Protecting data privacy with decentralized self-emerging data release systems

In the age of Big Data, releasing private data at a future point in time is critical for various applications. Such self-emerging data release requires the data to be protected until a prescribed data release time and be automatically released to the target recipient at the release time. While straight-forward centralized approaches such as cloud storage services may provide a simple way to implement self-emerging data release, unfortunately, they are limited to a single point of trust and involves a single point of control. This dissertation proposes new decentralized designs of self-emerging data release systems using large-scale peer-to-peer (P2P) networks as the underlying infrastructure to eliminate a single point of trust or control. The first part of the dissertation presents the design of decentralized self-emerging data release systems using two different P2P network infrastructures, namely Distributed Hash Table (DHT) and blockchain. The second part of this dissertation proposes new mechanisms for supporting two key functionalities of self-emerging data release, namely (i) enabling the release of self-emerging data to blockchain-based smart contracts for facilitating a wide range of decentralized applications and (ii) supporting a cost-effective gradual release of self-emerging data in the decentralized infrastructure. We believe that the outcome of this dissertation would contribute to the development of decentralized security primitives and protocols in the context of timed release of private data.

[1]  Changyu Dong,et al.  Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing , 2017, CCS.

[2]  Assaf Schuster,et al.  Data mining with differential privacy , 2010, KDD.

[3]  Ling Liu,et al.  Privacy-Aware Mobile Services over Road Networks , 2009, Proc. VLDB Endow..

[4]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[5]  Chao Li,et al.  Timed-Release of Self-Emerging Data Using Distributed Hash Tables , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[6]  Konstantinos Chalkias,et al.  Low-cost Anonymous Timed-Release Encryption , 2007, Third International Symposium on Information Assurance and Security.

[7]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[8]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..

[9]  Julian J. McAuley,et al.  Ups and Downs: Modeling the Visual Evolution of Fashion Trends with One-Class Collaborative Filtering , 2016, WWW.

[10]  Tibor Jager,et al.  How to build time-lock encryption , 2018, Designs, Codes and Cryptography.

[11]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[12]  Atsuko Miyaji,et al.  A Timed-Release Proxy Re-Encryption Scheme , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[14]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[15]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[16]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[17]  Jean-Jacques Quisquater,et al.  Efficient and Non-interactive Timed-Release Encryption , 2005, ICICS.

[18]  Dimitrios Makrakis,et al.  Protecting Location Privacy with Clustering Anonymization in vehicular networks , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[19]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[20]  Panos Kalnis,et al.  On the Anonymization of Sparse High-Dimensional Data , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[21]  Yoav Shoham,et al.  Essentials of Game Theory: A Concise Multidisciplinary Introduction , 2008, Essentials of Game Theory: A Concise Multidisciplinary Introduction.

[22]  Kenneth G. Paterson,et al.  Time-Specific Encryption , 2010, SCN.

[23]  Ling Liu,et al.  A Customizable k-Anonymity Model for Protecting Location Privacy , 2004 .

[24]  Marcin Andrychowicz,et al.  Fair Two-Party Computations via Bitcoin Deposits , 2014, Financial Cryptography Workshops.

[25]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[26]  Feng Hao,et al.  A Smart Contract for Boardroom Voting with Maximum Voter Privacy , 2017, IACR Cryptol. ePrint Arch..

[27]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[28]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[29]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[30]  Marco Casassa Mont,et al.  The HP Time Vault Service: Innovating the Way Confidential Information is Disclosed, at the Right Time , 2002 .

[31]  Òscar Celma Herrada Music recommendation and discovery in the long tail , 2009 .

[32]  Wei-Wei Zhang,et al.  Cryptanalysis and improvement of the quantum private comparison protocol with semi-honest third party , 2013, Quantum Inf. Process..

[33]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[34]  Catuscia Palamidessi,et al.  Optimal Geo-Indistinguishable Mechanisms for Location Privacy , 2014, CCS.

[35]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[36]  Tetsuji Satoh,et al.  Protection of Location Privacy using Dummies for Location-based Services , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[37]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[38]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[39]  Jianliang Xu,et al.  Quality Aware Privacy Protection for Location-Based Services , 2007, DASFAA.

[40]  Daniel Stutzbach,et al.  Understanding churn in peer-to-peer networks , 2006, IMC '06.

[41]  Jeremy Clark,et al.  Mixcoin: Anonymity for Bitcoin with Accountable Mixes , 2014, Financial Cryptography.

[42]  Ting Yu,et al.  Anonymizing bipartite graph data using safe groupings , 2008, Proc. VLDB Endow..

[43]  Dimitrios Hristu-Varsakelis,et al.  Improved Anonymous Timed-Release Encryption , 2007, ESORICS.

[44]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[45]  Chao Li,et al.  Emerge: Self-Emerging Data Release Using Cloud Data Storage , 2017, 2017 IEEE 10th International Conference on Cloud Computing (CLOUD).

[46]  F. Maxwell Harper,et al.  The MovieLens Datasets: History and Context , 2016, TIIS.

[47]  Atsushi Fujioka,et al.  Strong Security Notions for Timed-Release Public-Key Encryption Revisited , 2011, ICISC.

