Dr. Juan R. Troncoso Pastorizatroncoso@gts.uvigo.es

Secure Signal Processing in the CloudEnabling technologies for privacy-preserving multimedia cloud processing

Innovación en ciberseguridad aplicada a la protección de la identidad digital #CIGTR2015

Del 6 al 8 de julio

Madrid (Campus de Aranjuez, URJC)

�Cloud and Privacy

�Secure Signal Processing

�Practical SSP Cloud Scenarios

�Measuring Privacy� Privacy metrics and Notions

�Getting Practical: Privacy tools from SSP� Lattice Crypto and Homomorphic Encryption

�Mapping Complex to Real Solutions� Cipher Blow-up, Accuracy and Trade-offs

�Practical Applications

�Further info

Outline

Cloud and Privacy

�Cloud Computing Paradigm

� Benefits (Ubiquitous Access, scalability, multi-tenancy,…)

�Multimedia Clouds

� Amenable to distributed processing

� Content delivery networks

� Server-based computing

� P2P Multimedia computing

�Multimedia-aware Clouds

�Cloud-aware Multimedia

�Privacy risks

Multimedia Clouds

Cloud and Privacy

Stakeholders

Functionalities

�Security aspects

� Authentication

� Storage Encryption

� Encrypted communications

�Privacy aspects

� Geo-localization

� Privacy legislations in different countries

� Risk of losing control over outsourced data and processes

� Trustworthiness of the Cloud

� Privacy invasion (e.g., personalized ads)

Cloud and Privacy

Privacy ≠ Security

Secure SignalProcessing

8

Privacy in Signal Processing

� Signal Processing deals with representation, analysis, transmission and restoration of signals

� Legal framework: EU Privacy Regulations� Directive 95/46/EC

� Article 8 of the E.C. for the Protection of Human Rights and Fundamental Freedoms

� Upcoming DP EU regulation (draft)

� Privacy in SP is a very broad and transversal subject

� Currently, privacy is mainly guaranteed through written consents

� An automated mechanism is needed to enforce privacy in two levels:� Signal privacy

� Process privacy

� Examples of services and outsourced processes with private or sensitive signals� eHealth: semi-automated diagnosis or decision support (MRI, ECG, DNA,…)� Social media / social data mining� Smart metering: use of fine-grained metered data� Biometrics: outsourcing of authentication/identification processes (fingerprints,

faces, iris)� Banking and financial information� Large scale/big data processing with sensitive data (social data, personal

information, business-critical processes)

� Current situation: Non-proportional collection or usage leads to unjustified user profiling

� SSP mission: enable secure services with� Integration of data protection supported by core technologies (efficient

homomorphic processing, SMC, searchable encryption)� Versatile, flexible and efficient solutions� No impairment for service providers� Privacy guarantees and privacy management

Secure Signal Processing

�Secure Signal Processing (SSP) or Signal Processing in theEncrypted Domain (SPED)

� Marriage of Cryptography and Signal Processing

� Efficient Solutions for Privacy Problems in SP

� Traditional cryptography can protect data during communicationor storage, but it cannot prevent the access to the data whenthey are sent to an untrustworthy party. Through advancedencryption techniques, SSP provides means to process signalswhile they are encrypted, without prior decryption and withoutthe decryption key, thus enabling fully secure services like Cloudcomputing over encrypted data.

Secure Signal Processing

Practical SSP Cloud Scenarios

�Outsourced Biometric Recognition

SSP Privacy-aware scenarios

Biometric Features

(Private)

Biometric Access

Control

Recognition

Results

Outsourced

Recognition

Logic

Outsourced Biometric

Templates Database

(Private)

Untrusted Cloud

�Outsourced e-Health

SSP Privacy-aware scenarios

Untrusted Cloud

Health Institutions

Outsourced Medical

Database (Private)

Laboratory/

Analysis Center

Patient

DataResults

Private Query

�Adaptive filtering: Outsourced control

SSP Privacy-aware scenarios

Plant sensed signals (Private)

Plant (Private)

Control Signals

Outsourced

Adaptive

Control

Plant input signals (Private)

Reference

Model (Private)

Untrusted Cloud

SSP Cloud Scenarios

�General Scenario

� Set of mutually untrusted parties ��, … , ��� Private inputs ��, … , ��

�Target: evaluate ����, … , ��with no trusted parties.

