{"id":11812,"date":"2017-03-24T07:23:40","date_gmt":"2017-03-24T07:23:40","guid":{"rendered":"http:\/\/revoscience.com\/en\/?p=11812"},"modified":"2017-03-24T07:23:40","modified_gmt":"2017-03-24T07:23:40","slug":"protecting-web-users-privacy","status":"publish","type":"post","link":"https:\/\/www.revoscience.com\/en\/protecting-web-users-privacy\/","title":{"rendered":"Protecting web users\u2019 privacy"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><em><strong>System for disguising database queries could prevent customer profiling and price gouging.<\/strong><\/em><\/span><\/p>\n<figure id=\"attachment_11813\" aria-describedby=\"caption-attachment-11813\" style=\"width: 639px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11813\" src=\"http:\/\/revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg\" alt=\"\" width=\"639\" height=\"426\" title=\"\" srcset=\"https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg 639w, https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0-300x200.jpg 300w\" sizes=\"auto, (max-width: 639px) 100vw, 639px\" \/><figcaption id=\"caption-attachment-11813\" class=\"wp-caption-text\">Most website visits these days entail a database query \u2014 to look up airline flights, for example, or to find the fastest driving route between two addresses.<\/figcaption><\/figure>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">CAMBRIDGE, Mass. &#8212; Most website visits these days entail a database query \u2014 to look up airline flights, for example, or to find the fastest driving route between two addresses.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">But online database queries can reveal a surprising amount of information about the people making them. And some travel sites have been known to jack up the prices on flights whose routes are drawing an unusually high volume of queries.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">At the USENIX Symposium on Networked Systems Design and Implementation next week, researchers from MIT\u2019s Computer Science and Artificial Intelligence Laboratory and Stanford University will present a new encryption system that disguises users\u2019 database queries so that they reveal no private information.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">The system is called Splinter because it splits a query up and distributes it across copies of the same database on multiple servers. The servers return results that make sense only when recombined according to a procedure that the user alone knows. As long as at least one of the servers can be trusted, it\u2019s impossible for anyone other than the user to determine what query the servers executed.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">\u201cThe canonical example behind this line of work was public patent databases,\u201d says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the conference paper. \u201cWhen people were searching for certain kinds of patents, they gave away the research they were working on. Stock prices is another example: A lot of the time, when you search for stock quotes, it gives away information about what stocks you\u2019re going to buy. Another example is maps: When you\u2019re searching for where you are and where you\u2019re going to go, it reveals a wealth of information about you.\u201d<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><strong>Honest broker<\/strong><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Of course, if the site that hosts the database is itself collecting users\u2019 data without their consent, the requirement of at least one trusted server is difficult to enforce.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Wang, however, points to the increasing popularity of services such as DuckDuckGo, a search engine that uses search results from other sites, such as Bing and Yahoo, but vows not to profile its customers.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">\u201cWe see a shift toward people wanting private queries,\u201d Wang says. \u201cWe can imagine a model in which other services scrape a travel site, and maybe they volunteer to host the information for you, or maybe you subscribe to them. Or maybe in the future, travel sites realize that these services are becoming more popular and they volunteer the data. But right now, we\u2019re trusting that third-party sites have adequate protections, and with Splinter we try to make that more of a guarantee.\u201d<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><strong>Division of labor<\/strong><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Splinter uses a technique called function secret sharing, which was first described in a 2015 paper by a trio of Israeli computer scientists. One of them, Elette Boyle, earned her PhD at MIT studying with RSA Professor of Computer Science and Engineering Shafi Goldwasser, a 2013 <a style=\"color: #000000;\" href=\"http:\/\/mit.pr-optout.com\/Tracking.aspx?Data=HHL%3d8136%3f1-%3eLCE9%3b4%3b8%3f%26SDG%3c90%3a.&amp;RE=MC&amp;RI=4334046&amp;Preview=False&amp;DistributionActionID=35501&amp;Action=Follow+Link\" target=\"_blank\" data-saferedirecturl=\"https:\/\/www.google.com\/url?hl=en&amp;q=http:\/\/mit.pr-optout.com\/Tracking.aspx?Data%3DHHL%253d8136%253f1-%253eLCE9%253b4%253b8%253f%2526SDG%253c90%253a.%26RE%3DMC%26RI%3D4334046%26Preview%3DFalse%26DistributionActionID%3D35501%26Action%3DFollow%2BLink&amp;source=gmail&amp;ust=1490421859639000&amp;usg=AFQjCNEQcyRjQgi-4pdkR3OQpDs3lu-GoQ\" rel=\"noopener\">recipient<\/a> of the Turing Award, the highest award in computer science. Goldwasser, in turn, is one of Wang\u2019s co-authors on the new paper, along with Vinod Vaikuntanathan, an MIT associate professor of electrical engineering and computer science (EECS); Catherine Yun, an EECS graduate student; and Matei Zaharia, an assistant professor of computer science at Stanford.