Enabling Practical Deployments of Privacy-Preserving Secure Technologies

Abstract

The advent of application domains and technologies such as big data analytics, the Internet of Things, and machine learning, coupled with the scale of cloud computing, has led to improvements in several aspects of human lives. Unfortunately, utilizing these technologies often requires users to sacrifice the privacy and security of their personal information.

Though several paradigms have been proposed to solve this problem, they each have limitations that have prevented their more widespread use in modern deployments. Homomorphic Encryption (HE), a cryptographic technique that allows user data to remain in encrypted form throughout the analysis process, does not natively provide any data integrity guarantees or privacy to more than one party. HE also features encoding and encryption algorithms that are too inefficient for constrained devices, such as those used in the Internet of Things. Alternatively, Trusted Execution Environments (TEEs) can be used to secure data through a combination of access control and cryptographic mechanisms, but impose a high attestation burden on clients to thoroughly verify enclave code and providers to release enclave code publicly. Secure multi-party computation techniques can be used to provide privacy to mutually distrustful parties who wish to compute a joint function together, but are often difficult to analyze and evaluate for a given application across multiple techniques and network settings, and can result in high performance costs.

This dissertation works to address the limitations of the aforementioned technologies in the context of specific deployment scenarios. First, we present a solution to the problem of privacy-preserving secure inference between two mutually distrustful parties in an untrusted cloud setting. Our solution, CHEX-MIX, involves a combined HE-TEE approach that leverages the benefits of each technology together to counter their respective limitations. Unlike alternate approaches for two-party oblivious inference, our solution has the advantage of freeing service providers from having to maintain their own private online infrastructures, enabling service providers to more effectively utilize the public cloud.

Next, we present a series of techniques that can be used to enable memory-efficient, high-performance HE on constrained embedded devices. We present our techniques as part of the SEAL-Embedded library, the first HE library targeted for embedded devices, featuring the CKKS approximate homomorphic encryption scheme.

Finally, we look at common approaches for secure multi-party computation, including Yao’s garbled circuits, GMW secret sharing, and a newer scheme called Gate Evaluation Secret Sharing(GESS). We propose Costa, a framework for more comprehensively analyzing the communication cost of these schemes, and demonstrate its utility across multiple case studies. As part of this framework, we present GESSlib, a library that accurately calculates the communication cost of GESS for any 2-input Boolean circuit.

Altogether, the works presented in this dissertation make several strides towards making privacy and security technologies more applicable to modern deployments.