�Cloud Scenario:

Cloud(Untrustworthy)

Measuring PrivacyPrivacy Metrics and Privacy Notions

�Trust and adversary models

� Semi-honest adversaries

� Malicious adversaries

�Typicially, semi-honest with malicious extensions

�Privacy framework

� Means to quantify privacy and information leakage

� Evaluate privacy level

� Assess privacy requirements

�Privacy Metrics: Cryptography vs Signal Processing

� Complexity theory vs information theory

Measuring Privacy

�Privacy Properties:

� Anonymity: hiding link between identity and action/piece of information

� Pseudonimity: use of pseudonyms as IDs (one or multipleidentities)

� Unlinkability: hiding the link between two or more actions/identities/pieces of information

� Unobservability: hiding user activity

� Plausible deniability: impossible to prove a user knows or didsomething

Measuring Privacy

�Privacy metrics

� Target: given an observation by an attacker, measure itsestimation error

�Dalenius, 1977: first probabilistic notion of “disclosure”

� in order to avoid disclosures from a given database: “nothing about an individual that could not be learned without access to the database should be learnable from the database”

�Dwork, 2006: No useful database can fulfill 0-disclosure

� (Attribute) “Non-privacy”: A computationally bounded adversary can disclose (1- ε) fraction of the database entriesfor any ε>0

Measuring Privacy

�ε-differential privacy

� � Κ �� ∈ � ��� Κ �� ∈ , ⊆ ��

� (ε,δ)-differential privacy

� � Κ �� ∈ � ��� Κ �� ∈ � �, ⊆ ��

Differential Privacy

x f(D1)f f(D2)f

D1 D2

Κ ΚΚ(D1) Κ(D2)

�Obfuscation mechanisms for ε-differential privacy

� Noise function of the sensitivity of f

�� � �����,��| � �� � � �� |�

��~!�"�#$

�

� More sensitivity -> Higher noise level -> Reduced utility

Differential Privacy

x f f

D1 D2

Κ ΚΚ(D1) Κ(D2)

n n

Κ(D1) Κ(D2)

�Other metrics

� Information theoretic

�Secure information flow: seeks lack of leakage (non-interference)

�Shannon-entropy (average error)

�Min-entropy (worst-case error)

� Based on Bayes risk

� Anonymity-based

�K-anonymity, l-diversity: hide a user in a population

� Likelihood-based

�Mean square error (estimation error)

�No convention on the best metric: case-dependent

Measuring Privacy

Getting PracticalPrivacy Tools from SSP

�Available SSP tools to produce privacy-preserving systems

� SMC (Garbled Circuits)

� Homomorphic Encryption (FHE, SHE)

� Searchable Encryption and PIR

� Secure (approximate) interactive protocols

� Obfuscation mechanisms (diff. private)

Privacy Tools from SSP

�Computing models

� Boolean Circuits

� Arithmetic Circuits

� Hybrid Approximation

�Primary concern: Protection of private information

� Based on hard problems (traditional cryptography and securecryptosystems and hash functions)

� Adversary Model (active, pasive, rational)

� Possibility of collusion between corrupted parties

Secure Multiparty Computation (SMC)

Binary SMP Protocols

�Based in Yao’s garbled circuits: Obfuscated replica of the original circuit

�Phases:

� Build the circuit gates(garbling: hashing and permutations)

� Send the circuit

� Oblivious transfer of the inputs

� Evaluation: sequential pseudo-decryption

�Secure against passive adversaries (cut-and-choose)

�Efficient execution, versatile

�Communication Overhead

Secure Multiparty Computation

�First commercial practical use

� January 2008: SMC in Denmark national auction for market price of sugar beet (1200 farmers).

� Sell prices hidden and protected

� It does not require a trusted third party

� Protocol lasted 30 minutes (run once a year)

Homomorphic Encryption

�Fundamental idea (group homomorphisms):

� ��, � ⟶&' �(,∘

� *+ � � , � *+ � ∘ *+�, �./��

�Example: RSA (multiplicative)

� *+ � � �0 �./�

� �� 1 ,0� �0 1 ,0 �./�

�Example: Paillier (additive)

� *+ � � 1 � � 1 � 1 3��./��

� *+ � � , � *+ � 1 *+�, �./��, *+ � 1 4 � *+��

+�./��

�Cryptosystems with semantic security (IND-CPA)

��, � ⟶&' �(,1

��,1 ⟶&' �(,1

Homomorphic Encryption

�Efficient Communication

�Challenges

� Computation overhead

� Cipher expansion

� Versatility (only additions or multiplications)

�Somewhat and Fully Homomorphic Cryptosystems (SHE/FHE)

�Lattice Crypto: promise for post-quantum crypto

� Security based on worst-case assumptions

�Example: GGH (Goldreich, Goldwasser, Halevi) family

� Two lattice bases

�“Good” basis (5, private key)

�“Bad” basis (6, public key, Hermite Normal Form)

� Encryption of �: 7 � * � � 8 � 9:�; (lattice point + noise)

� Decrytion: � < : 8> � 5 5?�<

� Homomorphism:

�<� � <� � 8� � � �� � 8� � � �� � 8@ � � �� ���

Lattice Crypto and FHE/SHE

Gentry’s Lattice-based SHE Cryptosystem

�Gentry’s somewhat homomorphic cryptosystem

� Can execute a limited-depth circuit, binary inputs

� How to get unlimited homomorphic operations?

