Emiliano De Cristofaro

Practical private set intersection protocols with linear complexity

The constantly increasing dependence on anytime-anywhere availability of data and the commensurately increasing fear of losing privacy motivate the need for privacy-preserving techniques. One interesting and common problem occurs when two parties need to privately compute an intersection of their respective sets of data. In doing so, one or both parties must obtain the intersection (if one exists), while neither should learn anything about other set elements. Although prior work has yielded a number of effective and elegant Private Set Intersection (PSI) techniques, the quest for efficiency is still underway. This paper explores some PSI variations and constructs several secure protocols that are appreciably more efficient than the state-of-the-art.

Linear-complexity private set intersection protocols secure in malicious model

Private Set Intersection (PSI) protocols allow one party (“client”) to compute an intersection of its input set with that of another party (“server”), such that the client learns nothing other than the set intersection and the server learns nothing beyond client input size. Prior work yielded a range of PSI protocols secure under different cryptographic assumptions. Protocols operating in the semi-honest model offer better (linear) complexity while those in the malicious model are often significantly more costly. In this paper, we construct PSI and Authorized PSI (APSI) protocols secure in the malicious model under standard cryptographic assumptions, with both linear communication and computational complexities. To the best of our knowledge, our APSI is the first solution to do so. Finally, we show that our linear PSI is appreciably more efficient than the state-of-the-art.

Countering GATTACA: efficient and secure testing of fully-sequenced human genomes

Recent advances in DNA sequencing technologies have put ubiquitous availability of fully sequenced human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store ones own DNA sequence. Widespread and affordable availability of fully sequenced genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using digitized genomes. New applications will be developed as genome-enabled medicine becomes increasingly preventive and personalized. However, this progress also prompts significant privacy challenges associated with potential loss, theft, or misuse of genomic data. In this paper, we begin to address genomic privacy by focusing on three important applications: Paternity Tests, Personalized Medicine, and Genetic Compatibility Tests. After carefully analyzing these applications and their privacy requirements, we propose a set of efficient techniques based on private set operations. This allows us to implement in in silico some operations that are currently performed via in vitro methods, in a secure fashion. Experimental results demonstrate that proposed techniques are both feasible and practical today.

Fast and Private Computation of Cardinality of Set Intersection and Union

In many everyday scenarios, sensitive information must be shared between parties without complete mutual trust. Private set operations are particularly useful to enable sharing information with privacy, as they allow two or more parties to jointly compute operations on their sets (e.g., intersection, union, etc.), such that only the minimum required amount of information is disclosed. In the last few years, the research community has proposed a number of secure and efficient techniques for Private Set Intersection (PSI), however, somewhat less explored is the problem of computing the magnitude, rather than the contents, of the intersection – we denote this problem as Private Set Intersection Cardinality (PSI-CA). This paper explores a few PSI-CA variations and constructs several protocols that are more efficient than the state-of-the-art.

Participatory privacy: Enabling privacy in participatory sensing

Participatory sensing is an emerging computing paradigm that enables the distributed collection of data by self-selected participants. It allows the increasing number of mobile phone users to share local knowledge acquired by their sensor-equipped devices (e.g., to monitor temperature, pollution level, or consumer pricing information). While research initiatives and prototypes proliferate, their real-world impact is often bounded to comprehensive user participation. If users have no incentive, or feel that their privacy might be endangered, it is likely that they will not participate. In this article, we focus on privacy protection in participatory sensing and introduce a suitable privacy-enhanced infrastructure. First, we provide a set of definitions of privacy requirements for both data producers (i.e., users providing sensed information) and consumers (i.e., applications accessing the data). Then we propose an efficient solution designed for mobile phone users, which incurs very low overhead. Finally, we discuss a number of open problems and possible research directions.

Short paper: PEPSI---privacy-enhanced participatory sensing infrastructure

Participatory Sensing combines the ubiquity of mobile phones with the sensing capabilities of Wireless Sensor Networks. It targets the pervasive collection of information, e.g., temperature, traffic conditions, or medical data. Users produce measurements from their mobile devices, thus, a number of privacy concerns -- due to the personal information conveyed by reports -- may hinder the large-scale deployment of participatory sensing applications. Prior work has attempted to protect privacy in participatory sensing, but it relied on unrealistic assumptions and achieved no provably-secure guarantees. In this paper, we introduce PEPSI: Privacy-Enhanced Participatory Sensing Infrastructure. We explore realistic architectural assumptions and a minimal set of formal requirements aiming at protecting privacy of both data producers and consumers. We also present an instantiation that attains privacy guarantees with provable security at very low additional computational cost and almost no extra communication overhead. Finally, we highlight some problems that call for further research in this developing area.

