Highly distributed and privacy-preserving queries on personal data management systems
Tóm tắt
Personal data management system (PDMS) solutions are flourishing, boosted by smart disclosure initiatives and new regulations. PDMSs allow users to easily store and manage data directly generated by their devices or resulting from their (digital) interactions. Users can then leverage the power of their PDMS to benefit from their personal data, for their own good and in the interest of the community. The PDMS paradigm thus brings exciting perspectives by unlocking novel usages, but also raises security issues. An effective approach, considered in several recent works, is to let the user data distributed on personal platforms, secured locally using hardware and/or software security mechanisms. This paper goes beyond the local security issues and addresses the important question of securely querying this massively distributed personal data. To this end, we propose DISPERS, a fully distributed PDMS peer-to-peer architecture. DISPERS allows users to securely and efficiently share and query their personal data, even in the presence of malicious nodes. We consider three increasingly powerful threat models and derive, for each, a security requirement that must be fulfilled to reach a lower-bound in terms of sensitive data leakage: (1) hidden communications, (2) random dispersion of data and (3) collaborative proofs. These requirements are incremental and, respectively, resist spied, leaking or corrupted nodes. We show that the expected security level can be guaranteed with near certainty and validate experimentally the efficiency of the proposed protocols, allowing for adjustable trade-off between the security level and its cost.
Tài liệu tham khảo
Allard, T., Anciaux, N., Bouganim, L., Guo, Y., et al.: Secure Personal Data Servers: a Vision Paper. PVLDB, 3(1-2), (2010)
Allard, T., Nguyen, B., Pucheral, P.: MET\({}_{\text{A}}\)P: revisiting Privacy-Preserving Data Publishing using secure devices. Distributed and Parallel Databases, 32(2), (2014)
Alvim, M. S., Chatzikokolakis, K., Palamidessi, C., Pazii, A.: Local Differential Privacy on Metric Spaces: Optimizing the Trade-Off with Utility. In IEEE CSF, (2018)
Anciaux, N., Bonnet, P., Bouganim, L., Nguyen, B., et al.: Personal Data Management Systems: The security and functionality standpoint. Information Systems, 80, (2018)
Anciaux, N., Bouganim, L., Pucheral, P., Guo, Y., et al.: MILo-DB: a personal, secure and portable database machine. Distributed and Parallel Databases, 32(1), (2014)
Anciaux, N., Bouganim, L., Pucheral, P., Popa, I. S., et al.: Personal Database Security and Trusted Execution Environments: A Tutorial at the Crossroads. PVLDB, 12(12), (2019)
Aumann, Y., Lindell, Y.: Security against covert adversaries: Efficient protocols for realistic adversaries. J. Cryptol., 23(2), (2010)
Backes, M., Druschel, P., Haeberlen, A., Unruh, D.: CSAR: A Practical and Provable Technique to Make Randomized Systems Accountable. In NDSS, (2009)
Bater, J., Elliott, G., Eggen, C., Goel, S., et al.: SMCQL: Secure Query Processing for Private Data Networks. PVLDB, 10(6), (2017)
Bellet, A., Guerraoui, R., Taziki, M., Tommasi, M.: Personalized and Private Peer-to-Peer Machine Learning. In AISTATS, (2018)
Blond, S. L., Manils, P., Abdelberi, C., Kâafar, M. A., et al.: One bad apple spoils the bunch: Exploiting P2P applications to trace and profile tor users. In USENIX LEET, (2011)
Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., et al.: Practical Secure Aggregation for Privacy-Preserving Machine Learning. In ACM CCS, (2017)
Carpentier, R., Popa, I. S., Anciaux, N.: Reducing data leakage on personal data management systems. In IEEE EuroS &P, (2021)
Carpentier, R., Thiant, F., Sandu Popa, I., Anciaux, N., et al.: An Extensive and Secure Personal Data Management System using SGX. In EDBT, (2022)
Castro, M., Druschel, P., Ganesh, A., Rowstron, A., et al.: Secure routing for structured peer-to-peer overlay networks. ACM SIGOPS Operating Systems Review, 36(SI), (2002)
