Nav: Home

Protecting web users' privacy

March 23, 2017

CAMBRIDGE, Mass. -- Most website visits these days entail a database query -- to look up airline flights, for example, or to find the fastest driving route between two addresses.

But online database queries can reveal a surprising amount of information about the people making them. And some travel sites have been known to jack up the prices on flights whose routes are drawing an unusually high volume of queries.

At the USENIX Symposium on Networked Systems Design and Implementation next week, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Stanford University will present a new encryption system that disguises users' database queries so that they reveal no private information.

The system is called Splinter because it splits a query up and distributes it across copies of the same database on multiple servers. The servers return results that make sense only when recombined according to a procedure that the user alone knows. As long as at least one of the servers can be trusted, it's impossible for anyone other than the user to determine what query the servers executed.

"The canonical example behind this line of work was public patent databases," says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the conference paper. "When people were searching for certain kinds of patents, they gave away the research they were working on. Stock prices is another example: A lot of the time, when you search for stock quotes, it gives away information about what stocks you're going to buy. Another example is maps: When you're searching for where you are and where you're going to go, it reveals a wealth of information about you."

Honest broker

Of course, if the site that hosts the database is itself collecting users' data without their consent, the requirement of at least one trusted server is difficult to enforce.

Wang, however, points to the increasing popularity of services such as DuckDuckGo, a search engine that uses search results from other sites, such as Bing and Yahoo, but vows not to profile its customers.

"We see a shift toward people wanting private queries," Wang says. "We can imagine a model in which other services scrape a travel site, and maybe they volunteer to host the information for you, or maybe you subscribe to them. Or maybe in the future, travel sites realize that these services are becoming more popular and they volunteer the data. But right now, we're trusting that third-party sites have adequate protections, and with Splinter we try to make that more of a guarantee."

Division of labor

Splinter uses a technique called function secret sharing, which was first described in a 2015 paper by a trio of Israeli computer scientists. One of them, Elette Boyle, earned her PhD at MIT studying with RSA Professor of Computer Science and Engineering Shafi Goldwasser, a 2013 recipient of the Turing Award, the highest award in computer science. Goldwasser, in turn, is one of Wang's co-authors on the new paper, along with Vinod Vaikuntanathan, an MIT associate professor of electrical engineering and computer science (EECS); Catherine Yun, an EECS graduate student; and Matei Zaharia, an assistant professor of computer science at Stanford.

Systems for disguising database queries have been proposed in the past, but function secret sharing could make them as much as 10 times faster. In experiments, the MIT and Stanford researchers found that Splinter could return a result from a database with millions of entries -- including a duplicate of the Yelp database for selected cities -- in about a second.

With function secret sharing, a database query is converted into a set of complementary mathematical functions, each of which is sent to a different database server. On each server, the function must be applied to every record in the database; otherwise, a spy could determine what data the user is interested in. Every time the function is applied to a new record, it updates a value stored in memory. After it's been applied to the last record, the final value is returned to the user. But that value is meaningless until it's combined with the values reported by the other servers.

Splinter represents several key elaborations on previous work on function secret sharing. Whereas earlier research focused on concealing simple binary-comparison and addition operations, Splinter executes more complex operations typical of database queries, such as finding a specified number of records with the highest or lowest values for some variable -- such as the 10 lowest fares for a particular flight itinerary. The MIT and Stanford researchers had to devise cryptographic functions that could perform all the comparing and sorting required for ranking results without betraying any information.

Practical considerations

Splinter has also been engineered to run efficiently on real database systems. Most modern computer chips, for instance, are hardwired to implement the encryption scheme known as AES. Hardwiring makes AES hundreds of times faster than it would be if it were implemented in software, but AES has some idiosyncrasies that make it less than ideal for function secret sharing. Through a clever combination of software processes and AES encryption, the MIT and Stanford researchers were able to make Splinter 2.5 times as efficient as it would be if it used the AES circuits alone.