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Systems for disguising database queries have been proposed in the past, but function secret sharing could make them as much as 10 times faster. In experiments, the MIT and Stanford researchers found that Splinter could return a result from a database with millions of entries \u2014 including a duplicate of the Yelp database for selected cities \u2014 in about a second.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">With function secret sharing, a database query is converted into a set of complementary mathematical functions, each of which is sent to a different database server. On each server, the function must be applied to every record in the database; otherwise, a spy could determine what data the user is interested in. Every time the function is applied to a new record, it updates a value stored in memory. After it\u2019s been applied to the last record, the final value is returned to the user. But that value is meaningless until it\u2019s combined with the values reported by the other servers.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Splinter represents several key elaborations on previous work on function secret sharing. Whereas earlier research focused on concealing simple binary-comparison and addition operations, Splinter executes more complex operations typical of database queries, such as finding a specified number of records with the highest or lowest values for some variable \u2014 such as the 10 lowest fares for a particular flight itinerary. The MIT and Stanford researchers had to devise cryptographic functions that could perform all the comparing and sorting required for ranking results without betraying any information.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><strong>Practical considerations<\/strong><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Splinter has also been engineered to run efficiently on real database systems. Most modern computer chips, for instance, are hardwired to implement the encryption scheme known as AES. Hardwiring makes AES hundreds of times faster than it would be if it were implemented in software, but AES has some idiosyncrasies that make it less than ideal for function secret sharing. Through a clever combination of software processes and AES encryption, the MIT and Stanford researchers were able to make Splinter 2.5 times as efficient as it would be if it used the AES circuits alone.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">\u201cThere\u2019s always this gap between something being proposed on paper and actually implementing it,\u201d Wang says. \u201cWe do a lot of optimization to get it to work, and we have to do a lot of tricks to get it to support actual database queries.\u201d<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>System for disguising database queries could prevent customer profiling and price gouging. CAMBRIDGE, Mass. &#8212; Most website visits these days entail a database query \u2014 to look up airline flights, for example, or to find the fastest driving route between two addresses. But online database queries can reveal a surprising amount of information about the [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":11813,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43,22],"tags":[],"class_list":["post-11812","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-science","category-other"],"featured_image_urls":{"full":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0-150x150.jpg",150,150,true],"medium":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"1536x1536":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"2048x2048":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"ultp_layout_landscape_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"ultp_layout_landscape":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"ultp_layout_portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",600,400,false],"ultp_layout_square":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",600,400,false],"newspaper-x-single-post":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"newspaper-x-recent-post-big":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",540,360,false],"newspaper-x-recent-post-list-image":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",95,63,false],"web-stories-poster-portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",639,426,false],"web-stories-publisher-logo":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",96,64,false],"web-stories-thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2017\/03\/MIT-Private-Queries_0.jpg",150,100,false]},"author_info":{"info":["Amrita Tuladhar"]},"category_info":"<a href=\"https:\/\/www.revoscience.com\/en\/category\/computer-science\/\" rel=\"category tag\">Computer Science<\/a> <a href=\"https:\/\/www.revoscience.com\/en\/category\/news\/other\/\" rel=\"category tag\">Other<\/a>","tag_info":"Other","comment_count":"0","_links":{"self":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/11812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/comments?post=11812"}],"version-history":[{"count":0,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/11812\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media\/11813"}],"wp:attachment":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media?parent=11812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/categories?post=11812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/tags?post=11812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}