1 Privacy-Preserving Distributed Information Sharing Nan Zhang and Wei Zhao Texas A&M University, USA.

1

Privacy-Preserving Distributed Information Sharing

Nan Zhang and Wei Zhao

Texas A&M University, USA

2

Outline

• Motivation

• Dealing with malicious adversaries

• Existing and new protocols

• Conclusion

3

Information Sharing between Autonomous Entities

Problem definition

Knowledge

4

Example

• Supplier– Product list

• Consumer– Shopping list

Secret Weapon I

Secret Weapon V

Dream Machine

Cancer Medicine

Perpetual Machine

…

Secret Weapon I

Secret Weapon II

Secret Weapon III

Secret Weapon IV

Secret Weapon V

…

Secret Weapon I

Secret Weapon V

…

ContractSECRETSECRETSECRETSECRET

5

Privacy Concern

[www.privacy.org, 2002]

• Privacy lawsCountries with enacted or pending omnibus privacy laws

HIPAA

Health Insurance Portability and Accountability Act

6

Privacy-Preserving Information Sharing

• Sharing information across private databases without violating each party’s privacy.

7

Objectives

• To ensure accuracy of information sharing results

• To guarantee privacy of each party

How do we measure accuracy and privacy?

8

Measurement of Accuracy

• Traditional measure of accuracy1, if all parties obtain correct information sharing results

0, otherwise

• We measure accuracy by the expected value of traditional measure– Probability that all parties obtain correct

information sharing results

fails

la1–la accomplishes0 1

9

Measurement of Privacy Disclosure

• Traditional measure in Cryptography0, if no privacy disclosure

1, otherwise

• Our measure in information sharing– Percentage of private

information compromised

undisclosed

lp1–lp disclosed

0 1

10

Baseline Architecture

• With trusted third party

• Without trusted third party

TTP

11

Local ProcessingModule

Database

System Architecture

INTERNET

12

Local ProcessingModule

DatabaseINTERN

ET

External Attacks

Defense against these attacks can occur by using traditional system security measures

13

Local ProcessingModule

DatabaseINTERN

ET

Internal AttacksInternal party as adversary

14

INTERNET

Semi-honest AdversariesPrivate informationof the other party

• Properly follow the protocol• Record intermediate computation and communication• Passive attack

• Properly follow the protocol• Record intermediate computation and communication• Passive attack

15

Protocols Against Semi-honest Adversaries

• Almost all existing protocols

• Can be efficient

• Unrealistic assumption: semi-honest

16

INTERNET

Malicious AdversariesPrivate informationof the other party

• Can do whatever it wants• May revise local processing module and/or alter inputs• Active attack

• Can do whatever it wants• May revise local processing module and/or alter inputs• Active attack

17

Protocols Against Malicious Adversaries

• A few protocols exist, with sporadic restrictions

• Inefficient

18

A Dilemma

Semi-honest Malicious

UNREALISTIC

UNREALISTIC

TOO DIFFICULT

TOO DIFFICULT

19

Our Goal: Defend Against Malicious Adversaries

Effectively and EfficientlyBut how?

20

Our Approach IGeneralization of privacy & accuracy measures

• Continuous accuracy measure

• Continuous privacy measure

undisclosed

lp1–lp disclosed

RECALL

fails

la1–la accomplishes

RECALL

21

Our Approach IIClassification of malicious adversaries

Behavior

Priority

22

Outline

• Motivation

• Dealing with malicious adversaries

• Existing and new protocols

• Conclusion

23

Classification of Adversaries

• Priority of Adversary– To obtain the privacy of other parties– To accomplish information sharing