Castro, M., Liskov, B.: Practical Byzantine Fault Tolerance. In OSDI, (1999)
Cormode, G., Kulkarni, T., Srivastava, D.: Answering Range Queries Under Local Differential Privacy. PVLDB, 12(10), (2019)
Corrigan-Gibbs, H., Boneh, D.: Prio: Private, robust, and scalable computation of aggregate statistics. In NSDI, (2017)
Cozy Cloud. A smart personal cloud to gather all your data. (see https://cozy.io/en), (2021)
De Montjoye, Y.-A., Shmueli, E., Wang, S. S., Pentland, A. S.: OpenPDS: Protecting the privacy of metadata through safeanswers. PloS one, 9(7), (2014)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In USENIX SSYM, (2004)
Douceur, J.: The Sybil attack. In Int, Workshop on Peer-to-Peer Systems (2002)
European Commission. Proposal for a regulation on european data governance (data governance act), com/2020/767. [eur-lex], 25 (October 2020). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020PC0767
European Parliament. General Data Protection Regulation. (see https://gdpr-info.eu/), (2018)
Faruki, P., Bharmal, A., Laxmi, V., Ganmoor, V., et al.: Android security: A survey of issues, malware penetration, and defenses. IEEE Communications Surveys Tutorials, 17(2), (2015)
Gulati, M., Smith, M. J., Yu, S.-Y.: Security enclave processor for a system on a chip, (2014). US Patent 8,832,465
Gupta, P., Li, Y., Mehrotra, S., Panwar, N., et al.: Obscure: Information-Theoretic Oblivious and Verifiable Aggregation Queries. volume 12, (2019)
Hayek, R., Raschia, G., Valduriez, P., Mouaddib, N.: Summary management in P2P systems. In EDBT, (2008)
Heiser, G., Elphinstone, K.: L4 Microkernels: The Lessons from 20 Years of Research and Deployment. ACM Trans. Comput. Syst., 34(1), (2016)
Hoeffding, W.: Probability Inequalities for Sums of Bounded Random Variables. Journal of the American Statistical Association, 58(301), (1963)
Joung, Y., Yang, L., Fang, C.: Keyword search in DHT-based peer-to-peer networks. IEEE Journal on Selected Areas in Communications, 25(1), (2007)
Kermarrec, A., Taïani, F.: Want to scale in centralized systems? Think P2P. J. Internet Services and Applications, 6(1), (2015)
Ladjel, R., Anciaux, N., Pucheral, P., Scerri, G.: A Manifest-Based Framework for Organizing the Management of Personal Data at the Edge of the Network. In ISD, (2019)
Ladjel, R., Anciaux, N., Pucheral, P., Scerri, G.: Trustworthy Distributed Computations on Personal Data Using Trusted Execution Environments. In TrustCom, (2019)
Lallali, S., Anciaux, N., Popa, I. S., Pucheral, P.: Supporting secure keyword search in the personal cloud. Information Systems, 72, (2017)
Lamport, L., Shostak, R., Pease, M.: The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst., 4(3), (1982)
Lee, S., Wong, E. L., Goel, D., Dahlin, M., et al.: \(\pi \)box: A platform for privacy-preserving apps. In NSDI, (2013)
Loudet, J.: Distributed and Privacy-Preserving Personal Queries on Personal Clouds. PhD thesis, Versailles University, (2019)
Loudet, J., Popa, I. S., Bouganim, L.: DISPERS: Securing Highly Distributed Queries on Personal Data Management Systems. PVLDB, 12(12), (2019)
Loudet, J., Popa, I. S., Bouganim, L.: SEP2P: Secure and Efficient P2P Personal Data Processing. In EDBT, (2019)
Maiyya, S., Zakhary, V., Amiri, M. J., Agrawal, D., et al.: Database and Distributed Computing Foundations of Blockchains. In SIGMOD, (2019)
Maymounkov, P., Mazieres, D.: Kademlia: A peer-to-peer information system based on the xor metric. In Int, Workshop on Peer-to-Peer Systems (2002)
Menezes, A., van Oorschot, P. C., Vanstone, S. A.: Handbook of Applied Cryptography. (1996)
Merkle, R. C.: A Digital Signature Based on a Conventional Encryption Function. In CRYPTO, volume 293, (1987)
Mirval, J., Bouganim, L., Popa, I. S.: Practical fully-decentralized secure aggregation for personal data management systems. In SSDBM, (2021)
MyData Global. Empowering individuals by improving their right to self-determination regarding their personal data. (see https://mydata.org), (2020)
