Filters








261 Hits in 1.2 sec

Secure Range Queries for Multiple Users [article]

Anselme Tueno, Florian Kerschbaum
2018 arXiv   pre-print
s [34] and by Kerschbaum and Schröpfer [20] to a three-party protocol.  ...  To tackle this problem Kerschbaum and Schröpfer proposed in [20] another ideal secure, but significantly more efficient, OPE scheme.  ... 
arXiv:1802.01138v1 fatcat:6q4ne2tocbcofciozavmnbxjca

Non-Interactive Private Decision Tree Evaluation [article]

Anselme Tueno, Yordan Boev, Florian Kerschbaum
2019 arXiv   pre-print
Decision trees are a powerful prediction model with many applications in statistics, data mining, and machine learning. In some settings, the model and the data to be classified may contain sensitive information belonging to different parties. In this paper, we, therefore, address the problem of privately evaluating a decision tree on private data. This scenario consists of a server holding a private decision tree model and a client interested in classifying its private attribute vector using
more » ... bute vector using the server's private model. The goal of the computation is to obtain the classification while preserving the privacy of both - the decision tree and the client input. After the computation, the classification result is revealed only to the client, and nothing else is revealed neither to the client nor to the server. Existing privacy-preserving protocols that address this problem use or combine different generic secure multiparty computation approaches resulting in several interactions between the client and the server. Our goal is to design and implement a novel client-server protocol that delegates the complete tree evaluation to the server while preserving privacy and reducing the overhead. The idea is to use fully (somewhat) homomorphic encryption and evaluate the tree on ciphertexts encrypted under the client's public key. However, since current somewhat homomorphic encryption schemes have high overhead, we combine efficient data representations with different algorithmic optimizations to keep the computational overhead and the communication cost low. As a result, we are able to provide the first non-interactive protocol, that allows the client to delegate the evaluation to the server by sending an encrypted input and receiving only the encryption of the result. Our scheme has only one round and can evaluate a complete tree of depth 10 within seconds.
arXiv:1909.08362v1 fatcat:qkk3s4qzmnfavawqcsml4gkvsq

Privacy-Preserving Computation [chapter]

Florian Kerschbaum
2014 Lecture Notes in Computer Science  
Private data is commonly revealed to the party performing the computation on it. This poses a problem, particularly when outsourcing storage and computation, e.g., to the cloud. In this paper we present a review of security mechanisms and a research agenda for privacypreserving computation. We begin by reviewing current application scenarios where computation faces privacy requirements. We then review existing cryptographic techniques for privacy-preserving computation. And last, we outline
more » ... ast, we outline research problems that need to be solved for implementing privacy-preserving computations. Once addressed, privacy-preserving computations can quickly become a reality enhancing the privacy protection of citizens.
doi:10.1007/978-3-642-54069-1_3 fatcat:sbvog74h2va6xibazies2hh3ca

Inference Control for Privacy-Preserving Genome Matching [article]

Florian Kerschbaum, Martin Beck, Dagmar Schönfeld
2014 arXiv   pre-print
Privacy is of the utmost importance in genomic matching. Therefore a number of privacy-preserving protocols have been presented using secure computation. Nevertheless, none of these protocols prevents inferences from the result. Goodrich has shown that this resulting information is sufficient for an effective attack on genome databases. In this paper we present an approach that can detect and mitigate such an attack on encrypted messages while still preserving the privacy of both parties. Note
more » ... both parties. Note that randomization, e.g.~using differential privacy, will almost certainly destroy the utility of the matching result. We combine two known cryptographic primitives -- secure computation of the edit distance and fuzzy commitments -- in order to prevent submission of similar genome sequences. Particularly, we contribute an efficient zero-knowledge proof that the same input has been used in both primitives. We show that using our approach it is feasible to preserve privacy in genome matching and also detect and mitigate Goodrich's attack.
arXiv:1405.0205v1 fatcat:zbwvkj7dw5edrfoqwfy5iohmwa

Efficient Oblivious Database Joins [article]

Simeon Krastnikov, Florian Kerschbaum, Douglas Stebila
2020 arXiv   pre-print
A major algorithmic challenge in designing applications intended for secure remote execution is ensuring that they are oblivious to their inputs, in the sense that their memory access patterns do not leak sensitive information to the server. This problem is particularly relevant to cloud databases that wish to allow queries over the client's encrypted data. One of the major obstacles to such a goal is the join operator, which is non-trivial to implement obliviously without resorting to generic
more » ... sorting to generic but inefficient solutions like Oblivious RAM (ORAM). We present an oblivious algorithm for equi-joins which (up to a logarithmic factor) matches the optimal O(nlog n) complexity of the standard non-secure sort-merge join (on inputs producing O(n) outputs). We do not use use expensive primitives like ORAM or rely on unrealistic hardware or security assumptions. Our approach, which is based on sorting networks and novel provably-oblivious constructions, is conceptually simple, easily verifiable, and very efficient in practice. Its data-independent algorithmic structure makes it secure in various different settings for remote computation, even in those that are known to be vulnerable to certain side-channel attacks (such as Intel SGX) or with strict requirements for low circuit complexity (like secure multiparty computation). We confirm that our approach is easily realizable through a compact prototype implementation which matches our expectations for performance and is shown, both formally and empirically, to possess the desired security characteristics.
arXiv:2003.09481v1 fatcat:gc5ctx34tzgqdc4v6piatg5bn4

