ABSTRACT
The emergence of a plethora of wearables and sensing technologies has enabled non-intrusive digitization of our daily physical activities. Emerging applications utilize such data to make inferences about our physiological and health states, provide health diagnosis, and contribute to wellbeing improvements. The common approach for such applications is to collect data, either using mobile applications or special hardware, e.g., wearables, and store them on a third party storage provider. This results in many unconnected data silos of self-quantification data. Researchers and industry, advocate for a common personal storage space, to conquer the myriad of small chunks of data, deemed to be lost/forgotten in the long term. The benefits of such co-located personal data are tremendous, specifically with regards to personalized medicine, treatment, and health care. However, the centralized storage of data exacerbates the privacy and security concerns that the IoT ecosystem is facing today. In this position paper, we advocate the necessity of privacy and security guarantees for the paradigm of co-located storage of personal health data. We envision two core security functionalities: true end-to-end encryption, such that only encrypted data is stored in the cloud and secure sharing of encrypted data, without disclosing data owner's secret keys. We discuss the challenges in adopting such an end-to-end encryption paradigm while preserving the cloud's basic processing functionalities over encrypted data and how to cryptographically enforce access control.
Supplemental Material
- 2016. Ava: Fertility Tracking Bracelet. avawomen.com. (2016).Google Scholar
- 2016. Clue: Period/Ovulation Tracker. helloclue.com. (2016).Google Scholar
- 2016. Empatica. empatica.com. (2016).Google Scholar
- 2016. Femometer: Fertility Tracker. femometer.com. (2016).Google Scholar
- 2016. Keybase. keybase.io. (2016).Google Scholar
- Hassan Jameel Asghar, Luca Melis, Cyril Soldani, Emiliano De Cristofaro, Mohamed Ali Kaafar, and Laurent Mathy. 2016. SplitBox: Toward Efficient Private Network Function Virtualization. In Workshop on HotMiddlebox. Google ScholarCross Ref
- Giuseppe Ateniese, Kevin Fu, Matthew Green, and Susan Hohenberger. 2005. Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. In NDSS.Google Scholar
- Summet Bajaj and Radu Sion. 2011. TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality. In ACM SIGMOD. Google ScholarDigital Library
- Mario Ballano Barcena, Candid Wueest, and Hon Lau. 2014. How safe is your quantified self? Technical Report. Symantec.Google Scholar
- Liliana Barrios and Wilhelm Kleiminger. 2017. The Comfstat ? Automatically Sensing Thermal Comfort for Smart Thermostats. In PerCom.Google Scholar
- Matt Blaze, Gerrit Bleumer, and Martin Strauss. 1998. Divertible Protocols and Atomic Proxy Cryptography. In EUROCRYPT.Google Scholar
- Dan Boneh and Matthew K. Franklin. 2001. Identity-Based Encryption from the Weil Pairing. In CRYPTO. Google ScholarDigital Library
- Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, and David J. Wu. 2013. Private Database Queries Using Somewhat Homomorphic Encryption. In Applied Cryptography and Network Security (ACNS). Google ScholarDigital Library
- Dan Boneh, Kevin Lewi, Hart William Montgomery, and Ananth Raghunathan. 2013. Key Homomorphic PRFs and Their Applications. In CRYPTO.Google Scholar
- Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. 2012. (Leveled) Fully Homomorphic Encryption Without Bootstrapping. In Innovations in Theoretical CS Conference. Google ScholarDigital Library
- Stuart Dredge. 2013. Yes, those Free Health Apps are Sharing your Data with other Companies. Guardian, Online: theguardian.com/technology/appsblog/2013/sep/03/fitness-health-apps-sharing-data-insurance. (2013).Google Scholar
- Deborah Estrin and Ida Sim. 2010. Open mHealth Architecture: an Engine for Health Care Innovation. Science 330, 6005 (2010), 759--760.Google ScholarCross Ref
- Maurizio Garbarino, Matteo Lai, Dan Bender, Rosalind W Picard, and Simone Tognetti. 2014. Empatica E3 - A wearable wireless multi-sensor device for real-time computerized biofeedback and data acquisition. In Mobihealth.Google Scholar
- Craig Gentry. 2009. Fully Homomorphic Encryption Using Ideal Lattices. In ACM Symposium on Theory of Computing (STOC). Google ScholarDigital Library
- Ben Greenstein, Damon McCoy, Jeffrey Pang, Tadayoshi Kohno, Srinivasan Seshan, and David Wetherall. 2008. Improving Wireless Privacy with an Identifier-free Link Layer Protocol. In MobiSys. Google ScholarDigital Library
- Anwar Hithnawi, Hossein Shafagh, and Simon Duquennoy. 2015. TIIM: Technology-Independent Interference Mitigation for Low-power Wireless Networks. In ACM Conference on Information Processing in Sensor Networks (IPSN). Google ScholarDigital Library
- Mohammad Saiful Islam, Mehmet Kuzu, and Murat Kantarcioglu. 2012. Access Pattern Disclosure on Searchable Encryption: Ramification, Attack and Mitigation. In NDSS.Google Scholar
- Sriram Keelveedhi, Mihir Bellare, and Thomas Ristenpart. 2013. DupLESS: Server-Aided Encryption for Deduplicated Storage. In USENIX Security. Google ScholarDigital Library
