Differential Privacy by Typing in Security Protocols

Differential privacy is a confidentiality property for database queries which allows for the release of statistical information about the content of a database without disclosing personal data. The variety of database queries and enforcement mechanisms has recently sparked the development of a number of mechanized proof techniques for differential privacy. Personal data, however, are often spread across multiple databases and queries have to be jointly computed by multiple, possibly malicious, parties. Many cryptographic protocols have been proposed to protect the data in transit on the network and to achieve differential privacy in a distributed, adversarial setting. Proving differential privacy for such protocols is hard and, unfortunately, out of the scope of the aforementioned mechanized proof techniques. In this work, we present the first framework for the mechanized verification of distributed differential privacy. We propose a symbolic definition of differential privacy for distributed databases, which takes into account Dolev-Yao intruders and can be used to reason about compromised parties. Furthermore, we develop a linear, distance-aware type system to statically and automatically enforce distributed differential privacy in cryptographic protocol implementations (expressed in the RCF calculus). We also provide an algorithmic variant of our type system, which we prove sound and complete. Finally, we tested our analysis technique on a recently proposed protocol for privacy-preserving web analytics: we discovered a new attack acknowledged by the authors, proposed a fix, and successfully type-checked the revised variant.

[1]  Arvind,et al.  M-Structures: Extending a Parallel, Non-strict, Functional Language with State , 1991, FPCA.

[2]  Benjamin C. Pierce,et al.  Distance makes the types grow stronger: a calculus for differential privacy , 2010, ICFP '10.

[3]  Eran Omri,et al.  Distributed Private Data Analysis: On Simultaneously Solving How and What , 2008, CRYPTO.

[4]  Michele Bugliesi,et al.  Authenticity by tagging and typing , 2004, FMSE '04.

[5]  Andrew D. Gordon,et al.  Refinement Types for Secure Implementations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[6]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[7]  Michael Backes,et al.  Union and Intersection Types for Secure Protocol Implementations , 2011, TOSCA.

[8]  Riccardo Focardi,et al.  Types for Security Protocols , 2011, Formal Models and Techniques for Analyzing Security Protocols.

[9]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[10]  Michele Bugliesi,et al.  Logical Foundations of Secure Resource Management in Protocol Implementations , 2013, POST.

[11]  Kunal Talwar,et al.  Mechanism Design via Differential Privacy , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[12]  Sofya Raskhodnikova,et al.  What Can We Learn Privately? , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[13]  Johannes Gehrke,et al.  Towards Privacy for Social Networks: A Zero-Knowledge Based Definition of Privacy , 2011, TCC.

[14]  Paul Francis,et al.  Non-tracking web analytics , 2012, CCS.

[15]  James H. Morris Protection in programming languages , 1973, CACM.

[16]  Pierre-Yves Strub,et al.  Modular code-based cryptographic verification , 2011, CCS '11.

[17]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[18]  Del Bueno Dj No free lunch. , 1978 .

[19]  Martin Hofmann,et al.  Type inference in intuitionistic linear logic , 2010, PPDP.

[20]  Toniann Pitassi,et al.  The Limits of Two-Party Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[21]  Sumit Gulwani,et al.  Proving programs robust , 2011, ESEC/FSE '11.

[22]  Martín Abadi,et al.  Secrecy Types for Asymmetric Communication , 2001, FoSSaCS.

[23]  Andreas Haeberlen,et al.  Differential Privacy Under Fire , 2011, USENIX Security Symposium.

[24]  Michael Backes,et al.  Automated Synthesis of Secure Distributed Applications , 2012, NDSS.

[25]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[26]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2004 .

[27]  Frank Pfenning,et al.  Efficient resource management for linear logic proof search , 1996, Theor. Comput. Sci..

[28]  Michele Bugliesi,et al.  Analysis of typed analyses of authentication protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[29]  Michael Backes,et al.  Computationally sound verification of source code , 2010, CCS '10.

[30]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[31]  Matteo Maffei,et al.  Security and Privacy by Declarative Design , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[32]  Raghav Bhaskar,et al.  Noiseless Database Privacy , 2011, ASIACRYPT.

[33]  Benjamin C. Pierce,et al.  A bisimulation for dynamic sealing , 2007, Theor. Comput. Sci..

[34]  Juan Chen,et al.  Secure distributed programming with value-dependent types , 2013, J. Funct. Program..

[35]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.

[36]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[37]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[38]  M. Backes Automated Synthesis of Privacy-Preserving Distributed Applications , 2011 .

[39]  Dilsun Kirli Kaynar,et al.  Formal Verification of Differential Privacy for Interactive Systems , 2011, ArXiv.

[40]  Michele Bugliesi,et al.  Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[41]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[42]  Yitao Duan Privacy without noise , 2009, CIKM.

[43]  Sanjeev Khanna,et al.  Distributed Private Heavy Hitters , 2012, ICALP.

[44]  Gilles Barthe,et al.  Probabilistic Relational Reasoning for Differential Privacy , 2012, TOPL.

[45]  Daniel A. Spielman,et al.  Spectral Graph Theory and its Applications , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[46]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[47]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[48]  Michele Bugliesi,et al.  Compositional Analysis of Authentication Protocols , 2004, ESOP.

[49]  Ashwin Machanavajjhala,et al.  No free lunch in data privacy , 2011, SIGMOD '11.

[50]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[51]  Michele Bugliesi,et al.  Dynamic types for authentication , 2007, J. Comput. Secur..

[52]  Andrew D. Gordon,et al.  Modular verification of security protocol code by typing , 2010, POPL '10.

[53]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[54]  Paul Francis,et al.  Towards Statistical Queries over Distributed Private User Data , 2012, NSDI.

[55]  Andrew D. Gordon,et al.  Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, USA, 23-25 June 2008 , 2008, CSF.

[56]  Andreas Haeberlen,et al.  Linear dependent types for differential privacy , 2013, POPL.