Other Privacy Team Members

Transcription

1 Privacy Technologies in the Era of Big Data:! Reflections & New Directions Ersin Uzun, PhD Palo Alto Research Center Other Privacy Team Members Shantanu Rane, PhD Julien Freudiger, PhD

2 Ersin Uzun Director of Technology Solutions, Manager of Security PARC Focus on Network Security, Privacy Technologies, Usable Security. 2

3 Social network data Smartphone app data Online shopping Car navigation data h$p://pos$ypography.com Biometrics Healthcare data Internet of things telemetry Smart grid pricing & usage Intellectual property Industrial diagnostics data Demographic data National security data 3

4 4

5 State of Privacy Technologies Today Security/Privacy Security Research Ideal Efficiency time memory Industry Practice Utility variety of functions variety of insights accuracy 5

6 Even U.S. Government is taking notice Recommendation 3: With coordination and encouragement from OSTP, the NITRD agencies, should strengthen U.S. research in privacy-related technologies and in the relevant areas of social science that inform the successful application of those technologies.. create appropriate balance among economic opportunity, national priorities, and privacy protection. [PCAST Report, May 24] 6

7 Rest of the Talk. Current Models & Methods for Privacy-protecting Data Analytics - Private Data Sharing - Privacy-preserving Data Mining - Anonymization 2. Reflections and Potential New Research Directions 7

8 Models & Methods 8

9 (Incomplete) Taxonomy of Privacy- protec?ng Analy?cs Garbled Circuits Bloom Filters Secure Data Sharing Private Set Intersection Commutative Encryption OPE OPRFs Privacy-Preserving Data Mining Homomorphic Encryption Additive Hashing Garbled Circuits Multiplicative FHE Homomorphic Encryption Searchable Encryption Symmetric Functional Encryption Asymmetric Order-Preserving Encryption Anonymization Randomized Response Generalization k-anonymity l-diversity Differential Privacy t-closeness 9

10 Private Data Sharing Privacy questions. How to share common data w/o revealing unique/private data? Sharing protocol 2. How to privately ascertain whether data is worth sharing or purchasing?

11 What if Companies Could Share " Business Relevant Data? Entity! Data! Analytics! Prediction! Entity 2! Data 2! Analytics! Prediction! Collaboration improves analytics:! E.g., recommendations, predictions, modeling!

12 Problems with Sharing. Trust Will others leak my data? 2. Legal Liability Will I be sued for sharing customer data? (e.g., Negligence) 3. Competitive concerns Will my competitors outperform me? 4. Shared data quality Will data be reliable? In practice, few companies share data 2

13 A Sample Enabler: Private Set Intersection Private! Collaboration! Algorithm! Can be implemented in many ways with classical cryptographic tools, e.g., Bloom filters, hashing, RSA-style encryption, etc. Can be made secure against malicious participants. Supports a specific operation, requires security expertise for any tweaking Hard to use with noisy data. 3

14 Collaborative Security More data makes analytics better, faster, stronger It is the policy of the United States Government to increase the volume, timelines, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber attacks. Barack Obama State of the Union Address, 23 4

15 Problem Companies are under cyber attacks [] 5.5 billion malware attacks in 2 4,5 new web based attacks each day Large quantities of attack information IP addresses, URLs, hostnames, vulnerabilities, phishing s Metadata (attack technique, activity description) Companies often hit by same attacks [2] [] Symantec, Security Report Highlights, 22! [2] Symantec, Malicious Code Trends, 22! 5

16 Traditional Solution Security Intelligence and Analytics (SIA) Learn about threat, block them Leverage Big Data Analytics algorithms Improve accuracy of security defenses Predict attacks Better allocate resources Limitations Only predict what you know 6

17 Limited Success of Industry Initiatives Governmental efforts PDD-63/HSPD-7. Clinton advocates protection of critical infrastructure by cooperative efforts from government and private sector. Bush agrees. Obama in 23 restates need for collaboration in State of Union Address FCC CSRIC working group advocates sharing via published code of conduct but admits limited adoption due to barriers Business efforts FS-ISAC: Data exchange in financial sector, since 999 RedSky Alliance: data exchange in IT, since 22 Dshield: Data exchange in IT, small corporations FIRST/CERTs: Organizations of CERTs to help with data sharing Standardization efforts IETF, ISO 27, and ITU-T advocate data sharing and published specific communication and data packet standards 7

18 Proposed Solution" Privacy-enhanced Sharing of Security Data Data! Company! Input: Obfuscated Data! Data 2! Company 2! Secure Information Sharing! Efficient cryptographic protocols! Augmented Data! Output: Relevant Data! Company! Augmented Data! Algorithm! Algorithm! Knowledge! Knowledge! Company 2! 8

