Fang-Yu Rao

Privacy-Preserving and Outsourced Multi-user K-Means Clustering

Many techniques for privacy-preserving data mining (PPDM) have been investigated over the past decade. Such techniques, however, usually incur heavy computational and communication cost on the participating parties and thus entities with limited resources may have to refrain from participating in the PPDM process. To address this issue, one promising solution is to outsource the tasks to the cloud environment. In this paper, we propose a novel and efficient solution to privacy-preserving outsourced distributed clustering (PPODC) for multiple users based on the k-means clustering algorithm. The main novelty of our solution lies in avoiding the secure division operations required in computing cluster centers through efficient transformation techniques. In addition, we discuss two strategies, namely offline computation and pipelined execution that aim to boost the performance of our protocol. We implement our protocol on a cluster of 16 nodes and demonstrate how our two strategies combined with parallelism can significantly improve the performance of our protocol through extensive experiments using a real dataset.

Efficient tree pattern queries on encrypted XML documents

Outsourcing XML documents is a challenging task, because it encrypts the documents, while still requiring efficient query processing. Past approaches on this topic either leak structural information or fail to support searching that has constraints on XML node content. In addition, they adopt a filtering-and-refining framework, which requires the users to prune false positives from the query results. To address these problems, we present a solution for efficient evaluation of tree pattern queries (TPQs) on encrypted XML documents. We create a domain hierarchy, such that each XML document can be embedded in it. By assigning each node in the hierarchy a position, we create for each document a vector, which encodes both the structural and textual information about the document. Similarly, a vector is created also for a TPQ. Then, the matching between a TPQ and a document is reduced to calculating the distance between their vectors. For the sake of privacy, such vectors are encrypted before being outsourced. To improve the matching efficiency, we use a k-d tree to partition the vectors into non-overlapping subsets, such that non-matchable documents are pruned as early as possible. The extensive evaluation shows that our solution is efficient and scalable to large dataset.

ID2S Password-Authenticated Key Exchange Protocols

In a two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the password of the client. In case one server is compromised by an adversary, the password of the client is required to remain secure. In this paper, we present two compilers that transform any two-party PAKE protocol to a two-server PAKE protocol on the basis of the identity-based cryptography, called ID2S PAKE protocol. By the compilers, we can construct ID2S PAKE protocols which achieve implicit authentication. As long as the underlying two-party PAKE protocol and identity-based encryption or signature scheme have provable security without random oracles, the ID2S PAKE protocols constructed by the compilers can be proven to be secure without random oracles. Compared with the Katz et al.s two-server PAKE protocol with provable security without random oracles, our ID2S PAKE protocol can save from 22 to 66 percent of computation in each server.

A hybrid private record linkage scheme: Separating differentially private synopses from matching records

Private record linkage protocols allow multiple parties to exchange matching records, which refer to the same entities or have similar values, while keeping the non-matching ones secret. Conventional protocols are based on computationally expensive cryptographic primitives and therefore do not scale. To address these scalability issues, hybrid protocols have been recently proposed that combine differential privacy techniques with secure multiparty computation techniques. However, a drawback of such protocols is that they disclose to the parties both the matching records and the differentially private synopses of the datasets involved in the linkage. Consequently, differential privacy is no longer always satisfied. To address this issue, we propose a novel framework, which separates the private synopses from the matching records. The two parties do not access the synopses directly, but still use them to efficiently link records. We theoretically prove the security of our framework. In addition, we have developed a simple but effective strategy for releasing private synopses. Extensive experimental results show that our framework is superior to the existing methods in terms of both recall rate and efficiency.

Privacy-Preserving Assessment of Social Network Data Trustworthiness

Extracting useful knowledge from social network datasets is a challenging problem. To add to the difficulty of this problem, privacy concerns that exist for many social network datasets have restricted the ability to analyze these networks and consequently to maximize the knowledge that can be extracted from them. This paper addresses this issue by introducing the problem of data trustworthiness in social networks when repositories of anonymized social networks exist that can be used to assess such trustworthiness. Three trust score computation models (absolute, relative, and weighted) that can be instantiated for specific anonymization models are defined and algorithms to calculate these trust scores are developed. Using both real and synthetic social networks, the usefulness of the trust score computation is validated through a series of experiments.

Privacy-Preserving Protocols for Shortest Path Discovery over Outsourced Encrypted Graph Data

Outsourcing data and computation to the cloud is increasingly common. However, the data to be outsourced is often privacy-sensitive (e.g., geospatial data, social network data, and Internet network traffic data) and thus it is typically outsourced after being properly encrypted. Graph is one of the most common ways to model and represent the data in many applications, including geospatial data in geographic information systems. In this paper, we consider the following problem: given a graph G, representing for example road or social networks, outsourced to a cloud in encrypted format, the user wants to privately retrieve from G the shortest path from a source s to a destination t. We refer to this problem as Privacy-preserving Shortest Path discovery over Encrypted Graph (PSPEG) data. We propose two novel PSPEG protocols under different security and efficiency guarantees. The first protocol enables one to retrieve the shortest path under a single-cloud setting whereas the second protocol is proposed under a federated cloud environment. Our theoretical and empirical analyses show that the proposed protocols provide a trade-off between efficiency and security.

Practical privacy-preserving user profile matching in social networks

In this paper, we consider a scenario where a user queries a user profile database, maintained by a social networking service provider, to find out some users whose profiles are similar to the profile specified by the querying user. A typical example of this application is online dating. Most recently, an online data site, Ashley Madison, was hacked, which results in disclosure of a large number of dating user profiles. This serious data breach has urged researchers to explore practical privacy protection for user profiles in online dating. In this paper, we give a privacy-preserving solution for user profile matching in social networks by using multiple servers. Our solution is built on homomorphic encryption and allows a user to find out some matching users with the help of the multiple servers without revealing to anyone privacy of the query and the queried user profiles. Our solution achieves user profile privacy and user query privacy as long as at least one of the multiple servers is honest. Our implementation and experiments demonstrate that our solution is practical.

Privacy-preserving assessment of location data trustworthiness

Assessing the trustworthiness of location data corresponding to individuals is essential in several applications, such as forensic science and epidemic control. To obtain accurate and trustworthy location data, analysts must often gather and correlate information from several independent sources, e.g., physical observation, witness testimony, surveillance footage, etc. However, such information may be fraudulent, its accuracy may be low, and its volume may be insufficient to ensure highly trustworthy data. On the other hand, recent advancements in mobile computing and positioning systems, e.g., GPS-enabled cell phones, highway sensors, etc., bring new and effective technological means to track the location of an individual. Nevertheless, collection and sharing of such data must be done in ways that do not violate an individuals right to personal privacy. Previous research efforts acknowledged the importance of assessing location data trustworthiness, but they assume that data is available to the analyst in direct, unperturbed form. However, such an assumption is not realistic, due to the fact that repositories of personal location data must conform to privacy regulations. In this paper, we study the challenging problem of refining trustworthiness of location data with the help of large repositories of anonymized information. We show how two important trustworthiness evaluation techniques, namely common pattern analysis and conflict/support analysis, can benefit from the use of anonymized location data. We have implemented a prototype of the proposed privacy-preserving trustworthiness evaluation techniques, and the experimental results demonstrate that using anonymized data can significantly help in improving the accuracy of location trustworthiness assessment.