Justin Brickell
Donald E. Porter
Emmett Witchel
ABSTRACT
We present an efficient protocol for privacy-preserving evaluation of diagnostic programs, represented as binary decision trees or branching programs. The protocol applies a branching diagnostic program with classification labels in the leaves to the user's attribute vector. The user learns only the label assigned by the program to his vector; the diagnostic program itself remains secret. The program's owner does not learn anything. Our construction is significantly more efficient than those obtained by direct application of generic secure multi-party computation techniques.
We use our protocol to implement a privacy-preserving version of the Clarify system for software fault diagnosis, and demonstrate that its performance is acceptable for many practical scenarios.
- R. Agrawal and R. Srikant. Privacy-preserving data mining. In Proc. ACM SIGMOD International Conference on Management of Data, pages 439--450. ACM, 2000. Google Scholar
Digital Library
- D. Beaver. Foundations of secure interactive computing. In Proc. Advances in Cryptology - CRYPTO 1991, volume 576 of LNCS, pages 377--391. Springer, 1992. Google ScholarDigital Library
- I. Blake and V. Kolesnikov. Strong conditional oblivious transfer and computing on intervals. In Proc. Advances in Cryptology - ASIACRYPT 2004, volume 3329 of LNCS, pages 515--529. Springer, 2004.Google ScholarCross Ref
- A. Blum, C. Dwork, F. McSherry, and K. Nissim. Practical privacy: the SuLQ framework. In Proc. 24th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), pages 128--138. ACM, 2005. Google ScholarDigital Library
- P. Broadwell, M. Harren, and N. Sastry. Scrash: A system for generating secure crash information. In Proc. 12th USENIX Security Symposium, pages 273--284. USENIX, 2003. Google ScholarDigital Library
- J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. In Proc. Advances in Cryptology - CRYPTO 2003, volume 2729 of LNCS, pages 126--144. Springer, 2003.Google ScholarCross Ref
- R. Canetti. Security and composition of multiparty cryptograpic protocols. J. Cryptology, 13(1):143--202, 2000.Google ScholarDigital Library
- R. Canetti, Y. Ishai, R. Kumar, M. Reiter, R. Rubinfeld, and R. Wright. Selective private function evaluation with applications to private statistics. In Proc. 20th ACM Symposium on Principles of Distributed Computing (PODC), pages 293--304. ACM, 2001. Google ScholarDigital Library
- J. Davis, J. Ha, C. Rossbach, H. Ramadan, and E. Witchel. Cost-sensitive decision tree learning for forensic classification. In Proc. 17th European Conference on Machine Learning (ECML), volume 4212 of LNCS, pages 622--629. Springer, 2006. Google ScholarDigital Library
- J. Feigenbaum, Y. Ishai, T. Malkin, K. Nissim, M. Strauss, and R. Wright. Secure multiparty computation of approximations. In Proc. 28th International Colloquium on Automata, Languages and Programming (ICALP), volume 2076 of LNCS, pages 927--938. Springer, 2001. Google ScholarDigital Library
- J. Feigenbaum, B. Pinkas, R. Ryger, and F. Saint-Jean. Secure computation of surveys. In Proc. EU Workshop on Secure Multiparty Protocols, 2004.Google Scholar
- M. Freedman, K. Nissim, and B. Pinkas. Efficient private matching and set intersection. In Proc. Advances in Cryptology - EUROCRYPT 2004, volume 3027 of LNCS, pages 1--19. Springer, 2004.Google ScholarCross Ref
- Gateway. System management services agreement. http://www.gateway.com/about/legal/warranties/20461r10.pdf, 1999.Google Scholar
- E. Goh, L. Kruger, D. Boneh, and S. Jha. Secure function evaluation with ordered binary decision diagrams. In Proc. 13th ACM Conference on Computer and Communications Security (CCS), pages 410--420. ACM, 2006. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography: Volume II (Basic Applications). Cambridge University Press, 2004. Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pages 218--229. ACM, 1987. Google ScholarDigital Library
- J. Ha, C. Rossbach, J. Davis, I. Roy, H. Ramadan, D. Porter, D. Chen, and E. Witchel. Improved error reporting for software that uses black box components. In Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 101--111. ACM, 2007. Google ScholarDigital Library
- Q. Huang, D. Jao, and H. Wang. Applications of secure electronic voting to automated privacy-preserving troubleshooting. In Proc. 12th ACM Conference on Computer and Communications Security (CCS), pages 68--80. ACM, 2005. Google ScholarDigital Library
- Y. Ishai and A. Paskin. Evaluating branching programs on encrypted data. In Proc. 4th Theory of Cryptography Conference (TCC), volume 4392 of LNCS, pages 575--594. Springer, 2007. Google ScholarDigital Library
