security and privacy in big data, blessing or...
TRANSCRIPT
1 Challenge the future
Security and Privacy in Big Data, Blessing or Curse? 2nd National Cryptography Days
9-11 April 2015
Dr. Zeki Erkin
Cyber Security Section Department of Intelligent Systems
Delft University of Technology
2 Challenge the future
About me…
BSc and MSc @ITU, Istanbul, 2002, 2005
PhD @TU Delft, 2010 PostDoc @ TU Delft, 2010-2014 Assist. Prof. @ TU Delft, Cyber Security Group
FET Signal Processing in the Encrypted Domain STW Kindred Spirits Dutch/COMMIT Trusted Healthcare and Extreme Wireless Sensor Networks 3TU Big Software on the Run
Secure Signal Processing, Privacy Enhancing Technologies MPC, Homomorphic Encryption
PCs, TCs: JoPETS, PETs, IEEE TIFS, WIFS, ICIP, ICASSP
Bochum, Aarhus, UC Irvine, IBM Zurich
3 Challenge the future
Outline
• Security and Privacy in Big data • Motivation
• Secure Signal Processing • Face Recognition • Recommender Systems
• Research Challenges and Opportunities
4 Challenge the future
Privacy concerns… Data…data… and more data
5 Challenge the future
Problem statement
• Sensitive Data • Commercially valuable algorithm
1. Service provider trustworthy • Bankruptcy, lost-theft of data, insiders
2. Service provider untrustworthy • Malicious acts, selling-transfer of data to the 3rd parties
• Cloud computing: outsourcing computation and storage • Where, when, by whom? Laws? Privacy? Espionage?
Can we protect privacy while processing data without hampering services?
6 Challenge the future
Players
• Government • Regulation, legalization, protecting privacy, providing security
and safety (critical infrastructures), creating new business fields • Citizens
• Demanding security and privacy. Economical benefits, job opportunities
• Business • Increasing profit, reducing costs, reaching out to more
customers, new business ideas • Academia
• Solutions for societal problems
7 Challenge the future
Secure Data Processing computational privacy
• Privacy Enhancing Technologies • Privacy by Design • Applied cryptography
• Homomorphic encryption • Garbled circuits • Secret sharing • MPC techniques
• Do not reveal sensitive data in plaintext!
8 Challenge the future
Face Recognition
Database
Alice Bob
Is he a criminal?
Yes, ID/No
Processing
9 Challenge the future
with Privacy
Database
Alice Bob
Is he a criminal?
[Yes], [ID]/[No]
Processing
• Z. Erkin, M. Franz, J. Guajardo, S. Katzenbeisser, R. L. Lagendijk and T. Toft, Privacy- Preserving Face Recognition, 9th International Symposium on Privacy Enhancing Technologies, LNCS 5672, pp. 235-253, August 2009.
10 Challenge the future
Eigenface Algorithm
11 Challenge the future
Secure Face Recognition
12 Challenge the future
Homomorphic Encryption
• A number of schemes preserve structure after encryption.
Additive Homomorphism (Paillier ‘99)
13 Challenge the future
Projection in the encrypted domain
Input image
Alice Bob (sk) (pk)
Feature vectors in a database
Encrypted pixel values
Apply projection and obtain the feature vector of the
input image.
14 Challenge the future
Euclidean Distance
Secure Multiplication Protocol!
Homomorphism
Alice Bob (sk) (pk)
Fy = (f(y,1), f(y,2), . . . , f(y,K))
15 Challenge the future
Secure Multiplication Protocol
Alice Bob
16 Challenge the future
Finding the minimum
Alice Bob (sk) (pk)
[D2(Fx
, Fy
)], [D2(Fx
, Fw
)], . . . , [D2(Fx
, Fz
)]
Find the minimum squared distance!
But…
[D2(F
x
, Fw
)] = gD2(F
x
,F
w
)rn2 mod n2
= 956814894149....123484987163
[D2(F
x
, Fy
)] = gD2(F
x
,F
y
)rn1 mod n2
= 154894318447855....4848948974897
17 Challenge the future
Finding the Minimum: Concept
18 Challenge the future
Interactive Game Alice Bob
19 Challenge the future
Comparison
[ei] = [1] · [ci] · [ri]�1 ·`�1Y
j=i+1
[cj ] · [rj ] · [cj ]�2rj
20 Challenge the future
Secure Face Recognition
21 Challenge the future
Performance
• Implemented in 2009 • Integer arithmetic • 400 images (112x92) • 18 seconds
• Implementation in 2009 (hybrid approach) • Garbled circuits • 1000 images • 13 seconds
22 Challenge the future
Recommender Systems
• Problem: Privacy • likes/dislikes: identification and tracking • medical data cannot be stored and processed
• Solution: Privacy Enhancing Technologies
23 Challenge the future
Ideal System
24 Challenge the future
3-Party Setting
• Erkin, Z., Veugen, T., Toft, T., Lagendijk, R.: Generating Private Recommendations Efficiently Using Homomorphic Encryption and Data Packing. IEEE Transactions on Information Forensics and Security 7 (06/2012 2012) 1053–1066
• Beye, M., Erkin, Z., Lagendijk, R.: Efficient privacy preserving K-means clustering in a three-party setting. In: Information Forensics and Security (WIFS), 2011 IEEE International Workshop on. (29 2011-dec. 2 2011) 1–6
• Canny, J.: Collaborative filtering with privacy. In Proceedings IEEE Symposium on Security and Privacy, IEEE (2002) 45–57
25 Challenge the future
Dynamic Execution Problem
• Kononchuk, D., Z. Erkin, J. C. A. van der Lubbe, and R. L. Lagendijk, "Privacy-Preserving User Data Oriented Services For Groups With Dynamic Participation", ESORICS, Egham, UK, 09/2013.
26 Challenge the future
Case Study: Ahold
320M visitors in NL per year
This is BIG DATA
E(ID)||Data
Profiles
Suggestions
27 Challenge the future
Curse or Blessing
• Curse • Awareness - society • Legalization - governments • Limitations - industry
• Blessing • Research questions! • Privacy by design wins!
28 Challenge the future
Research Challenges
• Efficiency • Run-time, bandwidth, storage
• Security model • Semi-honest, covert, malicious
• Cryptographic tools • FHE, SHE, HE, GC, SS (additive, strong ramp) • MPC techniques
• Application setting • 2-party, 3-party, N-party • Static and Dynamic
• Application domain • Cloud computing
• Confidentiality(privacy), integrity (computation and storage) • Smart grids
• Billing, data aggregation, verification, prediction • Automotive, social networks, supply chains • Data mining (finance), data fusion, real time, data mitigation etc
29 Challenge the future
Opportunities
• Multi-disciplinary • Cryptography, signal processing, pattern recognition, machine
learning, social sciences: social-technical solutions (H2020)
• Wide application domain • Biometrics, smart grids, cloud computing, finance, defence..etc
• H2020 • Digital societies: Trust, Privacy • ICT calls
Thank you for your attention!