A Privacy Enhancing Scheme for Mobile Devices Based Secure Multi-party Computation System

Mobile devices, such as smart phones, have recently become the typical computing platforms for many users. Consequently, in practice more and more multi-party computation systems are deployed on users’ mobile devices, resulting in various applications such as mobile outsourcing computing and mobile cooperative computing. However, as the mobile platforms may have inherent flaws, the connection of mobile devices and multi-party computation systems usually arouse new security risks. We point out that an application in one party’s mobile device can be a powerful privileged attacker to the multi-party computation system. Previous studies have mainly focused on avoiding the privacy leaks of one or several malicious parties or eavesdroppers on the Internet. This paper presents a privacy enhancing scheme for a kind of secure multi-party computation systems. The scheme can resist the privileged attackers from the party’s mobile device. Our scheme transforms the original computation process and puts the critical calculation process into trusted execution environment. We provide three components to build a privacy-enhanced multi-party computation system with our scheme. Our scheme is implemented to an actual secure multi-party computation system to demonstrate its validity and acceptable performance overhead.

[1]  Liina Kamm,et al.  Privacy-preserving statistical analysis using secure multi-party computation , 2015 .

[2]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[3]  Marvin Wißfeld ArtHook: Callee-side Method Hook Injection on the New Android Runtime ART , 2015 .

[4]  M. Little,et al.  Detecting coordinated attacks in tactical wireless networks using cooperative signature-based detectors , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[5]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[6]  Limin Sun,et al.  Achieving privacy preservation in WiFi fingerprint-based localization , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[7]  Wenliang Du,et al.  Secure multi-party computation problems and their applications: a review and open problems , 2001, NSPW '01.

[8]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[9]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[10]  Xuxian Jiang,et al.  Catch Me If You Can: Evaluating Android Anti-Malware Against Transformation Attacks , 2014, IEEE Transactions on Information Forensics and Security.

[11]  Christopher Krügel,et al.  BOOMERANG: Exploiting the Semantic Gap in Trusted Execution Environments , 2017, NDSS.

[12]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[13]  Philip S. Yu,et al.  A General Survey of Privacy-Preserving Data Mining Models and Algorithms , 2008, Privacy-Preserving Data Mining.

[14]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[15]  Ahmad-Reza Sadeghi,et al.  Privilege Escalation Attacks on Android , 2010, ISC.

[16]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[17]  Kevin Coogan,et al.  Deobfuscation of virtualization-obfuscated software: a semantics-based approach , 2011, CCS '11.

[18]  Amit Sahai,et al.  Secure Multi-Party Computation , 2013 .

[19]  Cong Wang,et al.  Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data , 2014 .

[20]  Brent Byunghoon Kang,et al.  SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment , 2015, NDSS.

[21]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[22]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[23]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[24]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..