Enhancing Privacy in Cookieless Web Advertising : A Comparative Study of Multi-Party Computation and Trusted Execution Environment Solutions for Private Attribution Reporting / Förbättra integriteten i cookieless webbannonsering : En jämförande studie av Multi-Party-beräkningar och pålitlig körmilslösningar för privat hänvisningsrapportering

Massy, Victor

January 2023

The end of third-party cookies has driven the advertising market to seek new solutions. Third-party cookies were widely used to track users’ online activities across websites. However, the growing concern for privacy has led web browsers to put an end to this practice. In this thesis, we explore two potential solutions for private attribution reporting - Multi-Party Computation (MPC) and Trusted Execution Environment (TEE). Attribution reporting is used by advertisers to measure the effectiveness of a marketing campaign. The underlying process requires identifying which advertisement led to a conversion. To test and compare these two technologies, we used the Interoperable Private Attribution (IPA) research prototype developed by Benjamin Case et al. for MPC, and developed our own models for TEE using Intel-SGX. Our TEE models have two distinct approaches: the first model uses EdgelessDB, a SQL database stored inside a secure enclave, which offers a high level of abstraction and flexibility for advertisers. The second model employs Gramine, a library that enables the compilation and execution of code inside a secure enclave. In this solution, the code is written in C and the input data is stored in an encrypted file. We compared the time performance and the security of these models. According to our results, the Gramine model is faster than the other models. Additionally, the security provided by IntelSGX, although dependent on a high level of trust in Intel services, is better than the security offered by an MPC protocol. Based on our tests, TEE is a better solution for attribution reporting. Nevertheless, MPC is a rapidly evolving technology, and new algorithms have been developed our tests. Further testing with a new implementation of MPC could be a potential avenue for future work. / Slutet på third-party cookies har tvingat annonsmarknaden att söka nya lösningar. Third-party cookies användes ofta för att spåra användares aktiviteter på olika webbplatser. Dock har den ökande oro för privatliv ledt webbläsare att avsluta denna praxis. I denna rapport utforskar vi två potentiella lösningar på problemet med attributrapportering - MultiParty Computation (MPC) och Trusted Execution Environment (TEE). Attributrapportering används av annonsörer för att mäta effektiviteten av en marknadsföringskampanj. Underliggande process kräver att identifiera vilken annons som ledde till en konvertering. För att testa och jämföra dessa två teknologier använde vi en Interoperable Private Attribution (IPA) forskningsprototyp utvecklad av Benjamin Case och al. för MPC och utvecklade våra egna modeller för TEE med Intel-SGX. Våra TEE-modeller har två distinkta tillvägagångssätt: den första modellen använder EdgelessDB, en SQL-databas som lagras inuti en säker miljö, vilket erbjuder en hög nivå av abstraktion och flexibilitet för annonsörer. Den andra modellen använder Gramine, en bibliotek som möjliggör kompilering och körning av kod inuti en säker miljö. I denna lösning är koden skriven i C och indata lagras i en krypterad fil. Vi jämförde prestanda och säkerhet för dessa modeller. Enligt våra resultat är Gramine-modellen snabbare än de andra modellerna. Dessutom är säkerheten som tillhandahålls av Intel-SGX, även om den är beroende av en hög nivå av förtroende för Intel-tjänster, bättre än säkerheten som erbjuds av en MPC-protokoll. Baserat på våra tester är TEE en bättre lösning för attributrapportering. Trots detta är MPC en snabbt utvecklande teknologi, och nya algoritmer har ut.

