Big Data is Watching You: Privacy in the Cloud Computing Era

September 20th - 21st, 2016

Etienne Riviere

Dr Etienne Riviere, University of Neuchâtel

Dr Hugues Mercier, University of Neuchâtel

Dr Valerio Schiavoni, University of Neuchâtel

Dr Dan Bogdanov, Cybernetica (Estonia)

Prof. Manuel Barbosa, University of Porto (Portugal)

Dr Sonia Ben Mokhtar, CNRS (France)

Dr Florian Kerschbaum, SAP AG (Germany)

The ability to infer intelligence from the large mass of information generated by people and connected objects characterizes the Big Data era. Big Data applications typically run in the cloud, which takes the form of massive data centers. The centralization of information allows cloud operators and Internet companies to correlate information from multiple sources, allowing the fine-grain profiling of the users. Often, this profiling reveals more personal information than the users would like. Recent revelations by whistleblowers about the generalized surveillance performed by some countries also raises awareness in the general population about the need for better control of the confidentiality and access to personal data, and about privacy concerns in general. Correlatively, many industries remain reluctant to move their IT to the cloud due to similar concerns about the privacy of their data and the risk of information leakage. Privacy is generally considered as the major impediment preventing these companies from moving to the cloud, while they would gain in terms of availability, cost-effectiveness and energy consumption.

We propose with this doctoral school to teach graduate students a spectrum of state-of-the-art methods to address privacy and confidentiality concerns in Big Data applications. The school will feature four lectures by two experts from industry and two experts from academia, who will cover a large spectrum of solutions, from fundamental to practical aspects. Students working in the domain of privacy and security and interested in giving a short presentation about their work should contact the organizers: we can accommodate a few such talks if requested.

Neuchâtel

First day (Tuesday September 20, 2016) – 3 lectures

8h45 - 9h: Registration and introduction

9h - 11h: Dr Manuel Barbosa, HASLab, INESC/TEC, Portugal

High-assurance cryptographic software in privacy-preserving applications (first part)

There is a gap between theoretical security and practical implementations. Provable security gives strong guarantees that a cryptographic construction is secure against efficient black-box adversaries in an abstract model of computation. Yet, implementations of provably secure constructions may be vulnerable to practical attacks, due to implementation errors, side-channels, or simply due to a mismatch between the theoretical model and the real-world setting in which the implementation is used. The exploitation of such vulnerabilities is often reported in the media, but the true impact of these breaches on the privacy of end-users is often unknown, or very coarsely estimated. In this talk we will revisit some illustrative examples of this gap, and we will look at different approaches towards bridging it, including real world cryptography, computer-aided cryptography, and program verification.

11h – 11h30: Coffee break (provided)

11h30 - 12h30: Dr Florian Kerschbaum, SAP AG, Germany

Searching over Encrypted Data

When outsourcing data one does not want to forego the possibility of efficient search. In this talk I will review the basic constructions of search over encrypted data (property-preserving or searchable encryption), relate them to efficiency in search (index construction) and review their leakage profile (i.e. what an attacker in the cloud may learn about the plaintexts).

12h30 - 14h: Lunch (on-site, provided)

14h - 15h: Dr Florian Kerschbaum, SAP AG, Germany

Searching over Encrypted Data

15h - 15h30: Coffee break (provided)

15h30 - 17h30: Dr Dan Bogdanov, R&D team leader, Cybernetica, Estonia

Confidentiality-preserving processing with Sharemind: application, performance and practical aspects

I will introduce a model for data processing using secure multi-party technologies, then quickly discuss some techniques and their capabilities (FHE, OPE, etc). Then I'll focus on secure computing based on secret sharing and our Sharemind implementation. I will explain how we implemented a number of real-world applications and reached a reasonable performance in practice by redesigning algorithms towards greater parallelization and privacy.

Second day (Wednesday September 21, 2016) – 1 lecture

10h - 12h: Dr Sonia Ben Mokhtar, CNRS, LIRIS / INSA Lyon, France

Tell me how you move, I will tell you who you are: latest advances in location privacy protection mechanisms

The widespread adoption of continuously connected smartphones and tablets drove the adoption of mobile applications, among which many use location to provide a geo-located service. The usefulness of these services is no more to be demonstrated; getting directions to work in the morning, leaving a check-in at a restaurant at noon and checking next day's weather in the evening is possible right from any mobile device embedding a GPS chip. In these applications, locations are sent to a server, which uses them to provide personalized answers. However, nothing prevents the latter from gathering, analyzing and possibly sharing the collected information. This opens the door for many threats, as location information allows to infer sensitive information about users, among which one's home, work place or even religious/political preferences. For this reason, many schemes have been proposed these last years to enhance location privacy while still allowing people to enjoy geo-located services. During this lecture, I will present the latest advances in location privacy protection mechanisms and give some insights on open challenges and under-explored questions.

32