24

Consumer needs Secret Weapon IVPRIVACY

BREACHPRIVACY

BREACH

Secret Weapon I

Secret Weapon V

Dream Machine

Cancer Medicine

Perpetual Machine

…

Adversaries that Care About Information Sharing

• Supplier– Product list

• Consumer– Shopping list

Secret Weapon IV

Secret Weapon I

Secret Weapon V

… Secret Weapon IV

Secret Weapon I

Secret Weapon II

Secret Weapon III

Secret Weapon IV

Secret Weapon V

…

25

Secret Weapon I

Secret Weapon II

Secret Weapon III

Secret Weapon IV

Secret Weapon V

…

Secret Weapon I

Secret Weapon V

Dream Machine

Cancer Medicine

Perpetual Machine

…

Adversaries that Care About Information Sharing

• Supplier– Product list

• Consumer– Shopping list

Secret Weapon IV

Secret Weapon I

Secret Weapon V

… Secret Weapon IV

Secret Weapon I

Secret Weapon V

… Secret Weapon IV

An adversary may be penalized if some parties cannot obtain the accurate information sharing results.

26

Priority of AdversaryP

rior

ity

of a

dver

sary

Information sharing as the first priority

Privacy intrusion as the first priority

27

Measure of Adversary’s Priority

• Priority is measured by , such that the goal of the adversary is to maximize

u = (1 – )la + lp.

la : {0,1}, probability that all parties obtain correct information sharing results

lp : [0,1], percentage of other parties’ private information that is compromised by the adversary.

28

Classification of Malicious Adversaries by Their Priority

Pri

orit

y of

adv

ersa

ry

Weakly malicious

Strongly malicious

Honest = 0

0 < < 1/2

1/2 1

u = (1 – )la + lp

Information sharing as the first priority

Privacy intrusion as the first priority

29

Adversary Space

Behavior

Priority

Semi-honest

Weakly Malicious

Strongly Malicious

30

Outline

• Problem definition

• Dealing with malicious adversaries

• Existing and new protocols

• Conclusion

31

Protocol DEDouble Encryption

• Existing Protocol [R. Agrawal et. al, 2003]

• For intersection of two datasets

• Basic idea:

aa

BA AB

32

Protocol DE

Bob

• Input: Datasets A, B. Output: A B.

Alice

A:8 B:10

AAA AABAAB AAA

AABAAA

ABAB

AB

AABAAAAABAAB

SameorderSameorder

33

Protocol TPSTrust Party with the Smallest Dataset

• Our New Protocol I

• Basic Idea:

Size: 8 Size: 10

TRUSTTRUST

34

Assumptions

• The distribution of the number of data points of each party is known by all parties

• For the sake of simplicity, we assume that both parties have the same distribution

35

Bob

Protocol TPS

• Input: Datasets A, B. Output: A B.

8Alice

A:8

10

10 8

B:10

10 8

AAA AABAAB AAA

AABAAA

ABAB

AB

AABAAAAABAAB

36

Protocol RPLReject Parties with the Too Large Dataset

• Our New Protocol II

• Basic Idea:

Reject parties whosedatasets are larger thana threshold set by thehonest parties

37

Protocol RPL

Bob

• Input: Datasets A, B. Output: A B.

Alice

A:8 B:10

10 8

AAA AAB

AAB

AAAAAAAABAAB

AAAB

ABAB

AB

AAA

AAAAAA AABAAB

Is 10 too large?Is 10 too large? Is 8 too large?Is 8 too large?

38

Performance: Efficiency

DE

4|V0|

TPS RPL

3|V0|

2|V0|

Lower bound tobe secure againstsemi-honestadversaries

Lower bound tobe secure againstweakly maliciousadversaries

Com

mun

icat

ion

Ove

rhea

d

39

Performance: Defense Against Weakly Malicious Adversaries

Protocol DE

Protocol RPL

Protocol TPS

DE

100

80

60

40

20

0TPS RPL

l a(s

A,

s D0)

(%)

102

100

80

60

40

20

0

|V|

l p(s

A,

s D0)

(%)