[48]  Kazuyuki Shudo,et al.  Overlay Weaver: An overlay construction toolkit , 2008, Computer Communications.

[49]  Marco Casassa Mont,et al.  The HP time vault service: exploiting IBE for timed release of confidential information , 2003, WWW '03.

[50]  Benjamin C. M. Fung,et al.  Publishing set-valued data via differential privacy , 2011, Proc. VLDB Endow..

[51]  Balachander Krishnamurthy,et al.  Class-based graph anonymization for social network data , 2009, Proc. VLDB Endow..

[52]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[53]  James A. Landay,et al.  An architecture for privacy-sensitive ubiquitous computing , 2004, MobiSys '04.

[54]  Juri Mattila,et al.  Smart Contracts – How Will Blockchain Technology Affect Contractual Practices? , 2016 .

[55]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[56]  Ninghui Li,et al.  Publishing Graph Degree Distribution with Node Differential Privacy , 2016, SIGMOD Conference.

[57]  John Kubiatowicz,et al.  Erasure Coding Vs. Replication: A Quantitative Comparison , 2002, IPTPS.

[58]  Claude Castelluccia,et al.  Differentially private sequential data publication via variable-length n-grams , 2012, CCS.

[59]  Jon M. Kleinberg,et al.  Wherefore art thou R3579X? , 2011, Commun. ACM.

[60]  Kyriakos Mouratidis,et al.  Preventing Location-Based Identity Inference in Anonymous Spatial Queries , 2007, IEEE Transactions on Knowledge and Data Engineering.

[61]  Chao Li,et al.  Decentralized Privacy-Preserving Timed Execution in Blockchain-Based Smart Contract Platforms , 2018, 2018 IEEE 25th International Conference on High Performance Computing (HiPC).

[62]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[63]  Ian F. Blake,et al.  Scalable, Server-Passive, User-Anonymous Timed Release Public Key Encryption from Bilinear Pairing , 2004, IACR Cryptol. ePrint Arch..

[64]  Rodrigo Rodrigues,et al.  High Availability in DHTs: Erasure Coding vs. Replication , 2005, IPTPS.

[65]  Takahiro Matsuda,et al.  A Generic Construction of Timed-Release Encryption with Pre-open Capability , 2009, IWSEC.

[66]  Sofya Raskhodnikova,et al.  Analyzing Graphs with Node Differential Privacy , 2013, TCC.

[67]  Yehuda Lindell,et al.  A Note on the Relation between the Definitions of Security for Semi-Honest and Malicious Adversaries , 2010, IACR Cryptol. ePrint Arch..

[68]  Andrew Miller,et al.  Zero-Collateral Lotteries in Bitcoin and Ethereum , 2016, 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[69]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[70]  Chao Li,et al.  ReverseCloak: Protecting Multi-level Location Privacy over Road Networks , 2015, CIKM.

[71]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[72]  Benjamin C. M. Fung,et al.  Differentially private transit data publication: a case study on the montreal transportation system , 2012, KDD.

[73]  David Moore,et al.  Replication Strategies for Highly Available Peer-to-Peer Storage , 2002, Future Directions in Distributed Computing.

[74]  Amos Azaria,et al.  Analyzing the Effectiveness of Adversary Modeling in Security Games , 2013, AAAI.

[75]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[76]  Ben Y. Zhao,et al.  Sharing graphs using differentially private graph models , 2011, IMC '11.

[77]  Claudio Orlandi,et al.  Is multiparty computation any good in practice? , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[78]  Chi-Yin Chow,et al.  Privacy in location-based services: a system architecture perspective , 2009, SIGSPACIAL.

[79]  Chao Li,et al.  Group privacy-aware disclosure of association graph data , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[80]  Alon Rosen,et al.  Rational Sumchecks , 2015, TCC.

[81]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[82]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[83]  Chao Li,et al.  Decentralized Release of Self-Emerging Data using Smart Contracts , 2018, 2018 IEEE 37th Symposium on Reliable Distributed Systems (SRDS).

[84]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[85]  Sofya Raskhodnikova,et al.  Private analysis of graph structure , 2011, Proc. VLDB Endow..

[86]  Hideki Imai,et al.  Time-Specific Encryption from Forward-Secure Encryption , 2012, SCN.

[87]  Dawn M. Cappelli,et al.  The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures , 2008, Insider Attack and Cyber Security.

[88]  Jia Liu,et al.  Time-release Protocol from Bitcoin and Witness Encryption for SAT , 2015 .

[89]  George J. Pappas,et al.  Gradually Releasing Private Data under Differential Privacy , 2015 .

[90]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[91]  Yan Zhang,et al.  RescueDP: Real-time spatio-temporal crowd-sourced data publishing with differential privacy , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[92]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[93]  Divesh Srivastava,et al.  DPT: Differentially Private Trajectory Synthesis Using Hierarchical Reference Systems , 2015, Proc. VLDB Endow..

[94]  Jonathan Katz,et al.  Fair Computation with Rational Players , 2012, EUROCRYPT.

[95]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[96]  Jung Hee Cheon,et al.  Provably Secure Timed-Release Public Key Encryption , 2008, TSEC.

[97]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .