Abstract
Mobile devices, such as smart phones, have recently become the typical computing platforms for many users. Consequently, in practice more and more multi-party computation systems are deployed on users’ mobile devices, resulting in various applications such as mobile outsourcing computing and mobile cooperative computing. However, as the mobile platforms may have inherent flaws, the connection of mobile devices and multi-party computation systems usually arouse new security risks. We point out that an application in one party’s mobile device can be a powerful privileged attacker to the multi-party computation system. Previous studies have mainly focused on avoiding the privacy leaks of one or several malicious parties or eavesdroppers on the Internet. This paper presents a privacy enhancing scheme for a kind of secure multi-party computation systems. The scheme can resist the privileged attackers from the party’s mobile device. Our scheme transforms the original computation process and puts the critical calculation process into trusted execution environment. We provide three components to build a privacy-enhanced multi-party computation system with our scheme. Our scheme is implemented to an actual secure multi-party computation system to demonstrate its validity and acceptable performance overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science, SFCS’08, pp. 160–164. IEEE (1982)
Aggarwal, C.C., Philip, S.Y.: A general survey of privacy-preserving data mining models and algorithms. In: Aggarwal, C.C., Yu, P.S. (eds.) Privacy-Preserving Data Mining, pp. 11–52. Springer, Boston (2008). https://doi.org/10.1007/978-0-387-70992-5_2
Kamm, L.: Privacy-preserving statistical analysis using secure multi-party computation. Ph.D. dissertation (2015)
Botta, A., De Donato, W., Persico, V., Pescapé, A.: Integration of cloud computing and internet of things: a survey. Future Gener. Comput. Syst. 56, 684–700 (2016)
Dinh, H.T., Lee, C., Niyato, D., Wang, P.: A survey of mobile cloud computing: architecture, applications, and approaches. Wirel. Commun. Mob. Comput. 13(18), 1587–1611 (2013)
Seibel, J., LaFlamme, K., Koschara, F., Schumak, R., Debate, J.: Trusted execution environment, US Patent Application 15/007,547, 27 2017 July
Cao, N., Wang, C., Li, M., Ren, K., Lou, W.: Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Trans. Parallel Distrib. Syst. 25(1), 222–233 (2014)
Machiry, A., et al.: Boomerang: exploiting the semantic gap in trusted execution environments. In: Proceedings of the 2017 Network and Distributed System Security Symposium (NDSS) (2017)
Winter, J.: Trusted computing building blocks for embedded Linux-based arm Trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 21–30. ACM (2008)
Rosenberg, D.: Qsee trustzone kernel integer over flow vulnerability. In: Black Hat Conference, p. 26 (2014)
Goldreich, O.: Secure multi-party computation. Manuscript. Preliminary version, vol. 78 (1998)
Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: Proceedings of the 2001 Workshop on New Security Paradigms, NSPW 2001, pp. 13–22. ACM, New York (2001). http://doi.acm.org/10.1145/508171.508174
Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: Proceedings of the Tenth Annual ACM Symposium on Principles of Distributed Computing, PODC 1991, pp. 51–59. ACM, New York (1991). http://doi.acm.org/10.1145/112600.112605
Li, H., Sun, L., Zhu, H., Lu, X., Cheng, X.: Achieving privacy preservation in WiFi fingerprint-based localization. In: 2014 Proceedings IEEE INFOCOM, pp. 2337–2345. IEEE (2014)
Zhou, C.V., Leckie, C., Karunasekera, S.: A survey of coordinated attacks and collaborative intrusion detection. Comput. Secur. 29(1), 124–140 (2010)
Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03549-4_20
Hirt, M., Maurer, U.: Player simulation and general adversary structures in perfect multiparty computation. J. Cryptol. 13(1), 31–60 (2000). https://doi.org/10.1007/s001459910003
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_30
Wißfeld, M.: ArtHook: Callee-side method hook injection on the new android runtime art. Ph.D. dissertation, Saarland University (2015)
Gouveia, J.M.E.P.: Fault injectionin android applications. Master’s thesis, Universidade do Porto (2018). https://repositorio-aberto.up.pt/bitstream/10216/114158/2/277710.pdf
Rastogi, V., Chen, Y., Jiang, X.: Catch me if you can: evaluating android anti-malware against transformation attacks. IEEE Trans. Inf. Forensics Secur. 9(1), 99–108 (2014)
Coogan, K., Lu, G., Debray, S.: Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 275–284. ACM, New York (2011). http://doi.acm.org/10.1145/2046707.2046739
Gupta, R., Halambi, S.A., Rimoni, Y.: Secure behavior analysis over trusted execution environment, US Patent 9,756,066, 5 September 2017
Covey, C.R., Harvey, R.B., Redman, M.D., Tkacik, T.E.: Computing device with entry authentication into trusted execution environment and method therefor, US Patent 8,117,642, 14 February 2012
Jang, J.S., Kong, S., Kim, M., Kim, D., Kang, B.B.: SeCReT: secure channel between rich execution environment and trusted execution environment. In: NDSS (2015)
Tremlet, C.: Embedded secure element for authentication, storage and transaction within a mobile terminal, US Patent 9,436,940, 6 September 2016
Roland, M.: Applying recent secure element relay attack scenarios to the real world: Google wallet relay attack, arXiv preprint arXiv:1209.0875 (2012)
Mellqvist, A.: Portable electronic devices, systems, methods and computer program products for accessing remote secure elements, US Patent Application 12/487,045, 17 June 2010
Little, M., Ko, C.: Detecting coordinated attacks in tactical wireless networks using cooperative signature-based detectors. In: IEEE Military Communications Conference, MILCOM 2005, pp. 176–182. IEEE (2005)
OpenAFS. Improving password and authentication security (2000). http://docs.openafs.org/AdminGuide/HDRWQ515.html
Apple. iOS security iOS 12 (2018). https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf
Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)
Eastlake 3rd, D., Jones, P.: US Secure Hash Algorithm 1 (SHA1). Technical report (2001)
N.-F. Standard: Announcing the advanced encryption standard (AES). Federal Information Processing Standards Publication, vol. 197, pp. 1–51 (2001)
Cohen, W.W.: Enron email dataset, May 2015. http://www.cs.cmu.edu/~./enron/
Acknowledgement
The authors would like to thank the anonymous reviewers. This work is supported by National Key R&D Program of China (No. 2017YFB0802404), and partially supported by the National Natural Science Foundation of China (No. 61802396).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yang, X., Lv, N., Chen, T., Ma, C., Liu, L. (2020). A Privacy Enhancing Scheme for Mobile Devices Based Secure Multi-party Computation System. In: Liu, Z., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2019. Lecture Notes in Computer Science(), vol 12020. Springer, Cham. https://doi.org/10.1007/978-3-030-42921-8_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-42921-8_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42920-1
Online ISBN: 978-3-030-42921-8
eBook Packages: Computer ScienceComputer Science (R0)