Multiparty computation

Trusted execution envrionment

Web advertising

Private attribution reporting

Flerpartsberäkning

Pålitlig exekveringsmiljö

Webannonsering

Privat attributionsrapportering

Computer Sciences

Datavetenskap (datalogi)

Efficient and Secure Equality-based Two-party Computation

Javad Darivandpour (11190051)

27 July 2021

<div>Multiparty computation refers to a scenario in which multiple distinct yet connected parties aim to jointly compute a functionality. Over recent decades, with the rapid spread of the internet and digital technologies, multiparty computation has become an increasingly important topic. In addition to the integrity of computation in such scenarios, it is essential to ensure that the privacy of sensitive information is not violated. Thus, secure multiparty computation aims to provide sound approaches for the joint computation of desired functionalities in a secure manner: Not only must the integrity of computation be guaranteed, but also each party must not learn anything about the other parties' private data. In other words, each party learns no more than what can be inferred from its own input and its prescribed output.</div><div><br></div><div> This thesis considers secure two-party computation over arithmetic circuits based on additive secret sharing. In particular, we focus on efficient and secure solutions for fundamental functionalities that depend on the equality of private comparands. The first direction we take is providing efficient protocols for two major problems of interest. Specifically, we give novel and efficient solutions for <i>private equality testing</i> and multiple variants of <i>secure wildcard pattern matching</i> over any arbitrary finite alphabet. These problems are of vital importance: Private equality testing is a basic building block in many secure multiparty protocols; and, secure pattern matching is frequently used in various data-sensitive domains, including (but not limited to) private information retrieval and healthcare-related data analysis. The second direction we take towards a performance improvement in equality-based secure two-party computation is via introducing a generic functionality-independent secure preprocessing that results in an overall computation and communication cost reduction for any subsequent protocol. We achieve this by providing the first precise functionality formulation and secure protocols for replacing original inputs with much smaller inputs such that this replacement neither changes the outcome of subsequent computations nor violates the privacy of sensitive inputs. Moreover, our input-size reduction opens the door to a new approach for efficiently solving Private Set Intersection. The protocols we give in this thesis are typically secure in the semi-honest adversarial threat model.</div>

Theoretical Computer Science

Applied Computer Science

Computer System Security

secure two-party computation (S2PC)

Secure Multiparty Computation

Cryptography,

Pattern matching

Algorithm Design

Protocol Design

Language-Based Techniques for Policy-Agnostic Oblivious Computation

Qianchuan Ye (18431691)

28 April 2024

<p dir="ltr">Protecting personal information is growing increasingly important to the general public, to the point that major tech companies now advertise the privacy features of their products. Despite this, it remains challenging to implement applications that do not leak private information either directly or indirectly, through timing behavior, memory access patterns, or control flow side channels. Existing security and cryptographic techniques such as secure multiparty computation (MPC) provide solutions to privacy-preserving computation, but they can be difficult to use for non-experts and even experts.</p><p dir="ltr">This dissertation develops the design, theory and implementation of various language-based techniques that help programmers write privacy-critical applications under a strong threat model. The proposed languages support private structured data, such as trees, that may hide their structural information and complex policies that go beyond whether a particular field of a record is private. More crucially, the approaches described in this dissertation decouple privacy and programmatic concerns, allowing programmers to implement privacy-preserving applications modularly, i.e., to independently develop application logic and independently update and audit privacy policies. Secure-by-construction applications are derived automatically by combining a standard program with a separately specified security policy.</p><p><br></p>

Data and information privacy

Data security and protection

Programming languages

Dependent types

Algebraic data types

Oblivious computation

Multiparty computation

Privacy policies

Information flow control

Functional languages

Chiffrement homomorphe et recherche par le contenu sécurisé de données externalisées et mutualisées : Application à l'imagerie médicale et l'aide au diagnostic / Homomorphic encryption and secure content based image retieval over outsourced data : Application to medical imaging and diagnostic assistance

