Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2018: Security and Privacy in Communication Networks pp 71–94Cite as

Secure and Efficient Multi-Party Directory Publication for Privacy-Preserving Data Sharing

  • Conference paper
  • First Online:

Abstract

In the era of big-data, personal data is produced, collected and consumed at different sites. A public directory connects data producers and consumers over the Internet and should be constructed securely given the privacy-sensitive nature of personal data.

This work tackles the research problem of distributed, privacy-preserving directory publication, with strong security and practical efficiency. For proven security, we follow the protocols of secure multi-party computations (MPC). For efficiency, we propose a pre-computation framework that minimizes the private computation and conducts aggressive pre-computation on public data. Several pre-computation policies are proposed with varying degrees of aggressiveness. For systems-level efficiency, the pre-computation is implemented with data parallelism on general-purpose graphics processing units (GPGPU).We apply the proposed scheme to real health-care scenarios for constructing patient-locator services in emerging Health Information Exchange (or HIE) networks.

We conduct extensive performance studies on real datasets and with an implementation based on open-source MPC software. With experiments on local and geo-distributed settings, our performance results show that the proposed pre-computation achieves a speedup of more than an order of magnitude without security loss.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://iptraf.seul.org/.

References

  1. CommonWell. http://www.commonwellalliance.org/

  2. Cuda. https://en.wikipedia.org/wiki/cuda

  3. Directive 95/46/EC of the European parliament and of the council

    Google Scholar 

  4. GaHIN. http://www.gahin.org/

  5. HealthEConnections. http://www.healtheconnections.org/rhio

  6. HiPAA. http://www.cms.hhs.gov/hipaageninfo/

  7. http://health.usnews.com/best-hospitals/area/new-york-ny/specialty

  8. Nextgate. http://www.nextgate.com/our-products/empi/

  9. NHIN Connect. http://www.connectopensource.org/

  10. NHIN. https://www.healthit.gov

  11. OpenEMPI. http://www.openempi.org/

  12. Percy++/PIR in C++. http://percy.sourceforge.net/

  13. pthread. https://en.wikipedia.org/wiki/posix_threads

  14. SPARCS. http://www.health.ny.gov/statistics/sparcs/

  15. 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, 17–21 May 2015. IEEE Computer Society (2015)

    Google Scholar 

  16. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, 4–8 November 2013, Berlin, Germany, pp. 535–548 (2013)

    Google Scholar 

  17. Bater, J., Elliott, G., Eggen, C., Goel, S., Kho, A.N., Duggan, J.: SMCQL: secure query processing for private data networks. CoRR, abs/1606.06808 (2016)

    Google Scholar 

  18. Bawa, M., Bayardo Jr., R.J., Agrawal, R., Vaidya, J.: Privacy-preserving indexing of documents on the network. VLDB J. 18(4), 837–856 (2009)

    Article  Google Scholar 

  19. Bawa, M., Bayardo Jr, R.J., Agrawal, R.: Privacy-preserving indexing of documents on the network. In: VLDB, pp. 922–933 (2003)

    Chapter  Google Scholar 

  20. Bellare, M., Hoang, V.T., Keelveedhi, S., Rogaway, P.: Efficient garbling from a fixed-key blockcipher. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, 19–22 May 2013, Berkeley, CA, USA, pp. 478–492. IEEE Computer Society (2013)

    Google Scholar 

  21. Ben-David, A., Nisan, N., Pinkas, B.: Fairplaymp: a system for secure multi-party computation. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM Conference on Computer and Communications Security, pp. 257–266. ACM (2008)

    Google Scholar 

  22. Bogdanov, D., Laur, S., Willemson, J.: Sharemind: a framework for fast privacy-preserving computations. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 192–206. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_13

    Chapter  Google Scholar 

  23. Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: SEPIA: privacy-preserving aggregation of multi-domain network events and statistics. In: Proceedings of 19th USENIX Security Symposium, 11–13 August 2010, Washington, DC, USA, pp. 223–240. USENIX Association (2010)

    Google Scholar 

  24. Cao, J., Rao, F., Bertino, E., Kantarcioglu, M.: A hybrid private record linkage scheme: Separating differentially private synopses from matching records. In: 31st IEEE International Conference on Data Engineering, ICDE 2015, 13–17 April 2015, Seoul, South Korea, pp. 1011–1022 (2015)

