Privacy-preserving Computing And Applications

Privacy protection becomes an important issue in the information and networkingage, which is highly relevant to the interest and security of people, organizations andeven countries. Encrypting data directly protects it from unauthorized access, howeverviolates its functionality (e.g., computability and searchability). With high-frequent in-formation leakage in famous networking systems, people realize that service providersare untrusted. The challenging problem is how to provide users computing services whilepreserve their data privacy without any trusted third party or secure communication chan-nel. Privacy-preserving computing is proposed to address this problem.Most existing work use secure multi-party computing protocols to conduct privacy-preserving computing without any trusted third party. They rely on asymmetric cryp-tographic system and require rounds of interactions among participants. They are notpractical in many applications due to the following limitations:(1) they are not verifiableand the correctness is based on participants following the protocol honestly, which makesthem cannot resist malicious participants;(2) as a result of asymmetric encryption andmultiple interactions, their computing and communication overhead is large for resource-limited devoices(e.g., mobile phones and sensors);(3) nowadays, a lot of applications arebased on cloud servers, but most existing privacy-preserving protocols cannot supportoutsource computing. There lack efficient privacy-preserving cloud computing system.Facing above challenges, to improve the practicability of privacy-preserving computing,our research is conducted from the following aspects:1. Verifiability in secure multi-party computing. We thoroughly analyze the poten-tial attacks against existing privacy-preserving computing protocols. By injectingverifiable factors into the computation process, we propose a series of verifiableprivacy-preserving computing protocols for various applications. Our theoreticalanalysis and system evaluation show the security, verifiability and efficiency of ourprotocols.2. Efficiency of secure multi-party computing. Instead of using asymmetric encryp-tion, we propose a novel privacy-preserving profile matching protocol leveragingsymmetric encryption. Our protocol requires no presetting and only one roundof communication to achieve profile matching and secure communication channel construction, which is resist to the Man-in-the-Middle attack. We also develop aset of techniques to make our protocol more practical, flexible and light-weight.Compared to related work based on asymmetric encryption, our prototype systemsignificantly reduces the computing and communication cost.3. Privacy-preserving outsource computing. Facing the challenges aroused by mobilebig data applications, we propose a system framework which outsources users’ pri-vate data storage and search to cloud servers, meanwhile no privacy informationwill be leaked to any unauthorized parities, including the cloud. This frameworksupports fine-grained privacy protection policy and allows authorized users to con-duct content-based image search. Taking the image data as an example, since it haslarge size, rich privacy and high computation complexity, we implement a proto-type system. Our evaluation shows that, this framework provide good protection touser privacy while cause acceptable extra storage and computing overhead.The above work provide decentralized systems a set of privacy-preserving, verifi-able and efficient computing protocols, which can be applied to various resource-limitedapplications, e.g. mobile social networks and sensor networks. Besides, we also proposea framework which enables cloud servers to provide privacy-preserving data sharing andsearch service to mobile devices users, which can be considered as a step towards easilydeployable framework for secure cloud computing.