Genodroid: are privacy-preserving genomic tests ready for prime time?

As fast and accurate sequencing of human genomes becomes affordable, it is expected that individuals will soon be able to carry around copies of their sequenced DNA, using it for medical, identification, and social purposes. This will undoubtedly prompt a wide range of new and interesting genomic applications. However, the very same progress raises some worrisome privacy issues, since a genome represents a treasure trove of highly personal and sensitive information. Some recent research explored privacy-preserving personal genomic operations by applying (or customizing) cryptographic protocols based on techniques such as: conditional oblivious transfer, garbled circuits, and homomorphic encryption. In this paper, we take this line of work a step further by investigating real-world practicality and usability of (as well as interest in) some of these methods. Motivated by both medical and social applications, we aim to test viability of privacy-agile computational genomic tests in a portable and pervasive setting of modern smartphones. We design a personal genomic toolkit (called GenoDroid), implement it on the Android platform, assess its performance, and conduct a pilot usability study that yields some interesting results.

Efficient techniques for privacy-preserving sharing of sensitive information

The need for privacy-preserving sharing of sensitive information occurs in many different and realistic everyday scenarios, ranging from national security to social networking. A typical setting involves two parties: one seeks information from the other without revealing the interest while the latter is either willing, or compelled, to share only the requested information. This poses two challenges: (1) how to enable sharing such that parties learn no information beyond what they are entitled to, and (2) how to do so efficiently, in real-world practical terms. This paper explores the notion of Privacy-Preserving Sharing of Sensitive Information (PPSSI), and provides a concrete and efficient instantiation, modeled in the context of simple database querying. Proposed approach functions as a privacy shield to protect parties from disclosing more than the required minimum of their respective sensitive information. PPSSI deployment prompts several challenges, which are addressed in this paper. Extensive experimental results attest to the practicality of attained privacy features and show that our approach incurs quite low overhead (e.g., 10% slower than standard MySQL).

EphPub: Toward robust Ephemeral Publishing

The increasing amount of personal and sensitive information disseminated over the Internet prompts commen-surately growing privacy concerns. Digital data often lingers indefinitely and users lose its control. This motivates the desire to restrict content availability to an expiration time set by the data owner. This paper presents and formalizes the notion of Ephemeral Publishing (EphPub), to prevent the access to expired content. We propose an efficient and robust protocol that builds on the Domain Name System (DNS) and its caching mechanism. With EphPub, sensitive content is published encrypted and the key material is distributed, in a steganographic manner, to randomly selected and independent resolvers. The availability of content is then limited by the evanescence of DNS cache entries. The EphPub protocol is transparent to existing applications, and does not rely on trusted hardware, centralized servers, or user proactive actions. We analyze its robustness and show that it incurs a negligible overhead on the DNS infrastructure. We also perform a large-scale study of the caching behavior of 900K open DNS resolvers. Finally, we propose Firefox and Thunderbird extensions that provide ephemeral publishing capabilities, as well as a command-line tool to create ephemeral files.

Secure genomic testing with size- and position-hiding private substring matching

Recent progress in genomics and bioinformatics is bringing complete and on-demand sequencing of human (and other) genomes closer and closer to reality. Despite exciting new opportunities, affordable and ubiquitous genome sequencing prompts some serious privacy and ethical concerns, owing to extreme sensitivity and uniqueness of genomic information. At the same time, new medical applications, such as personalized medicine, require testing genomes for specific markers that themselves represent sensitive (e.g., proprietary) material. This paper focuses on privacy challenges posed by such genetic tests. It presents a secure and efficient protocol called: Size- and Position-Hiding Private Substring Match- ing (SPH-PSM). This protocol allows two parties -- one with a digitized genome and the other with a set of DNA markers -- to conduct a test, such that the result is only learned by the former, and no other information is learned by either party. In particular, the genome owner does not even learn the size or the position of the markers, which makes SPH-PSM the first of its kind. Finally, we report on a prototype of the proposed technique which attests to its practicality.