Computer Science Graduate Seminar: Designing Digital Services with Cryptographic Guarantees for Data Security and Privacy

 

Friday, December 08, 2017, 3:30pm

Location: E3, 9007

Speaker: Dipl.-Inform. Jan Henrik Ziegeldorf

Abstract:

In the past two decades, tremendously successful digital services have been built that collect, process, and monetize massive amounts of personal user data. Along come serious threats to data security and privacy. Countering these threats requires the development of Privacy Enhancing Technologies that complement or replace traditional communication security protocols. We identify Secure Multiparty Computation (SMC) as a rigorous approach to provide data security and privacy protection, but notice that its potential is foremost on the theoretical level. In order to bridge the gap between theory and real-world applications of SMC, we conduct a qualitative and quantitative analysis of SMC frameworks and abstract three research challenges: i) Extending the functionality and ii) increasing the efficiency of SMC as well as iii) customizing it to challenged environments. We choose a use case-driven research methodology to address these questions, which allows us to motivate and validate all our contributions in practice. First, we motivate the problem of financial privacy in cryptocurrencies and propose decentralized mixing as a solution. We recognize the advantages of securing mixing operations with SMC and contribute secure protocols to technically realize our novel approach. Second, we propose efficient SMC designs for different classification algorithms to address data security and privacy issues in pattern recognition and machine learning. The evaluation of our classifiers shows that they are secure, accurate, and outperform the state of the art. Finally, we investigate secure outsourcing as a general strategy to customize SMC to challenged deployment and operation scenarios by the example of computing set intersections, a fundamental SMC problem. We present efficient schemes with negligible overheads for the outsourcers and demonstrate their applicability in two comprehensive case studies, privacy-preserving crowd-sensing and genetic disease testing in the cloud. In summary, the contributions made in this thesis widen the technical solution space for practical data security and privacy protection in data-driven digital services.

The computer science lecturers invite interested people to join.