An Efficiently Searchable Encrypted Data Structure for Range Queries [article]

Florian Kerschbaum, Anselme Tueno
2017 arXiv   pre-print
[54] and frequencyhiding order-preserving encryption by Kerschbaum [37] .  ...  Schröpfer and Kerschbaum improve the performance of this model in [38] .  ... 
arXiv:1709.09314v1 fatcat:ncia54rkybe5dcfptropsaq5oi

Editors' Introduction

Aaron Johnson, Florian Kerschbaum
2021 Proceedings on Privacy Enhancing Technologies  
Hahn, University of Twente -Florian Schaub, University of Michigan -Florian Tramer, Stanford University -Frederik Armknecht, University of Mannheim -Gennie Gebhart, Electronic Frontier Foundation -Gergely  ...  Kerschbaum Co-Editors-in-Chief of PoPETs Volume 2021 and Program Co-Chairs of PETS 2021 and Economics -Ghassan Karame, NEC Laboratories -Giovanni Cherubin, Turing Institute -Igor Bilogrevic, Google  ... 
doi:10.2478/popets-2021-0034 dblp:journals/popets/JohnsonK21b fatcat:yzhdmfrcgnf57gyt3n4gps4x3e

Editors' Introduction

Aaron Johnson, Florian Kerschbaum
2021 Proceedings on Privacy Enhancing Technologies  
Kerschbaum Co-Editors-in-Chief of PoPETs Volume 2021 and Program Co-Chairs of PETS 2021 Program Committee / Editorial Board: -Ruba Abu-Salma, ICSI/UC Berkeley -Yasemin Acar, Max Planck Institute for  ...  Electronic Frontier Foundation -Neil Gong, Duke University -Sergey Gorbunov, University of Waterloo -Adam Groce, Reed College -Thomas Gross, Newcastle University -Paul Grubbs, University of Michigan -Florian  ... 
doi:10.2478/popets-2021-0057 fatcat:tgkviq4tpnbo5nkmcqt3ezksve

Parallelizing secure linear programming

Rafael Deitos, Florian Kerschbaum
2009 Concurrency and Computation  
KERSCHBAUM † www.freebsd.org/ Copyright c 2009 John Wiley & Sons, Ltd. Concurrency Computat.: Pract.  ... 
doi:10.1002/cpe.1424 fatcat:xaf2wzc2vngc7jzbhx5xir3khe

Editors' Introduction

Aaron Johnson, Florian Kerschbaum
2021 Proceedings on Privacy Enhancing Technologies  
Kerschbaum Co-Editors-in-Chief of PoPETs Volume 2021 and Program Co-Chairs of PETS 2021 -Zinaida Benenson, University of Erlangen- Nuremberg -Igor Bilogrevic, Google -Matt Blaze, Georgetown University  ...  Census Bureau -Gennie Gebhart, Electronic Frontier Foundation -Neil Gong, Duke University -Sergey Gorbunov, University of Waterloo -Adam Groce, Reed College -Thomas Gross, Newcastle University -Florian  ... 
doi:10.2478/popets-2021-0001 fatcat:xia7bzeadzf35peokseu4t437e

Computation on Encrypted Data using Data Flow Authentication [article]

Andreas Fischer, Benny Fuhry, Florian Kerschbaum, Eric Bodden
2017 arXiv   pre-print
Encrypting data before sending it to the cloud protects it against hackers and malicious insiders, but requires the cloud to compute on encrypted data. Trusted (hardware) modules, e.g., secure enclaves like Intel's SGX, can very efficiently run entire programs in encrypted memory. However, it already has been demonstrated that software vulnerabilities give an attacker ample opportunity to insert arbitrary code into the program. This code can then modify the data flow of the program and leak any
more » ... rogram and leak any secret in the program to an observer in the cloud via SGX side-channels. Since any larger program is rife with software vulnerabilities, it is not a good idea to outsource entire programs to an SGX enclave. A secure alternative with a small trusted code base would be fully homomorphic encryption (FHE) -- the holy grail of encrypted computation. However, due to its high computational complexity it is unlikely to be adopted in the near future. As a result researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet, current approaches fail on programs that make control-flow decisions based on encrypted data. In this paper, we introduce the concept of data flow authentication (DFAuth). DFAuth prevents an adversary from arbitrarily deviating from the data flow of a program. Hence, an attacker cannot perform an attack as outlined before on SGX. This enables that all programs, even those including operations on control-flow decision variables, can be computed on encrypted data. We implemented DFAuth using a novel authenticated homomorphic encryption scheme, a Java bytecode-to-bytecode compiler producing fully executable programs, and SGX enclaves. A transformed neural network that performs machine learning on sensitive medical data can be evaluated on encrypted inputs and encrypted weights in 0.86 seconds.
arXiv:1710.00390v1 fatcat:cc5ug3talrcp3h5zhnwv3tt63q