- S. Jarecki and V. Shmatikov. Efficient two-party secure computation on committed inputs. In Proc. Advances in Cryptology - EUROCRYPT 2007, volume 4515 of LNCS, pages 97--114. Springer, 2007. Google ScholarDigital Library
- J. Kilian. Founding cryptography on oblivious transfer. In Proc. 20th Annual ACM Symposium on Theory of Computing (STOC), pages 20--31. ACM, 1988. Google ScholarDigital Library
- Y. Lindell and B. Pinkas. Privacy preserving data mining. J. Cryptology, 15(3):177--206, 2002.Google ScholarDigital Library
- Y. Lindell and B. Pinkas. A proof of Yao's protocol for secure two-party computation. http://eprint.iacr.org/2004/175, 2004.Google Scholar
- D. Malkhi, N. Nisan, B. Pinkas, and Y. Sella. Fairplay - a secure two-party computation system. In Proc. 13th USENIX Security Symposium, pages 287--302. USENIX, 2004. Google ScholarDigital Library
- G. McGraw and J. Viega. Making your software behave: Security by obscurity. http://www.ibm.com/developerworks/java/library/s-obs.html,2000.Google Scholar
- Microsoft. Privacy statement for the Microsoft error reporting service. http://oca.microsoft.com/en/dcp20.asp,2006.Google Scholar
- Microsoft. Reporting and solving computer problems. http://windowshelp.microsoft.com/Windows/en-US/Help/d97ba15e-9806-4ff3-8ead-71b8d62123fe1033.mspx, 2006.Google Scholar
- Microsoft. How to: Configure microsoft error reporting. http://msdn2.microsoft.com/en-us/library/bb219076.aspx, 2007.Google Scholar
- M. Naor and K. Nissim. Communication preserving protocols for secure function evaluation. In Proc. 33rd ACM Symposium on Theory of Computing (STOC), pages 590--599. ACM, 2001. Google ScholarDigital Library
- M. Naor and B. Pinkas. Efficient oblivious transfer protocols. In Proc. 12th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pages 448--457. SIAM, 2001. Google ScholarDigital Library
- M. Naor, B. Pinkas, and R. Sumner. Privacy preserving auctions and mechanism design. In Proc. 1st ACM Conference on Electronic Commerce, pages 129--139. ACM, 1999. Google ScholarDigital Library
- R. Naraine. Dr. Watson's Longhorn makeover raises eyebrows. http://www.eweek.com/article2/0,1759,1822142,00.asp, 2005.Google Scholar
- Oracle. Oracle sues SAP. http://www.oracle.com/sapsuit/index.html, 2007.Google Scholar
- P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proc. Advances in Cryptology - EUROCRYPT 1999, volume 1592 of LNCS, pages 223--238. Springer, 1999.Google ScholarCross Ref
- M. Rabin. How to exchange secrets by oblivious transfer. Technical Report TR-81, Aiken Computation Laboratory, Harvard University, 1981.Google Scholar
- T. Sander, A. Young, and M. Yung. Non-interactive CryptoComputing for NC1. In Proc. 40th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pages 554--566. IEEE, 1999. Google ScholarDigital Library
- B. Stone. A lively market, legal and not, for software bugs. New York Times, Jan 30 2007.Google Scholar
- H. Wang, Y.-C. Hu, C. Yuan, Z. Zhang, and Y.-M. Wang. Friends troubleshooting network: Towards privacy-preserving, automatic troubleshooting. In 3rd International Workshop on Peer-to-Peer Systems (IPTPS), volume 3279 of LNCS, pages 184--194. Springer, 2004.Google Scholar
- J. Weideman. Automated problem reports. https://wiki.ubuntu.com/AutomatedProblemReports,2006.Google Scholar
- A. Yao. How to generate and exchange secrets. In Proc. 27th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pages 162--167. IEEE, 1986.Google ScholarDigital Library
Index Terms
- Privacy-preserving remote diagnostics
Recommendations
Privacy preserving clustering on horizontally partitioned data
Data mining has been a popular research area for more than a decade due to its vast spectrum of applications. However, the popularity and wide availability of data mining tools also raised concerns about the privacy of individuals. The aim of privacy ...
Collusion-resistant privacy-preserving data mining
KDD '10: Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data miningRecent research in privacy-preserving data mining (PPDM) has become increasingly popular due to the wide application of data mining and the increased concern regarding the protection of private and personal information. Lately, numerous methods of ...
The cost of privacy: destruction of data-mining utility in anonymized data publishing
KDD '08: Proceedings of the 14th ACM SIGKDD international conference on Knowledge discovery and data miningRe-identification is a major privacy threat to public datasets containing individual records. Many privacy protection algorithms rely on generalization and suppression of "quasi-identifier" attributes such as ZIP code and birthdate. Their objective is ...
Comments