A mobile agent-based privacy protection mechanism in solving multi-party computation problems

A multi-party computation (MPC) allows n parties to compute an agreed-upon function of their inputs and every party learns the correct function output. To solve a multi-party computation problem (MPCP), the participants may need to share their private data (inputs) between one another, resulting in data privacy loss. The key research issue that has been addressed in this thesis is how to solve multi-party computation problems without disclosing anyone’s private data to others. Firstly, by studying and analyzing the traditional computational models, we have devised a privacy loss model for multi-party computation problems and proposed a novel metric, called the Min privacy metric, for quantitatively measuring the amount of data privacy loss in solving the MPCPs. Then, we have presented a mobile agentbased scheduling algorithm that applies pseudonymization technique to reduce data privacy loss. Finally, we have proposed the security system design, including security policies and security architecture, of an agent server platform for enhancing data privacy protection while solving the MPCPs. The privacy loss model has identified three factors affecting the amount of privacy loss in solving the MPCPs: (1) the fraction of private data which is shared with others, (2) the probability of associating the shared private data with the data subject, and (3) the probability of disclosing the shared private data to unauthorized parties. Privacy loss can be reduced by any mechanisms which reduces the values of any of the three factors. The proposed Min privacy metric accounts for the number of participants that lose their private data and the amount of private data disclosed to unauthorized parties, regardless of how many parties they are revealed to. Existing scheduling algorithms aim for a global objective function. As a result, they incur performance penalties in computational complexity and data privacy. This thesis describes a mobile agent-based scheduling scheme called Efficient and Privacyaware Meeting Scheduling (EPMS), which results in a tradeoff among complexity,

[1]  Milind Tambe,et al.  Taking DCOP to the real world: efficient complete solutions for distributed multi-event scheduling , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[2]  O. E. Dial,et al.  The social impact of computers , 1970, AFIPS '70 (Spring).

[3]  Robert Boguslaw,et al.  Privacy and Freedom , 1968 .

[4]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[5]  Hong Shen,et al.  An Efficient Protocol for the Problem of Secure Two-party Vector Dominance , 2005, Sixth International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT'05).

[6]  Milind Tambe,et al.  Valuations of Possible States (VPS): a quantitative framework for analysis of privacy loss among collaborative personal assistant agents , 2005, AAMAS '05.

[7]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[8]  Roger L. Kay How to Implement Trusted Computing A Guide to Tighter Enterprise Security , 2006 .

[9]  Milind Tambe,et al.  Privacy Loss in Distributed Constraint Reasoning: A Quantitative Framework for Analysis and its Applications , 2006, Autonomous Agents and Multi-Agent Systems.

[10]  Daniel Hagimont,et al.  A performance evaluation of the mobile agent paradigm , 1999, OOPSLA '99.

[11]  Wenliang Du,et al.  Secure Multi-party Computational Geometry , 2001, WADS.

[12]  Shafi Goldwasser,et al.  Multi party computations: past and present , 1997, PODC '97.

[13]  Martin Hirt,et al.  Upper Bounds on the Communication Complexity of Optimally Resilient Cryptographic Multiparty Computation , 2005, ASIACRYPT.

[14]  Marius-Calin Silaghi,et al.  Distributed constraint satisfaction and optimization with privacy enforcement , 2004, Proceedings. IEEE/WIC/ACM International Conference on Intelligent Agent Technology, 2004. (IAT 2004)..

[15]  Yvo Desmedt,et al.  Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[16]  John Davin,et al.  Impact of problem centralization in distributed constraint optimization algorithms , 2005, AAMAS '05.

[17]  Sandip Sen,et al.  An automated meeting scheduling system that utilizes user preferences , 1997, AGENTS '97.

[18]  Sandip Sen,et al.  Satisfying user preferences while negotiating meetings , 1997, Int. J. Hum. Comput. Stud..

[19]  Wenliang Du,et al.  A study of several specific secure two-party computation problems , 2001 .

[20]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[21]  Sushil Jajodia,et al.  Performance optimizations for group key management schemes , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[22]  Krista Bennett,et al.  LINGUISTIC STEGANOGRAPHY: SURVEY, ANALYSIS, AND ROBUSTNESS CONCERNS FOR HIDING INFORMATION IN TEXT , 2004 .

[23]  Martin Hirt,et al.  Efficient Multi-party Computation with Dispute Control , 2006, TCC.

