Transcript Privacy Preserving Data Mining within Anonymous Credentials

Privacy Preserving Data Mining within Anonymous Credentials
Aggelos Kiayias (UConn)
Shouhuai Xu (UTSA)
Moti Yung (Google Inc. and Columbia U)
Problem definition and motivation
 Context: Cryptographic anonymous credentials are very useful for privacy protection. There
have been many anonymous credential schemes.
 Problem: Anonymous credentials could be abused by malicious insiders to launch attacks
without being held accountable (due to the anonymity shield).
 Current generation of anonymous credentials have weak manageability (i.e., can be easily
defeated or bypassed by sophisticated attackers). Moreover, they rely on out-of-band clues
(which may be costly or impossible) indicating someone or something is suspicious.
 Motivation: How can we eliminate the “dark side” of the “double-edged” sword, i.e., how can
we manage the use of anonymous credentials without jeopardizing privacy of the good guys?
 In particular, how can we extract knowledge or intelligence as if no anonymous credentials
are involved (i.e., getting best of both worlds)?
A solution framework and preliminary results
 Solution framework: Privacy preserving data mining within anonymous credentials
We propose privacy preserving data mining capabilities that serve as a necessary
means for managing anonymous credentials in a full-fledged fashion. Such in-system
clues of abuse eliminates the reliance on out-of-band information.
Further investigations (e.g.,
anonymity revocation)
Privacy preserving intelligence:
Clues of abuse
Privacy preserving data mining
engine (run by multiple trusted
third parties)
Anonymous transaction
DB (no IDs!)
(Non)anonymous
service provider
Anonymous transactions
User DB
Group-wise public key
Users masked by the same
public key
 Preliminary results:
 The privacy preserving data mining capabilities can be seamlessly integrated into a large
class of anonymous credential schemes.
 Efficient and provably-secure cryptographic protocols for privacy preserving computation of
some statistical functions (e.g., anonymized histograms for outlier detection).
 Paper to appear in Proceedings of 6th International Conference on Security and
Cryptography for Networks (SCN’08).
 Future/ongoing work:
 Enrich the privacy preserving data mining functionalities.
 More efficient cryptographic protocols for the privacy preserving data mining functionalities.