Periodic Reporting for period 2 - PSOTI (Privacy-preserving Services On The Internet)
Okres sprawozdawczy: 2021-08-01 do 2023-01-31
The PSOTI project addresses privacy concerns with standard Internet services such as email, cloud storage, and online surveys. These services currently require data to be stored in the clear on servers managed by a single service provider. The data is then processed further which requires the data to be unencrypted, infringing on the privacy of the data owner, namely the user of the service. Furthermore, having a single service provider introduces a single point of failure in the system because a successful attack on the service provider can compromise the data of many users.
Privacy has always been an essential human right, but it is often overlooked in today's convenient Internet services that have become an essential part of our lives. Some steps have been taken to limit service providers' power over users, such as the General Data Protection Regulation (GDPR). However, it is challenging to provide privacy-preserving services with a similar set of functionalities and efficiency as the original services.
The primary goal of the PSOTI project is to showcase that certain Internet services can be practical even when privacy is preserved by technical means. More specifically, we provide solutions and demonstrators that allow users to privately send and store data at multiple different service providers, who then securely process the private data using Secure Multi-Party Computation (MPC) protocols. In this way, we can avoid any of the service providers having plaintext access to the data and avoid relying on a single service provider.
Privacy has always been an essential human right, but it is often overlooked in today's convenient Internet services that have become an essential part of our lives. Some steps have been taken to limit service providers' power over users, such as the General Data Protection Regulation (GDPR). However, it is challenging to provide privacy-preserving services with a similar set of functionalities and efficiency as the original services.
The primary goal of the PSOTI project is to showcase that certain Internet services can be practical even when privacy is preserved by technical means. More specifically, we provide solutions and demonstrators that allow users to privately send and store data at multiple different service providers, who then securely process the private data using Secure Multi-Party Computation (MPC) protocols. In this way, we can avoid any of the service providers having plaintext access to the data and avoid relying on a single service provider.
We worked extensively on solutions in the PSOTI project that allow regular users to use their data easily and securely in services that normally violate the users' privacy by handling it in plaintext format. We have successfully built demonstrators that allow the user to securely outsource data to various service providers with very small overhead.
One of our primary goals has been to create efficient query protocols for outsourced data from multiple service providers. We created and implemented several privacy-preserving search methods that can be used in combination with other queries. Furthermore, we have developed novel Private Function Evaluation (PFE) methods to even hide the structure of the queries. As essential building block, we designed special Private Information Retrieval (PIR) techniques that allow retrieving data based on the underlying privacy-preserving query protocol without the service provider learning what was retrieved.
To improve usability, we designed and implemented MPC frameworks that allow even non-security experts to develop privacy-preserving services. Our frameworks are scalable and, if necessary, can be further developed and improved with new cutting-edge protocols in the future. Furthermore, we improved the performance of MPC protocols by utilizing various hardware acceleration techniques and parallelization. We currently have a fully functional MPC framework written in C/C++, and another MPC framework written in Rust with more focus on scalability is under development.
Finally, we worked on specific applications that include secure email and demonstrated their practicality in various settings. We have shown that our techniques outperform previous works and provide practical privacy-preserving solutions for real-world services.
One of our primary goals has been to create efficient query protocols for outsourced data from multiple service providers. We created and implemented several privacy-preserving search methods that can be used in combination with other queries. Furthermore, we have developed novel Private Function Evaluation (PFE) methods to even hide the structure of the queries. As essential building block, we designed special Private Information Retrieval (PIR) techniques that allow retrieving data based on the underlying privacy-preserving query protocol without the service provider learning what was retrieved.
To improve usability, we designed and implemented MPC frameworks that allow even non-security experts to develop privacy-preserving services. Our frameworks are scalable and, if necessary, can be further developed and improved with new cutting-edge protocols in the future. Furthermore, we improved the performance of MPC protocols by utilizing various hardware acceleration techniques and parallelization. We currently have a fully functional MPC framework written in C/C++, and another MPC framework written in Rust with more focus on scalability is under development.
Finally, we worked on specific applications that include secure email and demonstrated their practicality in various settings. We have shown that our techniques outperform previous works and provide practical privacy-preserving solutions for real-world services.
In the PSOTI project, we will continue to improve our MPC and private query techniques, as well as develop more demonstrators for various applications. We can expect improved performance in terms of communication and run-time, as well as less visible metrics like memory and power consumption. In the near future, we will have completed a new MPC framework that is designed explicitly for our setting. The framework employs novel techniques to outperform previous state-of-the-art solutions, and the techniques can be applied to improve the efficiency of other use cases besides our own.
Our upcoming demonstrators for various applications will raise awareness of privacy-preserving services, and we anticipate gaining more visibility in industry and society that support privacy values. To facilitate further research and exploitation, we provide our tools and protocols as open source under liberal open source licenses which will allow companies to turn them into deployed products.
Our upcoming demonstrators for various applications will raise awareness of privacy-preserving services, and we anticipate gaining more visibility in industry and society that support privacy values. To facilitate further research and exploitation, we provide our tools and protocols as open source under liberal open source licenses which will allow companies to turn them into deployed products.