    Google Scholar 

  25. Choi, S.G., Hwang, K.W., Katz, J., Malkin, T., Rubenstein, D.: Secure multi-party computation of boolean circuits with applications to privacy in on-line marketplaces. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 416–432. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_26

    Chapter  MATH  Google Scholar 

  26. Choi, S.G., Katz, J., Kumaresan, R., Zhou, H.-S.: On the security of the “Free-XOR” technique. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 39–53. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_3

    Chapter  MATH  Google Scholar 

  27. Cramer, R., Damgård, I., Nielsen, J.B.: Secure Multiparty Computation and Secret Sharing. Cambridge University Press, Cambridge (2015)

    Book  Google Scholar 

  28. Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_1

    Chapter  Google Scholar 

  29. Demmler, D., Dessouky, G., Koushanfar, F., Sadeghi, A.R., Schneider, T., Zeitouni, S.: Automated synthesis of optimized circuits for secure computation. In: Ray, I. Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 12–6 October 2015, Denver, CO, USA, pp. 1504–1517. ACM (2015)

    Google Scholar 

  30. Demmler, D., Schneider, T., Zohner, M.: Aby - a framework for efficient mixed-protocol secure two-party computation. In: Network and Distributed System Security Symposium, NDSS 2015, February 2015

    Google Scholar 

  31. Du, W., Atallah, M.J.: Protocols for secure remote database access with approximate matching. In: Ghosh, A.K. (ed.) E-Commerce Security and Privacy. ADIS, vol. 2, pp. 87–111. Springer, Boston (2001). https://doi.org/10.1007/978-1-4615-1467-1_6

    Chapter  Google Scholar 

  32. Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M.: Our data, ourselves: privacy via distributed noise generation. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 486–503. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_29

    Chapter  Google Scholar 

  33. Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14

    Chapter  Google Scholar 

  34. Eigner, F., Maffei, M., Pampaloni, F., Pryvalov, I., Kate, A.: Differentially private data aggregation with optimal utility. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, 8–12 December 2014, New Orleans, LA, USA, pp. 316–325 (2014)

    Google Scholar 

  35. Ferguson, N., Schneier, B., Kohno, T.: Cryptography Engineering - Design Principles and Practical Applications. Wiley, Hoboken (2010)

    Google Scholar 

  36. Franz, M., Holzer, A., Katzenbeisser, S., Schallhart, C., Veith, H.: CBMC-GC: an ANSI C compiler for secure two-party computations. In: Cohen, A. (ed.) CC 2014. LNCS, vol. 8409, pp. 244–249. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54807-9_15

    Chapter  Google Scholar 

  37. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A.V. (ed.) Proceedings of the 19th Annual ACM Symposium on Theory of Computing, New York, New York, USA, pp. 218–229. ACM (1987)

    Google Scholar 

  38. Henecka, W., Kögl, S. K., Sadeghi, A.-R., Schneider, T., Wehrenberg, I.: Tasty: tool for automating secure two-party computations. In: ACM CCS, pp. 451–462 (2010)

    Google Scholar 

  39. Henry, R., Olumofin, F.G., Goldberg, I.: Practical PIR for electronic commerce. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, 17–21 October 2011, Chicago, Illinois, USA, pp. 677–690 (2011)

    Google Scholar 

  40. Huang, Y., Evans, D., Katz, J., Malka, L.: Faster secure two-party computation using garbled circuits. In: USENIX Security Symposium. USENIX Association (2011)

    Google Scholar 

  41. Ishai, Y., Kilian, J., Nissim, K., Petrank, E.: Extending oblivious transfers efficiently. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 145–161. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_9

    Chapter  Google Scholar 

  42. Jagomägis, R.: Secrec: a privacy-aware programming language with applications in data mining

    Google Scholar 

  43. Jurczyk, P., Lu, J.J., Xiong, L., Cragan, J.D., Correa, A.: FRIL: a tool for comparative record linkage. In: American Medical Informatics Association Annual Symposium, AMIA 2008, 8–12 November 2008, Washington, DC, USA (2008)

    Google Scholar 

  44. Jurczyk, P., Lu, J.J., Xiong, L., Cragan, J.D., Correa, A.: FRIL: a tool for comparative record linkage. AMIA Annu. Symp. Proc. 2008, 440 (2008)

