Privacy-Preserving Multi-Party Access Control

Sheikhalishahi, Mina; Tillem, Gamze; Erkin, Zekeriya; Zannone, Nicola

doi:10.1145/3338498.3358643

Cited by 8 publications

(13 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The list of common customers can be used to plan promotions for such customers [14]; MPSI can be used among the community of medical professionals to find out the patients of a hospital who has participated in the medical tests of different research labs [15]; MPSI can also be used in multi-party access control, where several coowners of a common content each specify a set of users who are permitted to access data. The ones in the intersection are allowed to access the content [16]; MPSI can be employed among several enterprises which have private audit logs of connections to their corporate networks and are interested in identifying similar activities in all networks [17].…”

Section: Introductionmentioning

confidence: 99%

Practical Multi-Party Private Set Intersection Protocols

Bay

Erkin

Hoepman

et al. 2022

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Privacy-preserving techniques for processing sets of information have attracted the research community's attention in recent years due to society's increasing dependency on the availability of data at any time. One of the fundamental problems in set operations is known as Private Set Intersection (PSI). The problem requires two parties to compute the intersection between their sets while preserving correctness and privacy. Although several efficient two-party PSI protocols already exist, protocols for PSI in the multi-party setting (MPSI) currently scale poorly with a growing number of parties, even though this applies to many real-life scenarios. This paper fills this gap by proposing two multi-party protocols based on Bloom filters and threshold homomorphic PKEs, which are secure in the semi-honest model. The first protocol is a multi-party PSI, whereas the second provides a more subtle functionalitythreshold multi-party PSI (T-MPSI) -which outputs items of the server that appear in at least some number of other private sets. The protocols are inspired by the Davidson-Cid protocol based on Bloom filters. We compare our MPSI protocol against Kolesnikov et al., which is among the fastest known MPSI protocols. Our MPSI protocol performs better than Kolesnikov et al. in terms of run time, given that the sets are small and there is a large number of parties. Our T-MPSI protocol performs better than other existing works: the computational and communication complexities are linear in the number of elements in the largest set given a fixed number of colluding parties. We conclude that our MPSI and T-MPSI protocols are practical solutions suitable for emerging use-case scenarios with many parties, where previous solutions did not scale well.

show abstract

Section: Introductionmentioning

confidence: 99%

Practical Multi-Party Private Set Intersection Protocols

Bay

Erkin

Hoepman

et al. 2022

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…To address this issue, in previous work [51] we proposed a privacy-preserving multi-party access control framework, in which users provide their policies in private form and policy evaluation is performed over private inputs. In particular, we designed secure computation protocols for the evaluation of multi-party policies that preserve the confidentiality of the user policies forming the multi-party access control policies.…”

Section: Introductionmentioning

confidence: 99%

“…In particular, we designed secure computation protocols for the evaluation of multi-party policies that preserve the confidentiality of the user policies forming the multi-party access control policies. However, the framework in [51] only allows the evaluation of policies expressed in a simple identity-based access control model and uses a three-valued decision set (permit, deny, and not-applicable) that is not able to capture the complexity of existing access control standards like XACML [44].…”

Section: Introductionmentioning

confidence: 99%

“…Therefore, we investigated policy representations that enable the design of efficient secure computation protocols for target and policy evaluation. In particular, we adopted a Boolean encoding of ABAC policies, which by relying on AND, OR and negation operators provides an efficient structure for secure target and policy evaluation [51]. In addition, this Boolean encoding allows us to devise mechanisms to mask the size of multi-valued decisions, which if not protected, might leak information about the underlying user policies.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy-preserving policy evaluation in multi-party access control

Sheikhalishahi

Stork

Zannone

2022

JCS

Self Cite

View full text Add to dashboard Cite

Recent years have seen an increasing popularity of online collaborative systems like social networks and web-based collaboration platforms. Collaborative systems typically offer their users a digital environment in which they can work together and share resources and information. These resources and information might be sensitive and, thus, they should be protected from unauthorized accesses. Multi-party access control is emerging as a new paradigm for the protection of co-owned and co-managed resources, where the policies of all users involved in the management of a resource should be accounted for collaborative decision making. Existing approaches, however, only focus on the jointly protection of resources and do not address the protection of the individual user policies themselves, whose disclosure might leak sensitive information. In this work, we propose a privacy-preserving mechanism for the evaluation of multi-party access control policies, which preserves the confidentiality of user policies while remaining capable of making collaborative decisions. To this end, we design secure computation protocols for the evaluation of policies in protected form against an access query and realize such protocols using two privacy-preserving techniques, namely Homomorphic Encryption and Secure Functional Evaluation. We show the practical feasibility of our mechanism in terms of computation and communication costs through an experimental evaluation.

show abstract

“…The list of common customers can be used to plan promotions for such customers (Cheon et al, 2012); MPSI can be used among the community of medical professionals to find out the patients of a hospital who have participated in the medical tests of different research labs (Cao et al, 2017); MPSI can also be used in multi-party access control, where several co-owners of a common content each specify a set of users who are permitted to access data. The ones in the intersection are allowed to access the content (Sheikhalishahi et al, 2019).…”

Section: Introductionmentioning

confidence: 99%

Multi-Party Private Set Intersection Protocols for Practical Applications

Bay

Erkin

Alishahi

et al. 2021

Proceedings of the 18th International Conference on Security and Cryptography

View full text Add to dashboard Cite

Multi-party Private Set Intersection (MPSI) is an attractive topic in research since a practical MPSI protocol can be deployed in several real-world scenarios, including but not limited to finding the common list of customers among several companies or privacy-preserving analyses of data from different stakeholders. Several solutions have been proposed in the literature however, the existing solutions still suffer from performance related challenges such as long run-time and high bandwidth demand, particularly when the number of involved parties grows. In this paper, we propose a new approach based on threshold additively homomorphic encryption scheme, e.g., Paillier, which enables us to process the bit-set representation of sets under encryption. By doing so, it is feasible to securely compute the intersection of several data sets in an efficient manner. To prove our claims on performance, we compare the communication complexity of our approach with the existing solutions and show performance test results. We also show how the proposed protocol can be extended to securely compute other set operations on multi-party data sets.

show abstract

Privacy-Preserving Multi-Party Access Control

Cited by 8 publications

References 36 publications

Practical Multi-Party Private Set Intersection Protocols

Practical Multi-Party Private Set Intersection Protocols

Privacy-preserving policy evaluation in multi-party access control

Multi-Party Private Set Intersection Protocols for Practical Applications

Contact Info

Product

Resources

About