[24]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[25]  Makoto Yokoo,et al.  Secure distributed constraint satisfaction: reaching agreement without revealing private information , 2002, Artif. Intell..

[26]  Toramatsu Shintani,et al.  Scheduling Meetings Using Distributed Valued Constraint Satisfaction Algorithm , 2000, ECAI.

[27]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[28]  Makoto Yokoo,et al.  The Distributed Constraint Satisfaction Problem: Formalization and Algorithms , 1998, IEEE Trans. Knowl. Data Eng..

[29]  Eiji Kamioka,et al.  An Efficient and Privacy-Aware Meeting Scheduling Scheme Using Common Computational Space , 2007, IEICE Trans. Inf. Syst..

[30]  Makoto Yokoo,et al.  Adopt: asynchronous distributed constraint optimization with quality guarantees , 2005, Artif. Intell..

[31]  Eiji Kamioka,et al.  A Mobile Agent based Computing Model for Enhancing Privacy in Multi-party Collaborative Problem solving , 2006 .

[32]  Khaled Ghédira,et al.  A Multi-Agent Model for the Resource Allocation Problem: A Reactive Approach , 1992, ECAI.

[33]  Wenliang Du,et al.  Privacy-preserving cooperative scientific computations , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[34]  Xavier Défago,et al.  Agent-based approach to dynamic meeting scheduling problems , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[35]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[36]  Richard A. Kemmerer,et al.  A practical approach to identifying storage and timing channels: twenty years later , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[37]  J. Rubenfeld The Right of Privacy , 1989 .

[38]  Victor R. Lesser,et al.  The Hearsay-II Speech-Understanding System: Integrating Knowledge to Resolve Uncertainty , 1980, CSUR.

[39]  Eugene C. Freuder,et al.  Privacy/Efficiency Tradeoffs in Distributed Meeting Scheduling by Constraint- Based Agents 1 , 2001 .

[40]  Josep Domingo-Ferrer,et al.  A nonrepudiable bitstring commitment scheme based on a public-key cryptosystem , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[41]  Christian Cachin,et al.  Efficient private bidding and auctions with an oblivious third party , 1999, CCS '99.

[42]  Ueli Maurer,et al.  Robustness for Free in Unconditional Multi-party Computation , 2001, CRYPTO.

[43]  Joachim Biskup,et al.  Recent Advances in Intrusion Detection , 2000, Lecture Notes in Computer Science.

[44]  Brian D. Snow Four Ways to Improve Security , 2005, IEEE Secur. Priv..

[45]  Bart De Decker,et al.  On Securely Scheduling a Meeting , 2001, SEC.

[46]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[47]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[48]  Douglas M. Blough,et al.  Data obfuscation: anonymity and desensitization of usable data sets , 2004, IEEE Security & Privacy Magazine.

[49]  Joachim Biskup,et al.  On Pseudonymization of Audit Data for Intrusion Detection , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[50]  Norman M. Sadeh,et al.  Distributed constrained heuristic search , 1991, IEEE Trans. Syst. Man Cybern..

[51]  Victor R. Lesser,et al.  Solving distributed constraint optimization problems using cooperative mediation , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[52]  Danny B. Lange,et al.  Programming and Deploying Java¿ Mobile Agents with Aglets¿ , 1998 .

[53]  Gilles Brassard,et al.  All-or-Nothing Disclosure of Secrets , 1986, CRYPTO.

[54]  Makoto Yokoo Distributed Constraint Satisfaction Problem , 2001 .

[55]  Milind Tambe,et al.  Experimental analysis of privacy loss in DCOP algorithms , 2006, AAMAS '06.

[56]  S. Margulis Conceptions of Privacy: Current Status and Next Steps , 1977 .

[57]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[58]  V.V.S. Raveendra Inside java 2 platform security: architecture, API design and implementation [Book Review] , 2002, IEEE Software.

[59]  Virgil D. Gligor A Guide to Understanding Trusted Facility Management. Version 1 , 1989 .

[60]  Ehud Gudes,et al.  Solving a Real-life Time Tabling and Transportation Problem Using Distributed CSP Techniques. , 1997 .

[61]  Francesca Rossi,et al.  Multi-agent meeting scheduling with preferences: efficiency, privacy loss, and solution quality , 2002 .