19 Why Could This Work? Secure Data is encrypted Facilitate trust establishment Private Estimate benefits before sharing data Selective information shared Automated No human intervention No Central Trusted third party Fast Speedy turn around rate Firewall! Company 3 Firewall! Company Firewall! Company 2 9

20 Our Framework. Estimate benefits of collaboration Compute similarity metrics in privacy-preserving way 2. Select best partners to collaborate with Maximize collaboration potential by selecting best partners 3. Merge datasets Fuse data for better analytics 4. Predict misbehavior Rely on augmented data for better prediction. Controlled Data Sharing for Collabora?ve Predic?ve Blacklis?ng, DIMVA 25 2

21 . Secure and Private Estimation of Benefits Data Covariance Pearson Correlation Cosine NX (x i µ x )(y i µ y ) cov(x, y) = N i= cov(x, y) r(x, y) = cos(x, y) = x y xy k x kk y k Set Intersection Jaccard Sorensen-Dice J(x, y) = X T Y X S Y Previous work suggested similarity metrics We compute similarity metric without disclosing anything but metrics output Example Two parties, a and b, calculate a b using Private Set Intersection (PSI) Cryptographic protocol that does not disclose a and b content 2

22 2. Selection Possible strategies Assuming collaboration, each entity select top x metrics Assuming non-collaboration, each entity negotiates with others Example T! T! T 2! T 3! T 4! T 5! m,2 m,3 m,4 m,5 T 2! m 2,3 m 2,4 m 2,5 E.g., pick Top 5 pairs! T 3! m 3,4 m 3,5 T 4! m 4,5 T 5! 22

23 3. Merge Union.... Intersection! 23

24 4. Prediction Predict whether IP address is likely to attack in future Exponentially weighted past binary attacks to predict next day! weights! Training window Testing window r a,v = recommendation from a to v b a,v = binary attack vector from a to v α = weight factor t = training window size t = current time t + = prediction time If (r a,v >.5) then attack at t+ 24

25 Sample Results: Prediction Improvement Collaboration strategy <similarity metric, merge algorithm> Average Prediction Improvement over baseline <Random, Union> 8%! <Spearman, Union> 6%! <Pearson, Union> 9%! <Cosine, Union> 9%! <Jaccard, Union> 55%! <Intersection, Union> 56%! 25

26 Privacy-preserving Data Mining!! Data! Querying protocol!! Analytics! Privacy Questions. Which queries are possible given available privacy primitives? 2. How to preserve database privacy and query privacy? 3. How to detect insider threats based on queries? Sample Applications Federated search, Healthcare analytics, Data quality assessment, Education analytics, Transportation analytics, etc. 26

27 " A Sample Enabler: Homomorphic Encryption Data encrypted, not just in storage and transit, but also in computation. FHE holds out the promise of truly outsourced cloud computing. Limited (e.g.,, additively homomorphic) versions are reasonably efficient Significant performance penalty with FHE & today data grows faster than computational power in many cases (Moore s law might not help here) Encryption is not well-matched with typical workflows used by data scientists (e.g., trial-and-error, data cleaning, feature engineering, etc.) 27

28 Buying Data is Common Practice First Name Last Name Age State ZIP John Steinbeck 32 CA 9443 Jimi Hendrix 27 WA Isaac Asimov -5 NY NULL $ Threat mitigation / Intelligence Customer care analytics / Marketing 28

29 First Name Last Name Age State ZIP John Steinbeck 32 CA 9443 Jimi Hendrix 27 WA Isaac Asimov -5 NY NULL What about the data quality? Customer does not know quality of data prior to purchase Data cleaning accounts for up to 8% of development time in big data projects 29

30 Data Quality Metrics First Name Last Name Age State ZIP John Steinbeck 32 CA 9443 Jimi Hendrix 27 WA Isaac Asimov -5 NY NULL Completeness Percentage of elements that are properly populated Check for values such as NULL,, 3

31 Data Quality Metrics First Name Last Name Age State ZIP John Steinbeck 32 CA 9443 Jimi Hendrix 27 WA Isaac Asimov -5 NY NULL Validity Percentage of elements whose attributes possess meaningful values 3

32 Data Quality Metrics First Name Last Name Age State ZIP John Steinbeck 32 CA 9443 Jimi Hendrix 27 WA Isaac Asimov -5 NY NULL Consistency Degree to which the data attributes satisfy a dependency constraints 32

33 Desirable Privacy Properties Query Privacy Server should not learn the data quality metric a client is interested in Data Privacy Client should not learn server s data 33

34 Encrypted-domain Computation E(d ) E(d 2 )=E(d + d 2 ) E(d ) d 2 = E(d d 2 ) Client Server E(d ), E(d 2 ) E(d ) * E(d 2 ) d +d 2 [Paillier 99, Damgard-Jurik ] 34

