Modern society is increasingly dependent on (and fearful of) massive amounts and availability of electronic information. There are numerous everyday scenarios where sensitive data must be -- sometimes reluctantly or suspiciously -- shared between entities without mutual trust. This prompts the need for mechanisms to enable limited (privacy-preserving) information sharing. A typical scenario involves two parties: one seeks information from the other, that is either motivated, or compelled, to share only the requested information. We define this problem as privacy-preserving sharing of sensitive information and are confronted with two main technical challenges: (1) how to enable this type of sharing such that parties learn no information beyond what they are entitled to, and (2) how to do so efficiently, in real-world practical terms.
This talk presents a set of efficient and provably secure cryptographic protocols for privacy-preserving sharing of sensitive information. In particular, Private Set Intersection (PSI) techniques are appealing whenever two parties wish to compute the intersection of their respective sets of items without revealing to each other any other information (beyond set sizes). We motivate the need for PSI techniques with various features and illustrate several concrete variants that offer significantly higher efficiency than prior work. Then, we introduce the concepts of Authorized Private Set Intersection (APSI) and Size-Hiding Private Set Intersection (SHI-PSI). The former ensures that each set element is authorized (signed) by some mutually trusted authority and prevents arbitrary input manipulation. The latter hides the size of the set held by one of the two entities, thus, applying to scenarios where both set contents and set size represent sensitive information. Next, we demonstrate how to apply (and deploy) efficient tools for privacy-preserving sharing of sensitive information to a wide range of real-life applications and systems, including testing on fully-sequenced human genomes and micro-blogging social networking.
Emiliano De Cristofaro is a Research Scientist at the Palo Alto Research Center (PARC, a Xerox Company), where he works in the Security&Privacy group. Prior to joining PARC in 2011, he was with the University of California, Irvine, where he received a PhD in Networked Systems, advised by Gene Tsudik. His research interests include privacy-oriented cryptography, network and systems security, as well as privacy in emerging areas, such as, genomics, big-data analytics, and smart grids.
Emiliano received several awards and fellowships, including the outstanding UCI Dean's Dissertation Fellowship. In 2013 and 2014, he will serve as Program Co-Chair of the Privacy Enhancing Technologies Symposium. His web page is available at http://www.emilianodc.com<http://www.emilianodc.com/>.