Generalization Techniques Empirically Outperform Differential Privacy against Membership Inference [article]

Jiaxiang Liu, Simon Oya, Florian Kerschbaum
2021 arXiv   pre-print
Differentially private training algorithms provide protection against one of the most popular attacks in machine learning: the membership inference attack. However, these privacy algorithms incur a loss of the model's classification accuracy, therefore creating a privacy-utility trade-off. The amount of noise that differential privacy requires to provide strong theoretical protection guarantees in deep learning typically renders the models unusable, but authors have observed that even lower
more » ... that even lower noise levels provide acceptable empirical protection against existing membership inference attacks. In this work, we look for alternatives to differential privacy towards empirically protecting against membership inference attacks. We study the protection that simply following good machine learning practices (not designed with privacy in mind) offers against membership inference. We evaluate the performance of state-of-the-art techniques, such as pre-training and sharpness-aware minimization, alone and with differentially private training algorithms, and find that, when using early stopping, the algorithms without differential privacy can provide both higher utility and higher privacy than their differentially private counterparts. These findings challenge the belief that differential privacy is a good defense to protect against existing membership inference attacks
arXiv:2110.05524v1 fatcat:muiq2hoetbb5xn37xycwhzssva

Filtering for Private Collaborative Benchmarking [chapter]

Florian Kerschbaum, Orestis Terzidis
2006 Lecture Notes in Computer Science  
Collaborative Benchmarking is an important issue for modern enterprises, but the business performance quantities used as input are often highly confidential. Secure Multi-Party Computation can offer protocols that can compute benchmarks without leaking the input variables. Benchmarking is a process of comparing to the "best", so often it is necessary to only include the k-best enterprises for computing a benchmark to not distort the result with some outlying performances. We present a protocol
more » ... present a protocol that can be used as a filter, before running any collaborative benchmarking protocol that restricts the participants to the k best values. Our protocol doesn't use the general circuit construction technique for SMC aiming to optimize performance. As building blocks we present the fastest implementation of Yao's millionaires' protocol and a protocol that achieves a fair shuffle in O(log n) rounds.
doi:10.1007/11766155_29 fatcat:jhso5eqnq5abrmrs5dwxdny6sq

Fault-Tolerant Privacy-Preserving Statistics [chapter]

Marek Jawurek, Florian Kerschbaum
2012 Lecture Notes in Computer Science  
Real-time statistics on smart meter consumption data must preserve consumer privacy and tolerate smart meter failures. Existing protocols for this private distributed aggregation model suffer from various drawbacks that disqualify them for application in the smart energy grid. Either they are not fault-tolerant or if they are, then they require bidirectional communication or their accuracy decreases with an increasing number of failures. In this paper, we provide a protocol that fixes these
more » ... hat fixes these problems and furthermore, supports a wider range of exchangeable statistical functions and requires no group key management. A key-managing authority ensures the secure evaluation of authorized functions on fresh data items using logical time and a custom zero-knowledge proof providing differential privacy for an unbounded number of statistics calculations. Our privacy-preserving protocol provides all the properties that make it suitable for use in the smart energy grid.
doi:10.1007/978-3-642-31680-7_12 fatcat:ovknsfbs7fduzkhrbvl2bzyumq

Searchable Encryption for Outsourced Data Analytics [chapter]

Florian Kerschbaum, Alessandro Sorniotti
2011 Lecture Notes in Computer Science  
Two sets of privacy requirements need to be fulfilled when a company's accounting data is audited by an external party: the company needs to safeguard its data, while the auditors do not want to reveal their investigation methods. This problem is usually addressed by physically isolating data and auditors during the course of an audit. This approach however no longer works when auditing is performed remotely. In this paper we present an efficient construction for a searchable encryption scheme
more » ... encryption scheme for outsourcing data analytics. In this scheme the data owner needs to encrypt his data only once and ship it in encrypted form to the data analyst. The data analyst can then perform a series of queries for which he must ask the data owner for help in translating the constants in the queries. Our searchable encryption scheme extends previous work by the ability to re-use query results as search tokens (query-result reusability) and the ability to perform range queries. It is efficient with O(log 2 n) work for a range query and is semantically secure relying only on Diffie-Hellman assumptions (in the random oracle model).
doi:10.1007/978-3-642-22633-5_5 fatcat:use6swd34jgyjknrfnr6nl5qiu
« Previous Showing results 1 — 15 out of 261 results