35 Select & Aggregate Setup u =(,,,,...,) KX v i I {ui =} i= Secure Select & Aggregate Protocol v =(v,v 2,...,v K ) Goal: Alice has a binary selector u, Bob has data vector v. Alice should discover the sum of selected elements from v. Query Privacy: Bob should not find the selector vector. Data Privacy: Alice should not discover any information other than the selected aggregate. 35

36 Select & Aggregate Protocol u =(,,,,...,) E(u i ) KX v i I {ui =} i= Secure Select & Aggregate Protocol v =(v,v 2,...,v K ). Alice sends element-wise encryptions of u to Bob. 2. Bob computes the dot product of u and v using additive homomorphic property, and sends it to Alice.!! KY KY KX KX E(u i ) v i = E(u i v i )=E v i u i = E v i I {ui } i= i= i= 3. Alice decrypts the dot product. i= 36

37 Select & Aggregate Complexity # Encryptions K # Decryptions # Multiplications K # Exponentiations K # Transmissions K Cannot afford O(#tuples) complexity for large databases. 37

38 Simple Key Idea. Find a suitable low-dimensional representation. 2. Use Select & Aggregate to evaluate quality metric. Privacy- Preserving Data Quality Assessment for High- Fidelity Data Sharing, WISCS 25 38

39 Completeness Setup HashMap... H(NULL):... u Counting HashMap H(b ): H(NULL): 5... H(b t ): 2 v Example: Alice wants to find the number of NULL values in Bob s data. Query Privacy: Bob does not discover that Alice is searching for the number of NULLs. Data Privacy: Alice discovers nothing else about Bob s data. Trick: Alice generates a Hashmap, Bob generates a Counting Hashmap. 39

40 Completeness Protocol 5 HashMap... H(NULL):... u Secure Select & Aggregate Protocol Counting HashMap H(b ): H(NULL): 5... H(b t ): 2 v Alice generates public encryption key and private decryption key for additively homomorphic cryptosystem. The parties evaluate Select & Aggregate on Alice s Hashmap and Bob s Counting Hashmap. By construction, protocol reveals number of NULLs to Alice. 4

41 Validity Evaluation Setup Binary vector Histogram of attribute u v Z A B E F G C D Example: Alice wants to know how many of Bob s entries are in the range [C,E]. Query Privacy: Bob does not discover the range of Alice s searches. Data Privacy: Alice discovers nothing else about Bob s data. Trick: Bob generates a histogram vector, Alice generates a binary selector vector on the support of the histogram. 4

42 Validity Evaluation Protocol Binary vector Histogram of attribute 5 u Secure Select & Aggregate Protocol v Z A B E F G C D As before, Alice and Bob run the Select & Aggregate protocol on Alice s selector vector and Bob s histogram. By construction, protocol reveals number of valid values to Alice. Protocol works for arbitrary range queries. 42

43 Consistency Evaluation Setup Expected association rule Observed association rule u Example: Alice wants to know how many of Bob s entries follow correct dependencies among attributes, e.g., State Zipcode. Query Privacy: Bob doesn t discover which dependencies Alice is checking. Data Privacy: Alice discovers nothing else about Bob s data. Trick: Bob generates a vector of observed associations, Alice generates a vector of desired associations. 43 v

44 CA MA MN Desired Dependencies CA MA MN Observed Dependencies Alice and Bob agree upon an ordering of attribute values. They also agree on a vectorization (flattening) pattern. Need to securely compute how many of Bob s dependencies are consistent with Alice s rules. 44

45 Consistency Evaluation Protocol Expected association rule Observed association rule 4 u Secure Select & Aggregate Protocol Alice and Bob run the Select & Aggregate protocol on Alice s desired rule vector and Bob s observed rule vector. Protocol reveals number of valid dependencies to Alice. Works for dependencies among arbitrary attribute combinations. v 45

46 Anonymization Data! Anonymization Anon Data! Privacy Questions. Which data attributes are sensitive? 2. How to anonymize sensitive attributes? 3. What is the privacy-utility tradeoff for analytics on anonymized data? 4. What is the risk of re-identification via external linkage? Sample Applications Government data collection, Disclosure control methods for advertising, healthcare, smart grid, education. 46

47 Masking (Industry Favorite) John Smith American Heart Disease Kei Takamura Japanese Cancer Sarah Jones American Cancer Cesar Vincent French Viral Infection askdhsf American Heart Disease lkjljhflgl Japanese Cancer rwithgd American Cancer vmbnvc French Viral Infection Replaces PII with pseudonymous identifiers Easy and fast. Identify sensitive attributes and hash them. High utility, as long as only a few attributes are masked. HIPAA compliant. 47