- David Lazar and Nickolai Zeldovich. 2016. Alpenhorn: Bootstrapping Secure Communication Without Leaking Metadata (USENIX OSDI). Google ScholarDigital Library
- Kevin Lewi and David J Wu. 2016. Order-Revealing Encryption: New Constructions, Applications, and Lower Bounds. In ACM CCS. Google ScholarDigital Library
- Torsten Lodderstedt, Mark McGloin, and Phil Hunt. 2013. OAuth 2.0 Threat Model and Security Considerations. IETF, RFC 6819 (January 2013).Google Scholar
- Adriana López-Alt, Eran Tromer, and Vinod Vaikuntanathan. 2012. On-the-fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption. In ACM STOC. Google ScholarDigital Library
- Muhammad Naveed, Seny Kamara, and Charles V. Wright. 2015. Inference Attacks on Property-Preserving Encrypted Databases. In CCS. Google ScholarDigital Library
- Valeria Nikolaenko, Udi Weinsberg, Stratis Ioannidis, Marc Joye, Dan Boneh, and Nina Taft. 2013. Privacy-Preserving Ridge Regression on Hundreds of Millions of Records. In IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Pascal Paillier. 1999. Public-key Cryptosystems Based on Composite Degree Residuosity Classes.. In EUROCRYPT. Google ScholarDigital Library
- Antonis Papadimitriou, Ranjita Bhagwan, Nishanth Chandran, Ramachandran Ramjee, Andreas Haeberlen, Harmeet Singh, Abhishek Modi, and Saikrishna Badrinarayanan. 2016. Big Data Analytics over Encrypted Datasets with Seabed. In USENIX OSDI. Google ScholarDigital Library
- Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich. 2013. An Ideal-Security Protocol for Order-Preserving Encoding. In IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Raluca Ada Popa, Catherine Redfield, Nickolai Zeldovich, and Hari Balakrishnan. 2011. CryptDB: Protecting Confidentiality with Encrypted Query Processing. In ACM SOSP. Google ScholarDigital Library
- Raluca Ada Popa, Emily Stark, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M. Frans Kaashoek, and Hari Balakrishnan. 2014. Building Web Applications on Top of Encrypted Data Using Mylar. In USENIX NSDI. Google ScholarDigital Library
- Ling Ren, Christopher Fletcher, Albert Kwon, Emil Stefanov, Elaine Shi, Marten van Dijk, and Srinivas Devadas. 2015. Constants Count: Practical Improvements to Oblivious RAM. In USENIX Security. Google ScholarDigital Library
- Tahmineh Sanamrad, Lucas Braun, Donald Kossmann, and Ramarathnam Venkatesan. 2014. Randomly Partitioned Encryption for Cloud Databases. In DBSec. Google ScholarDigital Library
- Hossein Shafagh, Lukas Burkhalter, and Anwar Hithnawi. 2016. Demo Abstract: Talos a Platform for Processing Encrypted IoT Data. In ACM SenSys. Google ScholarDigital Library
- Hossein Shafagh, Anwar Hithnawi, Andreas Dröscher, Simon Duquennoy, and Wen Hu. 2015. Talos: Encrypted Query Processing for the Internet of Things. In ACM SenSys. Google ScholarDigital Library
- Justine Sherry, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy. 2015. Blind-Box: Deep Packet Inspection over Encrypted Traffic. In ACM SIGCOMM. Google ScholarDigital Library
- E. Shi, J. Bethencourt, T.-H.H. Chan, D. Song, and A. Perrig. 2007. MultiDimensional Range Query over Encrypted Data. In IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- Elaine Shi, Richard Chow, T-H. Hubert Chan, Dawn Song, and Eleanor Rieffel. 2011. Privacy-preserving Aggregation of Time-series Data. In NDSS.Google Scholar
- D. X. Song, D. Wagner, and A. Perrig. 2000. Practical Techniques for Searches on Encrypted Data. In IEEE Security and Privacy. Google ScholarDigital Library
- Adam Tanne. 2016. For Sale: Your Medical Records. In Nature. 26--27.Google Scholar
- Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich. 2013. Processing Analytical Queries Over Encrypted Data. In VLDB. Google ScholarDigital Library
- Frank Wang, James Mickens, Nickolai Zeldovich, and Vinod Vaikuntanathan. 2016. Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds. In USENIX NSDI. Google ScholarDigital Library
- Andrew C. Yao. 1982. Protocols for Secure Computations. In Symposium on Foundations of Computer Science. 160--164. Google ScholarDigital Library
Index Terms
- Privacy-preserving Quantified Self: Secure Sharing and Processing of Encrypted Small Data
Recommendations
Privacy-preserving multireceiver ID-based encryption with provable security
Multireceiver identity ID based encryption and ID-based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. ...
Privacy-preserving file sharing on cloud storage with certificateless signcryption
AbstractIn recent years, data generated by Internet of Things (IoT) devices has become increasingly massive. The amount of data stored in the cloud is also enormous and needs to be processed in a timely, efficient, secure, and private manner. ...
Privacy-preserving identity-based broadcast encryption
Broadcast encryption enables a broadcaster to encrypt messages and transmit them to some subset S of authorized users. In identity-based broadcast encryption schemes, a broadcasting sender typically encrypts a message by combining public identities of ...
Comments