�Decrypt under encryption

�Squash of decryption circuit to fit homomorphic capacity

Fresh Encryption

Noise norm growsafter homomorphic

operations

Decryption Radius:Homomorphic “capacity”

Non-fresh Encryption:after homomorphic op.

Coded message+ random noise

Gentry’s Cryptographic Bootstrapping• For a lattice-based cryptosystem

Bootstrapping for FHE

SHE ∑ (L)

Only valid when f is of depth < L

If Dec (squashed) has depth < L

FHE ∑

�Bootstrapping is costly

�SHE is more efficient and a perfect candidate for SSP

�A practical extension [TPFPG12]:

� Works with non-binary plaintexts (increases fresh encryptionnorm)

� Trades off full homomorphism for homomorphic capacity

� Keeps key generation procedure

� Negligible impact on decryption performance

SHE or FHE

�Searchable Encryption

� PEKS (Keyword Search)

� Encrypted keywords are associated with the (regular) criptotext

� It is possible to match encrypted keywords and search efficiently

�Private Information Retrieval (PIR)

� Alice asks for an element �A from Bob’s database

� Bob sends �A without knowing B

� Simple example with HE

Searchable Encryption and PIR

C �*+� *+� *+�

*+�

Obfuscation mechanisms

�Adding noise to get private outputs (DP)

�Very low overhead

�Reduced utility

� In an untrusted environment, they must be combined with encryption

Wrap-up

�There are only limited (secure) privacy homomorphismsknown

�The limitations of HE can be tackled through interaction (non-colluding parties)

�Solutions for complex operations

� Specific interactive protocols

� Hybrid protocols homomorphic/garbled circuits

�Full Homomorphisms (allowing any function) are not practical…yet

� Hot research topic

Mapping complex to real solutionsPractical limitations and challenges

�Privacy⇒ Overhead

� Computational load

� Communication cost (bandwidth, rounds)

�Cloud Scenario Limitations

� Bandwidth of customer-cloud link

� Computational overhead on the client

� Multi-user settings

�Main challenge

� Efficient specific combination of techniques

� HE + cipher blow-up

Practical limitations

�Example of ubiquitous SP function: adaptive filtering

� LMS filter

�,+ � E+FG+, E+H� � E+ � I 1 G+�/+ � ,+

0'

� Privacy-preserving implementation only with additive HE

� Inputs must be quantized before encryption (factor Δ)

� After 4 iterations⇒ factor Δ+H�

� For inputs in �1,1

�The cipher blows in k �KLM �

KLM #� 2 iterations

� HE is not enough to cope with ciper blow-up

Practical limitations: LMS

�Quantization (encryption) or noise (obfuscation) affectsaccuracy and utility⇒ privacy vs utility

� Interplay between communication, computation and accuracy

� Cipher expansión (Paillier): 4096 bits / 16 bits

�Mitigated by SIMD packing strategies

� Cipher blow-up

�Solved through a secure rescaling primitive (interactive)

Practical limitations: tradeoffs

�General tradeoff: privacy-utility-efficiency

�Cost function per application

�The privacy-preserving solution must optimize the costfunction

Practical limitations: tradeoffs

privacy

utility efficiency

Example Privacy-Preserving SSP Applications

�Private Interference Cancellation

�Private Adaptive Beamforming

�Private Model-Reference Adaptive Control (MRAC)

�Private Noninteractive Face Verification

Example Applications

43

CAGCTGCTTACC

Genetic disease pattern

ACGATGCTAGCTCCTGGCTCGAGATCGATCGCTAGCAGCTCGCATCCAGCTGCTTACCATCGCAGCCAGACTAGCTAGCCTACAACTACGCATCGACATCGCATGACCCGCTCGAAT

Patient’s genetic sequence

Example of secure DNA Query: approximate search

Patient

ExpertSystem

The system leaksPatient’s DNA

Traditional query system

Genetic disease pattern

Encrypted patient’s genetic code

Patient

ExpertSystem

Private Query System

SSP

The result is obtainedwithout disclosing patient’s DNA

CAGCTGCTTACC���������������������������������������������������������������������������������������������������������������������

Example: Architecture for Secure Medical Clouds

� Execution of calculations on Encrypted Data

� Interprets SSP primitives

� Models compiled to SSP primitives

� Keys needed for encryption & decryption of private data

� Cryptographic module

� Communication module

� Server-side data encryption

� Data off-line pre-processing

� Secure Storage of encrypted data

Example: Architecture for Secure Medical Clouds

Current research linesand challengesA Glimpse to the Future

�Definition and quantification of privacy in a rich variety of Multimedia Cloud scenarios and complex functions� DP-preserving transformations