102.3 102.6 102.9 103.2 103.5

Privacy Disclosure

AccuracyPercentage of datacompromised bythe adversary

Percentage of datacompromised bythe adversary

Probability that allparties obtain accurateinformation sharing results

Probability that allparties obtain accurateinformation sharing results

40

Defense Against Strongly Malicious Adversaries

Performance Evaluation

Protocol DEProtocol TPSProtocol RPL when = 10Protocol RPL when = 2Protocol RPL when 1

102

100

80

60

40

20

0

|V|

l p(s

A,

s D0)

(%)

102.3 102.6 102.9 103.2 103.5

Privacy Disclosure

DE

100

80

60

40

20

0TPS RPL

l a(s

A,

s D0)

(%)

AccuracySystem parameterPenalty / Benefit onPrivacy intrusion attack

System parameterPenalty / Benefit onPrivacy intrusion attack

41

Outline

• Problem definition

• Dealing with malicious adversaries

• Existing and new protocols

• Conclusion

42

Final Remarks

• Simple and efficient protocols exist if we– Adopt the continuous measure of privacy

disclosure– Constrain the adversary goal to be weakly

malicious

• Future work– Additional set operation protocols– Multiple correlated attacks

43

Q&A

Thank you

44

Backup Slides

45

Weakly and Strongly MaliciousP

rior

ity

of a

dver

sary

Weakly malicious

Strongly malicious

Honest = 0

0 < < 1/2

1/2 1

u = (1 – )la + lp

Information sharing as first priority

Privacy intrusion as first priority

If successful intrusion failed information sharingthen the adversary will not perform the intrusionIf successful intrusion failed information sharingthen the adversary will not perform the intrusion

46

Adversary Classification

Adversaries

Semi-honest Malicious

Weakly Malicious Strongly Malicious√

47

• Goal of adversary: Maximize

u = (1 – )la + lp .

• Weakly malicious means < 1/2.

• The optimal strategy for weakly malicious adversaries (sA) is to alter its dataset by

V1′s.t. V1 V1′

Defense Against Weakly Malicious Adversaries

Methodology

RECALL

RECALL

If successful intrusion failed information sharingthen the adversary will not perform the intrusionIf successful intrusion failed information sharingthen the adversary will not perform the intrusion

48

Basic Idea of Defense Against Weakly Malicious Adversaries

• Give them a dilemma

Weakly Malicious

If successful intrusion failed information sharingthen the adversary will not perform the intrusionIf successful intrusion failed information sharingthen the adversary will not perform the intrusion

No intrusionSuccessful Information SharingNo intrusionSuccessful Information Sharing

IntrusionFailed Information SharingIntrusionFailed Information Sharing

?

RECALLRECALL

49

Defense AgainstStrongly Malicious Adversaries

• We have to sacrifice some honest parties.– Because we cannot distinguish them from

strongly malicious adversaries.Alice

Eve

… Justin

Alice

Eve

… Justin

Strongly Malicious Honest

?

50

• When an honest party takes the strategy (sD

0) to strictly follow the protocol, there is

lp (sA, sD0) Pr{vV0 | vV}/|V|

Privacy Disclosure w/Weakly Malicious Adversaries

51

Defense Against Strongly Malicious Adversaries

Methodology

• Nash Equilibrium– A pair of attack strategy and defensive strategy

{sA, sD} such that

– Thus, we can consider {sA, sD} as the set of strategies taken by rational parties

Whoever moves from the strategy pays the penaltyWhoever moves from the strategy pays the penalty

52

Strategies

Honest

Low privacy, high accuracy

Low accuracy, high privacy

Strongly MaliciousHigh risk, high payoff

Low risk, low payoff

Large V1′

Small V1′

Large tolerable V1′

low tolerable V1′

53

Communication Overhead

• Lower bound to be secure against semi-honest adversaries

(V0’+V1’) log(|V|)• Lower bound to be secure against weakly

malicious adversaries

2(V0’+V1’) log(|V|)• Protocol A:

(V0’+V1’+min(V0’+V1’)) log(|V|)