    Google Scholar 

  45. Kantarcioglu, M., Clifton, C.: Privacy-preserving distributed mining of association rules on horizontally partitioned data. IEEE Trans. Knowl. Data Eng. 16(9), 1026–1037 (2004)

    Article  Google Scholar 

  46. Keller, M., Scholl, P.: Efficient, oblivious data structures for MPC. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 506–525. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_27

    Chapter  Google Scholar 

  47. Kerschbaum, F.: Automatically optimizing secure computation. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, 17–21 October 2011, Chicago, Illinois, USA, pp. 703–714 (2011)

    Google Scholar 

  48. Kreuter, B., Shelat, A., Mood, B., Butler, K.R.: PCF: a portable circuit format for scalable two-party secure computation. In: Proceedings of the 22th USENIX Security Symposium, 14–16 August 2013, Washington, DC, USA, pp. 321–336 (2013)

    Google Scholar 

  49. Laud, P., Pankova, A.: Preprocessing-based verification of multiparty protocols with honest majority. IACR Cryptology ePrint Archive 2015:674 (2015)

    Google Scholar 

  50. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Mondrian multidimensional k-anonymity. In: Liu et al. [53], p. 25 (2006)

    Google Scholar 

  51. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: Proceedings of the 23rd International Conference on Data Engineering, ICDE 2007, 15–20 April 2007, The Marmara Hotel, Istanbul, Turkey, pp. 106–115 (2007)

    Google Scholar 

  52. Liu, C., Wang, X.S., Nayak, K., Huang, Y., Shi, E.: Oblivm: a programming framework for secure computation. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, 17–21 May 2015, San Jose, CA, USA [15], pp. 359–376 (2015)

    Google Scholar 

  53. Liu, L., Reuter, A. Whang, K., Zhang, J. (eds.): In: Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, 3–8 April 2006, Atlanta, GA, USA. IEEE Computer Society (2006)

    Google Scholar 

  54. Liu, Y.T.L.: Privacy-preserving multi-keyword search in information networks. IEEE Trans. Knowl. Data Eng. 27(9), 2424–2437 (2015)

    Article  Google Scholar 

  55. Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: privacy beyond k-anonymity. In: Liu et al. [53], p. 24 (2006)

    Google Scholar 

  56. Makulilo, A.B.: Asian Data Privacy Laws, Trade and Human Rights Perspective, By Graham Greenleaf, vol. 23, no. 3, pp. 322–324. I. J. Law and Information Technology (2015)

    Article  Google Scholar 

  57. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay - secure two-party computation system. In: Blaze, M. (ed.) USENIX Security Symposium, pp. 287–302. USENIX (2004)

    Google Scholar 

  58. Martin, D.J., Kifer, D., Machanavajjhala, A., Gehrke, J., Halpern, J.Y.: Worst-case background knowledge for privacy-preserving data publishing. In: Proceedings of the 23rd International Conference on Data Engineering, ICDE 2007, 15–20 April 2007, The Marmara Hotel, Istanbul, Turkey, pp. 126–135 (2007)

    Google Scholar 

  59. McCamant, S., Ernst, M. D.: Quantitative information flow as network flow capacity. In: Proceedings of the ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation, 7–13 June 2008, Tucson, AZ, USA, pp. 193–205 (2008)

    Google Scholar 

  60. Narayan, A., Haeberlen, A.: DJoin: differentially private join queries over distributed databases. In: OSDI, October 2012

    Google Scholar 

  61. Pettai, M., Laud, P.: Combining differential privacy and secure multiparty computation. In: Proceedings of the 31st Annual Computer Security Applications Conference, 7–11 December 2015, Los Angeles, CA, USA, pp. 421–430 (2015)

    Google Scholar 

  62. Rabin, M.O.: How to exchange secrets with oblivious transfer. IACR Cryptology ePrint Archive 2005:187 (2005)

    Google Scholar 

  63. Rastogi, A., Hammer, M.A., Hicks, M.: Wysteria: a programming language for generic, mixed-mode multiparty computations. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, 18–21 May 2014, Berkeley, CA, USA, pp. 655–670. IEEE Computer Society (2014)