�Communication burden in the customer link� Unattended private processing (SHE)

�FHE in Cloud� Efficient private execution of non-polynomial functions

� Multi-user multi-key operation

�Searches in Cloud� PRISM: Encrypted Map-Reduce with PIR

�Resource utilization and billing

Current research lines and challenges in SSP for Cloud

Multi-client multi-keycomputing

• Privacy-aware Cloud Scenarios [vDJ10]

• Private single-client computing

• Private multi-client computing

• Stateful private multi-clientcomputing

• Not solvable with FHE alone

• Access control mechanism

• Multi-key operation

Solvable by FHE alone

Computing Server

CS

Encrypted Inputs

and Results Computing Server

CS

Encrypted Inputs

and Results

Computing Server

CS

Clear Inputs

and Results

Trusted Cloud

Encrypted Inputs

and Results

Multi-client multi-key computing

• Current approaches

1. Trusted element [BNSS11]

2. Multi-Server Secure protocol [PTK13]

3. Multi-key enabled FHE [LATV12]

• Leverage FHE bootstrapping as proxy-reencryption

• Approach between 2. and 3.

• Proxy reencryption

1. Full delegation

2. Delegation to Helper Server

3. Delegation to set of users

Helper Master

Cloud

Encrypted Inputs

and Results

Computing Server

CS

Secure

Protocol

Encrypted Inputs

and Results

Computing Server

Multi-key

FHE

Joint Decryption

Bootstrapping for proxy reencryption• Idea: bootstrapping into a different key

• Needed helper data: “encryption” of sk1 under pk2

Multi-key solution through bootstrapping

Further Info

�SSP is not only targeted at Cloud

�Any untrustworthy distributed/outsourced environment

SSP for Other Applications

Electricity

Distribution

Grid

Electricity

Producer 1

Electricity

Producer 2

Electricity

Producer n

Grid Operator

Data

Aggregator

Communication

Network

Consumers

Consumers

Consumers

Smart Meters

Electricity FlowData Flow

Control/Signalling

Secure Signal Processing Publications• A. Pedrouzo-Ulloa, J.R. Troncoso-Pastoriza, and F. Pérez-González, “Multivariate Lattices for Encrypted

Image Processing”, in IEEE ICASSP 2015

• J.R. Troncoso-Pastoriza, S. Caputo, “Bootstrap-based Proxy Reencryption for Private Multi-user Computing”, IEEE WIFS 2014

• J. R. Troncoso-Pastoriza, D. González-Jiménez, and F. Pérez-González, “Fully Private Noninteractive Face Verification”, IEEE TIFS, vol. 8(7), 2013

• Z. Erkin, J.R. Troncoso-Pastoriza, R. Lagendijk, and F. Pérez-González, “Privacy-Preserving Data Aggregation in Smart Metering Systems: An Overview”, IEEE SPM, vol. 30(2), 2013

• J. R. Troncoso-Pastoriza and F. Pérez-González, “Secure Signal Processing in the Cloud: enabling technologies for privacy-preserving multimedia cloud processing”, IEEE SPM, vol. 30(2), 2013

• J. R. Troncoso-Pastoriza and F. Pérez-González, “Secure Adaptive Filtering”, IEEE TIFS, vol. 6(2), 2011

• J. R. Troncoso-Pastoriza and Pérez-González, F., “Secure and Private Medical Clouds using Encrypted Processing”, in Virtual Physiological Human (VPH), Brussels, Belgium, 2010

Related Patents• US Patents No. 8433925, 8837715, 8843762, 8972742

• US Patent Pending, No. 12/876229

• EPO Patent Pending, No. EP10175467

Further info

� RIA co-funded by the EU H2020 Programme

� A framework for end-to-end protection of data in untrusted and fast-evolving ICT-based environments, esp. Cloud

� Instantiated and validated in two application scenarios with demanding privacy requirements to protect sensitive data� Genomic processing� Financial calculations

� More info: http://witdom.eu

Ongoing related EU projects

empoWering prIvacy and securiTy in non-trusteDenvirOnMents

Dr. Juan R. Troncoso Pastorizatroncoso@gts.uvigo.es

http://gpsc.uvigo.es/juan-ramon-troncoso-pastorizaTwitter: @juanrtroncoso

Secure Signal Processing in the CloudEnabling technologies for privacy-preserving multimedia cloud processing

Innovación en ciberseguridad aplicada a la protección de la identidad digital #CIGTR2015

Del 6 al 8 de julio

Madrid (Campus de Aranjuez, URJC)