48 Masking does not really preserve privacy askdhsf American Heart Disease lkjljhflgl Japanese Cancer rwithgd American Cancer vmbnvc French Viral Infection + Kei Takamura 9243 Japanese Instructor à askdhsf American Heart Disease Kei Takamura Japanese Cancer rwithgd American Cancer vmbnvc French Viral Infection MA Governor medical records [Sweeney 2] NYT re-identification of AOL Search Data [Barbaro, Zeller, 6] Innocuous DNA Statistics [Homer et al. 8] De-anonymization of Netflix database [Narayanan, Shmatikov 8, ] 48

49 Other Anonymization Methods Input perturbation / generalization (e.g., k-anonymity) Data! Anonymization Anon! Data! Analytics! Output perturbation (e.g., differentially private mechanisms) Data! Function! Anonymization Analytics! 49

50 2 Reflections and New Directions 5

51 State of Privacy Technologies Today Security/Privacy Security Research Ideal Efficiency time memory Industry Practice Utility variety of functions variety of insights accuracy 5

52 S&P Technology Landscape Technology Security Privacy Utility Efficiency Masking N/A Low High High K-anonymity N/A Low Medium Medium Differential Privacy N/A High Low Medium FHE High Medium Medium Low PHE High Medium Low Medium SMC High Medium High Medium Searchable Encryption Encrypted Query Processing High Medium Medium High High Medium Medium High ORAM High High Medium High Secret Sharing High High Medium Medium Functional Encryption High Medium High Low 52

53 S&P Academic Attempts" Some approaches that were considered Security/Privacy Technologies Masking k-anonymity Differential Privacy FHE PHE SMC Searchable Encryption Encrypted Query Processing Analytics ETL Feature Engineering Clustering Regression Reduction (e.g., PCA) Classification Deep Learning ORAM Secret Sharing Functional Encryption 53

54 P.P. Analytics Today Applications Private Cyber Threat Mitigation Data Quality Assessment Disclosure Control Privacy- Preserving Search... Methods Aggregate Search Similarity Clustering Sorting... Anonymization Security and Privacy Tools Encryption Locality Sensitive Hashing Secure Multiparty Computation... What is wrong in this picture? 54

55 Analytics is done by data scientists Not by cryptographers or security researchers! P.P. analytics solutions : are custom and limiting slow, prevents access for other insights does not support analytics workflow usually requires exploration and feature engineering often struggle with data quality data must be clean and formatted 55

56 Privacy Tomorrow? Applications Private Cyber Threat Mitigation Data Quality Assessment Disclosure Control Privacy- Preserving Search... Methods Aggregate Search Similarity Clustering Sorting... Privacy Policy Automated System Data Anonymization Security and Privacy Tools Encryption Locality Sensitive Hashing Secure Multiparty Computation... 56

57 Data Example of redaction - (Un)usability of human Acme Employment Survey data Name interaction Margaret J. Smith and privacy policies privacy Other problems Try to limit the release DOB 8/29/978 Gender F Address 75 Hoodview Drive Redaction City Beaverton, OR Zip Insufficient Salary $3,5 metrics Job satisfaction to define/measure privacy 87% chance the individual is still identifiable! - Crypto is still too computationally costly when dealing with big data policies Service Provider about an online privacy policy. This allows us to estimate time and costs both for people who read the Legal full policy word for word, and people who skim policies to find answers to privacy questions they have. In each case, we use a range of values for our estimates with median values as a point estimate and high and low values from the first and third quartiles Calculated Estimate to Read Popular Website Privacy Policies We measured the word count of the 75 most popular websites based on a list of 3, most frequently clicked-on websites from AOL search data in October, Because these are the Trust the recipient most popular sites, they encompass the sorts of policies Internet users would be most likely to encounter. As seen in Figure, we found a wide range of policy lengths from a low of only 44 words to a high of 7,669 words about 5 pages of text. We used a range of word count values from the first quartile to the third quartile, with the mean value as a point estimate. Privacy policy sizes of 75 most popular sites Frequency ,,5 2, 2,5 Figure : Probability Density Function ( PDF ) and Cumulative Distribution Function ( CDF ) of Approved for Public Release, Distribution Word Counts Unlimited in Popular Website Privacy Policies 3, 3,5 4, 4,5 5, 9 5,5 median line 6, 6,5 Number of Words in the Privacy Policy Frequency Cumulative % 7, 7,5 8, More % 37 In this paper, the first quartile is the average of all data points below the median; the third quartile is the average of all data points above the median. These are single values and not a range of values. Point estimates are our single best guess in the face of uncertainty. 38 Serge Egelman, Lorrie Faith Cranor, and Abdur Chowdhury, An Analysis of P3P-Enabled Web Sites among Top-2 Search Results. (Proceedings of the Eighth International Conference on Electronic Commerce, Fredericton, New Brunswick, Canada, August 4-6). 8% 6% 4% 2% % 3 57