"There's always this gap between something being proposed on paper and actually implementing it," Wang says. "We do a lot of optimization to get it to work, and we have to do a lot of tricks to get it to support actual database queries."
-end-
ADDITIONAL BACKGROUND

ARCHIVE: Secure, user-controlled data

http://news.mit.edu/2016/secure-user-controlled-app-data-0318

Massachusetts Institute of Technology

Related Electrical Engineering Articles:

3D-printed plastics with high performance electrical circuits
Rutgers engineers have embedded high performance electrical circuits inside 3D-printed plastics, which could lead to smaller and versatile drones and better-performing small satellites, biomedical implants and smart structures.
In and out with 10-minute electrical vehicle recharge
Electric vehicle owners may soon be able to pull into a fueling station, plug their car in, go to the restroom, get a cup of coffee and in 10 minutes, drive out with a fully charged battery, according to a team of engineers.
Electrical stimulation aids in spinal fusion
Spine surgeons in the U.S. perform more than 400,000 spinal fusions each year as a way to ease back pain and prevent vertebrae in the spine from wiggling around and doing more damage.
The effectiveness of electrical stimulation in producing spinal fusion
Researchers from The Johns Hopkins University School of Medicine performed a systematic review and meta-analysis of published data on the effect of electrical stimulation therapies on spinal fusion.
Fat pumps generate electrical power
A previously unknown electrical current develops in the body's cells when the vital fat pump function of the flippases transfers ('flips') lipids from the outer to the inner layer of the body's cell membranes.
UCI electrical engineering team develops 'beyond 5G' wireless transceiver
An end-to-end transmitter-receiver created by engineers in UCI's Nanoscale Communication Integrated Circuits Labs, is a 4.4-millimeter-square silicon chip that is capable of processing digital signals with significantly greater speed and energy efficiency because of its unique digital-analog architecture.
How electrical stimulation reorganizes the brain
Recordings of neural activity during therapeutic stimulation can be used to predict subsequent changes in brain connectivity, according to a study of epilepsy patients published in JNeurosci.
Electrical signals kick off flatworm regeneration
In a study publishing March 5 in Biophysical Journal, scientists report that electrical activity is the first known step in the tissue-regeneration process of planarian flatworms, starting before the earliest known genetic machinery kicks in and setting off the downstream activities of gene transcription needed to construct new heads or tails.
Electrical activity in prostate cancer cells
Experts from the universities of Bath and Seville have carried out a series of experiments with which, for the first time, they have been able to characterize the normal electrical activity in PC-3 prostate cancer cells in real time, with a resulting low-frequency electrical pattern between 0.1 and 10 Hertz.
Toward a secure electrical grid
Professor João Hespanha suggests a way to protect autonomous grids from potentially crippling GPS spoofing attacks.
More Electrical Engineering News and Electrical Engineering Current Events

Top Science Podcasts

We have hand picked the top science podcasts of 2019.
Now Playing: TED Radio Hour

In & Out Of Love
We think of love as a mysterious, unknowable force. Something that happens to us. But what if we could control it? This hour, TED speakers on whether we can decide to fall in — and out of — love. Guests include writer Mandy Len Catron, biological anthropologist Helen Fisher, musician Dessa, One Love CEO Katie Hood, and psychologist Guy Winch.
Now Playing: Science for the People

#542 Climate Doomsday
Have you heard? Climate change. We did it. And it's bad. It's going to be worse. We are already suffering the effects of it in many ways. How should we TALK about the dangers we are facing, though? Should we get people good and scared? Or give them hope? Or both? Host Bethany Brookshire talks with David Wallace-Wells and Sheril Kirschenbaum to find out. This episode is hosted by Bethany Brookshire, science writer from Science News. Related links: Why Climate Disasters Might Not Boost Public Engagement on Climate Change on The New York Times by Andrew Revkin The other kind...
Now Playing: Radiolab

An Announcement from Radiolab