    Google Scholar 

  64. Seward, J., Nethercote, N., Weidendorfer, J.: Valgrind 3.3-Advanced Debugging and Profiling for GNU/Linux Applications. Network Theory Ltd., UK (2008)

    Google Scholar 

  65. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  66. Songhori, E.M., Hussain, S.U., Sadeghi, A.R., Schneider, T., Koushanfar, F.: Tinygarble: highly compressed and scalable sequential garbled circuits. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, 17–21 May 2015, San Jose, CA, USA [15], pp. 411–428 (2015)

    Google Scholar 

  67. Sweeney, L.: K-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)

    Article  MathSciNet  Google Scholar 

  68. Tang, Y., Liu, L., Iyengar, A., Lee, K., Zhang, Q.: e-PPI: locator service in information networks with personalized privacy preservation. In: IEEE 34th International Conference on Distributed Computing Systems, ICDCS 2014, 30 June–3 July 2014, Madrid, Spain, pp. 186–197 (2014)

    Google Scholar 

  69. Tang, Y., Wang, T., Liu, L.: Privacy preserving indexing for ehealth information networks. In: CIKM, pp. 905–914 (2011)

    Google Scholar 

  70. Toth, C., Durham, E., Kantarcioglu, M., Xue, Y., Malin, B.: Soempi: A secure open enterprise master patient index software toolkit for private record linkage. In: AMIA Annual Symposium Proceedings, vol. 2014, p. 1105. American Medical Informatics Association (2014)

    Google Scholar 

  71. Vaidya, J., Clifton, C.: Privacy preserving association rule mining in vertically partitioned data. In: Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 23–26 July 2002, Edmonton, Alberta, Canada, pp. 639–644 (2002)

    Google Scholar 

  72. Warner, S.L.: Randomized response: a survey technique for eliminating evasive answer bias. J. Am. Stat. Assoc. 60(309), 63–69 (1965)

    Article  Google Scholar 

  73. Yao, A.C.: How to generate and exchange secrets (extended abstract). In: 27th Annual Symposium on Foundations of Computer Science, 27–29 October 1986, Toronto, Canada, pp. 162–167. IEEE Computer Society (1986)

    Google Scholar 

  74. Zerr, S., Demidova, E., Olmedilla, D., Nejdl, W., Winslett, M., Mitra, S.: Zerber: r-confidential indexing for distributed documents. In: EDBT, pp. 287–298 (2008)

    Google Scholar 

  75. Zhang, Y., Steele, A., Blanton, M.: PICCO: a general-purpose compiler for private distributed computation. In: 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, 4–8 November 2013, Berlin, Germany, pp. 813–826 (2013)

    Google Scholar 

Download references

Acknowledgement

The authors would thank anonymous reviewers for their constructive suggestions. The first three authors were supported by the Cyber Research Institute in Rome, NY, under Grant Number #28254. Shuang Wang was supported by NIH R00HG008175.

Author information

Authors and Affiliations

  1. Department of EECS, Syracuse University, Syracuse, NY, USA

    Katchaguy Areekijseree, Yuzhe Tang & Ju Chen

  2. Department of Biomedical Informatics (DBMI), UCSD, San Diego, CA, USA

    Shuang Wang

  3. IBM T.J. Watson Research Center, Yorktown Heights, NY, USA

    Arun Iyengar

  4. School of Computing and Information, University of Pittsburgh, Pittsburgh, PA, USA

    Balaji Palanisamy

Authors
  1. Katchaguy Areekijseree
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuzhe Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ju Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shuang Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arun Iyengar
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Balaji Palanisamy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katchaguy Areekijseree .

Editor information

Editors and Affiliations

  1. Klaus Advanced Computing Building, Georgia Institute of Technology, Atlanta, GA, USA

    Raheem Beyah

  2. Singapore Management University, Singapore, Singapore

    Bing Chang

  3. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yingjiu Li

  4. Pennsylvania State University, University Park, PA, USA

    Sencun Zhu

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Areekijseree, K., Tang, Y., Chen, J., Wang, S., Iyengar, A., Palanisamy, B. (2018). Secure and Efficient Multi-Party Directory Publication for Privacy-Preserving Data Sharing. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 254. Springer, Cham. https://doi.org/10.1007/978-3-030-01701-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01701-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01700-2

  • Online ISBN: 978-3-030-01701-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation