... ... ... {ID1,ID3,ID4} DB[ID ] 1,3,4 ... ... Data Subject N Figure: Setting of the Multi-Authorizer ASPIR Protocol 18 / 25

  19. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Requirements Privacy for Receiver: DB Server cannot compute the index of the retrieved record (and hence the IDs of its owners) Privacy for DB Server: For each query, the Receiver learns information only on one record (defined in the query), and nothing about the other records in DB. Privacy for Data Subject: DB records cannot be recovered without the necessary authorizations It should be intractable for a quorum of players to forge an authorization for a record that none of them owns. 19 / 25

  20. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Solution Overview Multi-Authorizer ASPIR is a completely new construction : We use different building blocks : Pairing-based signatures instead of Credentials. (Security relies on Bilinear Diffie-Hellman assumption). We use SPIR schemes in a black-box fashion ; Construction works with any SPIR scheme, not only Lipmaa’s SPIR scheme as in ASPIR. The new scheme is more efficient than previous ASPIR. 20 / 25

  21. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Solution Overview Auth i = F (s,RecID,Policy) i Auth 1 Database Server Receiver ... ... = U Auth 1,2,3 Auth i {ID2,ID3,ID4} DB[ID ] 2,3,4 i ... ... Data Subject 1 s = index(ID ) {ID1,ID2,ID3} DB[ID ] 1,2,3 1,2,3 ... ... ... Q = Query SPIR (s) ... Auth 2 {ID1,ID3,ID4} DB[ID ] 1,3,4 ... Q,RecID,Policy ... Data Subject 2 If Policy satisfied Response R SPIR−process Q Auth DKey = F(Auth 1,2,3 , R) 3 DB[ID ] = Recover(DKey, R) 1,2,3 Data Subject 3 Figure: Multi-Authorizer ASPIR Protocol (Basic Construction) 21 / 25

  22. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Further Extensions The proposed protocols have the following extra functionalities: Receiver can retrieve multiple records belonging to a tuple of data-subjects (2 Constructions) Idea 1: Change the way the SPIR query is processed (Technique similar to the one used in the General and Threshold Access Structure variants) Idea 2: Two Databases : one for Keys, one for Ciphertexts. Retrieve key with MASPIR, and use it to decrypt all records of owners’ tuple being considered. 22 / 25

  23. Introduction ASPIR Multi-Authorizer ASPIR Conclusion Summary: Proposed two privacy-preserving protocols for controlling 1 access to remotely-stored DB records , where access is performed according to policies defined by the owners of those records . Proposed Privacy-Preserving eHealth protocols (e.g., 2 Prescription-handling for the Belgian Healthcare System) Surveyed the State of the Art in Privacy-Preserving 3 Credential Systems , and provided a Comparison of the most elaborate/complete ones. 23 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tools for Preserving Your Personal and Intellectual Privacy Wendy Stephens Jacksonville State

Tools for Preserving Your Personal and Intellectual Privacy Wendy Stephens Jacksonville State

Tools for Preserving Your Personal and Intellectual Privacy Wendy Stephens Jacksonville State University Thursday, July 20, 1:15 2:15pm Eastern A project of the University of Michigan School of Information, U-M Library, and U-M School of

683 views • 39 slides
Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy

Tips and Tricks to enhancing transparency in personal information management Victorian Privacy Network Meeting 10 April 2019 Presentation by Melanie Casley www.salingerprivacy.com.au The cause of so much confusion Back to Basics Privacy

388 views • 19 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu,

Privacy-Preserving Indexing for eHealth Information Networks Yuzhe Tang, Ting Wang, Ling Liu, Shicong Meng, and Balaji Palanisamy College of Computing, Georgia Institute of Technology Talk Overview Motivation Content Privacy issues in

963 views • 33 slides
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management

KTH ROYAL INSTITUTE OF TECHNOLOGY Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure Mohammad Khodaei Networked Systems Security Group (NSS) November 1, 2016 July 2, 2018

1.03k views • 38 slides
DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

212 views • 17 slides
Privacy-Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu Advisor: Dawn

Privacy-Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu Advisor: Dawn

Privacy-Preserving Distributed Information Sharing Lea Kissner leak@cs.cmu.edu Advisor: Dawn Song dawnsong@cmu.edu Why Share? Many applications require mutually distrustful parties to share information Many examples in two major

783 views • 39 slides
There is a lot of personal information. There are lots of inappropriate photos. Your privacy

There is a lot of personal information. There are lots of inappropriate photos. Your privacy

There is a lot of personal information. There are lots of inappropriate photos. Your privacy settings are weak. There are people you dont know. Its safe, private and secure. Only post photos you want everyone to see. Keep your personal

481 views • 6 slides
Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation. Obfuscation-Based Location Privacy. Location information is sensitive.

521 views • 20 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

3/27/2015 Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program Considerations August 14, 2014 Presentation by: Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 Todays Privacy &

475 views • 24 slides
Privacy Preserving Record Linkage Linkage Elizabeth Ashley Durham Health Information Privacy

Privacy Preserving Record Linkage Linkage Elizabeth Ashley Durham Health Information Privacy

11/25/2010 Privacy Preserving Record Linkage Linkage Elizabeth Ashley Durham Health Information Privacy Lab Department of Biomedical Informatics Department of Biomedical Informatics Vanderbilt University Wednesday, 24 November, 2010 1 Record

766 views • 30 slides
L'Anonymisation des donnes du DMP Etat des lieux du Privacy Preserving Data Publishing

L'Anonymisation des donnes du DMP Etat des lieux du Privacy Preserving Data Publishing

Partage et Secret de l'Information de Sant Nancy 15/10/10 L'Anonymisation des donnes du DMP Etat des lieux du Privacy Preserving Data Publishing T. Allard & B.Nguyen Institut National de Recherches en Informatique et

497 views • 35 slides
PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner

PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner

PRIVACY BILL CHANGES: WHATS NEW? WHAT STAYS THE SAME? John Edwards Privacy Commissioner WHERE WE ARE PRIVACY ACT 1993 Principle 1 - 4: Collection of personal information Principle 5: Storage and security of personal information Principle

276 views • 13 slides
Reference Generators Part II Chapter 4 from Gray and Meyers book Chapter 11 from

Reference Generators Part II Chapter 4 from Gray and Meyers book Chapter 11 from

2 Reference Generators Part II Chapter 4 from Gray and Meyers book Chapter 11 from Razavis book IIT-Bombay Lecture 36 M. Shojaei Baghini 3 Slides

318 views • 7 slides
Nanoscale III-V CMOS J. A. del Alamo Microsystems Technology Laboratories Massachusetts

Nanoscale III-V CMOS J. A. del Alamo Microsystems Technology Laboratories Massachusetts

Nanoscale III-V CMOS J. A. del Alamo Microsystems Technology Laboratories Massachusetts Institute of Technology Compound Semiconductor Week 2016 Toyama, Japan; June 26-30, 2016 Acknowledgements: Students and collaborators: D. Antoniadis,

914 views • 37 slides
A latchup topology to investigate novel particle detectors Alessandro Gabrielli a , Mauro Lolli a

A latchup topology to investigate novel particle detectors Alessandro Gabrielli a , Mauro Lolli a

A latchup topology to investigate novel particle detectors Alessandro Gabrielli a , Mauro Lolli a , Giulio Villani b , Danilo Demarchi c , Antonio Ranieri d a I.N.F.N. and Physics Department University of Bologna b STFC Rutherford Appleton

593 views • 21 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
Fabio Sebastiano Electronic interfaces for quantum processors the challenges A scalable

Fabio Sebastiano Electronic interfaces for quantum processors the challenges A scalable

Fabio Sebastiano Electronic interfaces for quantum processors the challenges A scalable quantum computer ADC MUX ADC N-qubit Digital Quantum control Processor DAC Challenges DEMUX Performance DAC Power Cryogenic T

215 views • 10 slides
Outline Paper presentation Ultra-Portable Devices Log-Likelihood Algebra Paper:

Outline Paper presentation Ultra-Portable Devices Log-Likelihood Algebra Paper:

Outline Paper presentation Ultra-Portable Devices Log-Likelihood Algebra Paper: Principles for the analog decoding design Factor graphs J. Hagenauer, E. Offer, C. Measson, M. Mrz. Building blocks for analog decoder

386 views • 6 slides
A gender perspective Isabel Ruiz Carlos Vargas-Silva Today In this study Refugees in

A gender perspective Isabel Ruiz Carlos Vargas-Silva Today In this study Refugees in

The impact of hosting refugees on the intra- household allocation of tasks: A gender perspective Isabel Ruiz Carlos Vargas-Silva Today In this study Refugees in Tanzania Gender impacts Data and methodology Results

799 views • 53 slides
Probabilistic Pronunciation + N-gram Models CMSC 35100 Natural Language Processing April 15,

Probabilistic Pronunciation + N-gram Models CMSC 35100 Natural Language Processing April 15,

Probabilistic Pronunciation + N-gram Models CMSC 35100 Natural Language Processing April 15, 2003 The ASR Pronunciation Problem Given a series of phones, what is the most probable word? Simplification: Assume phone sequence known, word

311 views • 14 slides

More recommend