Bellafqira, Reda

19 December 2017

La mutualisation et l'externalisation de données concernent de nombreux domaines y compris celui de la santé. Au-delà de la réduction des coûts de maintenance, l'intérêt est d'améliorer la prise en charge des patients par le déploiement d'outils d'aide au diagnostic fondés sur la réutilisation des données. Dans un tel environnement, la sécurité des données (confidentialité, intégrité et traçabilité) est un enjeu majeur. C'est dans ce contexte que s'inscrivent ces travaux de thèse. Ils concernent en particulier la sécurisation des techniques de recherche d'images par le contenu (CBIR) et de « machine learning » qui sont au c'ur des systèmes d'aide au diagnostic. Ces techniques permettent de trouver des images semblables à une image requête non encore interprétée. L'objectif est de définir des approches capables d'exploiter des données externalisées et sécurisées, et de permettre à un « cloud » de fournir une aide au diagnostic. Plusieurs mécanismes permettent le traitement de données chiffrées, mais la plupart sont dépendants d'interactions entre différentes entités (l'utilisateur, le cloud voire un tiers de confiance) et doivent être combinés judicieusement de manière à ne pas laisser fuir d'information lors d'un traitement.Au cours de ces trois années de thèse, nous nous sommes dans un premier temps intéressés à la sécurisation à l'aide du chiffrement homomorphe, d'un système de CBIR externalisé sous la contrainte d'aucune interaction entre le fournisseur de service et l'utilisateur. Dans un second temps, nous avons développé une approche de « Machine Learning » sécurisée fondée sur le perceptron multicouches, dont la phase d'apprentissage peut être externalisée de manière sûre, l'enjeu étant d'assurer la convergence de cette dernière. L'ensemble des données et des paramètres du modèle sont chiffrés. Du fait que ces systèmes d'aides doivent exploiter des informations issues de plusieurs sources, chacune externalisant ses données chiffrées sous sa propre clef, nous nous sommes intéressés au problème du partage de données chiffrées. Un problème traité par les schémas de « Proxy Re-Encryption » (PRE). Dans ce contexte, nous avons proposé le premier schéma PRE qui permet à la fois le partage et le traitement des données chiffrées. Nous avons également travaillé sur un schéma de tatouage de données chiffrées pour tracer et vérifier l'intégrité des données dans cet environnement partagé. Le message tatoué dans le chiffré est accessible que l'image soit ou non chiffrée et offre plusieurs services de sécurité fondés sur le tatouage. / Cloud computing has emerged as a successful paradigm allowing individuals and companies to store and process large amounts of data without a need to purchase and maintain their own networks and computer systems. In healthcare for example, different initiatives aim at sharing medical images and Personal Health Records (PHR) in between health professionals or hospitals with the help of the cloud. In such an environment, data security (confidentiality, integrity and traceability) is a major issue. In this context that these thesis works, it concerns in particular the securing of Content Based Image Retrieval (CBIR) techniques and machine learning (ML) which are at the heart of diagnostic decision support systems. These techniques make it possible to find similar images to an image not yet interpreted. The goal is to define approaches that can exploit secure externalized data and enable a cloud to provide a diagnostic support. Several mechanisms allow the processing of encrypted data, but most are dependent on interactions between different entities (the user, the cloud or a trusted third party) and must be combined judiciously so as to not leak information. During these three years of thesis, we initially focused on securing an outsourced CBIR system under the constraint of no interaction between the users and the service provider (cloud). In a second step, we have developed a secure machine learning approach based on multilayer perceptron (MLP), whose learning phase can be outsourced in a secure way, the challenge being to ensure the convergence of the MLP. All the data and parameters of the model are encrypted using homomorphic encryption. Because these systems need to use information from multiple sources, each of which outsources its encrypted data under its own key, we are interested in the problem of sharing encrypted data. A problem known by the "Proxy Re-Encryption" (PRE) schemes. In this context, we have proposed the first PRE scheme that allows both the sharing and the processing of encrypted data. We also worked on watermarking scheme over encrypted data in order to trace and verify the integrity of data in this shared environment. The embedded message is accessible whether or not the image is encrypted and provides several services.

Cloud-Computing

Chiffrement homomorphe

Calcul multipartite sécurisé

Recherche par le contenu

Proxy Re-Encryption

Tatouage des images

Apprentissage automatique sécurisé

Homomorphic encryption

Digital watermarking

Cloud-Computing

Secure machine learning

Secure multiparty computation

Content based image retrieval

004