Nanni, M., Andrienko, G. L., Barabási, A., Boldrini, C., et al.: Give more data, awareness and control to individual citizens, and they will help COVID-19 containment. Trans. Data Priv., 13(1), (2020)
Nextcloud. The self-hosted productivity platform that keeps you in contro. (see https://nextcloud.com), (2021)
Nilsson, A., Bideh, P. N., Brorsson, J.: A survey of published attacks on intel SGX. CoRR. (2020). arXiv:abs/2006.13598
Nithyanand, R., Starov, O., Gill, P., Zair, A., et al.: Measuring and mitigating as-level adversaries against tor. In NDSS, (2016)
Özsu, M. T., Valduriez, P.: Principles of Distributed Database Systems, 4th Edition. Springer, (2020)
Pinto, S., Santos, N.: Demystifying Arm TrustZone: A Comprehensive Survey. ACM Comput. Surv., 51(6), (2019)
Popa, I. S., That, D. H. T., Zeitouni, K., Borcea, C.: Mobile participatory sensing with strong privacy guarantees using secure probes. GeoInformatica, 25(3), (2021)
Popa, R. A., Blumberg, A. J., Balakrishnan, H., Li, F. H.: Privacy and accountability for location-based aggregate statistics. In CCS, (2011)
Priebe, C., Vaswani, K., Costa, M.: EnclaveDB: A Secure Database Using SGX. In IEEE S &P, (2018)
Rabin, M. O.: Efficient Dispersal of Information for Security, Load Balancing, and Fault Tolerance. J. ACM, 36(2), (1989)
Ratnasamy, S., Francis, P., Handley, M., Karp, R. M., et al.: A scalable content-addressable network. In ACM SIGCOMM, (2001)
Reed, M. G., Syverson, P. F., Goldschlag, D. M.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications, 16(4), (1998)
Reynolds, P., Vahdat, A.: Efficient peer-to-peer keyword searching. In Middleware, (2003)
Sabt, M., Achemlal, M., Bouabdallah, A.: Trusted Execution Environment: What It is, and What It is Not. In TrustCom/BigDataSE/ISPA (1), (2015)
Saleh, E., Alsa’deh, A., Kayed, A., Meinel, C.: Processing over encrypted data: between theory and practice. ACM SIGMOD Record, 45(3), (2016)
Secure Data Hub. Output Confidentiality Rules. (see https://www.casd.eu/wp/wp-content/uploads/Output_Confidentiality_Rules.pdf), (2021)
Shamir, A.: How to Share a Secret. Commun. ACM, 22(11), (1979)
Skobeltsyn, G., Luu, T., Zarko, I. P., Rajman, M., et al.: Web text retrieval with a P2P query-driven index. In SIGIR, (2007)
Solid. All of your data, under your control. (see https://solidproject.org/), (2021)
Stoica, I., Morris, R., Karger, D., Kaashoek, M. F., et al.: Chord: A scalable peer-to-peer lookup service for internet applications. ACM SIGCOMM, 31(4), (2001)
Tang, C., Dwarkadas, S.: Hybrid global-local indexing for efficient peer-to-peer information retrieval. In NSDI, (2004)
Tang, C., Xu, Z., Dwarkadas, S.: Peer-to-peer information retrieval using self-organizing semantic overlay networks. In ACM SIGCOMM, (2003)
To, Q., Nguyen, B., Pucheral, P.: Private and Scalable Execution of SQL Aggregates on a Secure Decentralized Architecture. ACM Trans. Database Syst., 41(3), (2016)
Tomàs, J. C., Amann, B., Travers, N., Vodislav, D.: RoSeS: a continuous query processor for large-scale RSS filtering and aggregation. In ACM CIKM, (2011)
Unnikrishnan, J., Naini, F. M.: De-anonymizing private data by matching statistics. In IEEE Allerton, (2013)
Urdaneta, G., Pierre, G., Steen, M. V.: A survey of DHT security techniques. ACM Computing Surveys (CSUR), 43(2), (2011)
Volgushev, N., Schwarzkopf, M., Getchell, B., Varia, M., et al.: Conclave: Secure multi-party computation on big data. In EuroSys, (2019)
Wang, Q., Borisov, N.: Octopus: A Secure and Anonymous DHT Lookup. In ICDCS, (2012)
Yang, Y., Dunlap, R., Rexroad, M., Cooper, B. F.: Performance of full text search in structured and unstructured peer-to-peer systems. In INFOCOM, (2006)
Zhang, Z., Wang, T., Li, N., He, S., et al.: CALM: Consistent Adaptive Local Marginal for Marginal Release under Local Differential Privacy. In ACM CCS, (2018)
Zheng, K., Mou, W., Wang, L.: Collect at Once, Use Effectively: Making Non-interactive Locally Private Learning Possible. In ICML, volume 70, (2017)
Have i been pwned. Check if you have an account that has been compromised. (web link at https://haveibeenpwned.com/lastly). Accessed July 2022