{"id":8056,"date":"2016-03-20T05:51:20","date_gmt":"2016-03-20T05:51:20","guid":{"rendered":"http:\/\/revoscience.com\/en\/?p=8056"},"modified":"2016-03-20T05:51:20","modified_gmt":"2016-03-20T05:51:20","slug":"secure-user-controlled-data","status":"publish","type":"post","link":"https:\/\/www.revoscience.com\/en\/secure-user-controlled-data\/","title":{"rendered":"Secure, user-controlled data"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><em><strong style=\"color: #222222;\">Cryptographic system would allow users to decide which applications access which aspects of their data.<\/strong><\/em><\/span><\/p>\n<figure id=\"attachment_8057\" aria-describedby=\"caption-attachment-8057\" style=\"width: 601px\" class=\"wp-caption alignnone\"><a href=\"http:\/\/revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-8057\" src=\"http:\/\/revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg\" alt=\"\u201cThis a rethinking of the Web infrastructure,\u201d Frank Wang says. \u201cMaybe it\u2019s better that one person manages all their data. There\u2019s one type of security and not 10 types of security. We\u2019re trying to present an alternative model that would be beneficial to both users and applications.\u201d\" width=\"601\" height=\"401\" title=\"\" srcset=\"https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg 448w, https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0-300x200.jpg 300w\" sizes=\"auto, (max-width: 601px) 100vw, 601px\" \/><\/a><figcaption id=\"caption-attachment-8057\" class=\"wp-caption-text\">\u201cThis a rethinking of the Web infrastructure,\u201d Frank Wang says. \u201cMaybe it\u2019s better that one person manages all their data. There\u2019s one type of security and not 10 types of security. We\u2019re trying to present an alternative model that would be beneficial to both users and applications.\u201d<\/figcaption><\/figure>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><strong>CAMBRIDGE, Mass.<\/strong> &#8212;\u00a0Most people with smartphones use a range of applications that collect personal information and store it on Internet-connected servers \u2014 and from their desktop or laptop computers, they connect to Web services that do the same. Some use still other Internet-connected devices, such as thermostats or fitness monitors, that also store personal data online.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Generally, users have no idea which data items their apps are collecting, where they\u2019re stored, and whether they\u2019re stored securely. Researchers at MIT and Harvard University hope to change that, with an application they\u2019re calling Sieve.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">With Sieve, a Web user would store all of his or her personal data, in encrypted form, on the cloud. Any app that wanted to use specific data items would send a request to the user and receive a secret key that decrypted only those items. If the user wanted to revoke the app\u2019s access, Sieve would re-encrypt the data with a new key.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">\u201cThis is a rethinking of the Web infrastructure,\u201d says Frank Wang, a PhD student in electrical engineering and computer science and one of the system\u2019s designers. \u201cMaybe it\u2019s better that one person manages all their data. There\u2019s one type of security and not 10 types of security. We\u2019re trying to present an alternative model that would be beneficial to both users and applications.\u201d<\/span><\/p>\n<p style=\"text-align: justify;\">[pullquote]Wang developed an interface that displays a Sieve user\u2019s data items as a list and allows the user to create and label icons that represent different attributes.[\/pullquote]<\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">The researchers are presenting Sieve at the USENIX Symposium on Networked Systems Design and Implementation this month. Wang is the first author, and he\u2019s joined by MIT associate professors of electrical engineering and computer science Nickolai Zeldovich and Vinod Vaikuntanathan, who is MIT\u2019s Steven and Renee Finn Career Development Professor, and by James Mickens, an associate professor of computer science at Harvard University.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><strong>Selective disclosure<\/strong><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Sieve required the researchers to develop practical versions of two cutting-edge cryptographic techniques called attribute-based encryption and key homomorphism.With attribute-based encryption, data items in a file are assigned different labels, or \u201cattributes.\u201d After encryption, secret keys can be generated that unlock only particular combinations of attributes: name and zip code but not street name, for instance, or zip code and date of birth but not name.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">The problem with attribute-based encryption \u2014 and decryption \u2014 is that it\u2019s slow. To get around that, the MIT and Harvard researchers envision that Sieve users would lump certain types of data together under a single attribute. For instance, a doctor might be interested in data from a patient\u2019s fitness-tracking device but probably not in the details of a single afternoon\u2019s run. The user might choose to group fitness data by month.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">This introduces problems of its own, however. A fitness-tracking device probably wants to store data online as soon as the data is generated, rather than waiting until the end of the month for a bulk upload. But data uploaded to the cloud yesterday could end up in a very different physical location than data uploaded by the same device today.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">So Sieve includes tables that track the locations at which grouped data items are stored in the cloud. Each of those tables is encrypted under a single attribute, but the data they point to are encrypted using standard \u2014 and more efficient \u2014 encryption algorithms. As a consequence, the size of the data item encrypted through attribute-based encryption \u2014 the table \u2014 is fixed, which makes decryption more efficient.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">In experiments, the researchers found that decrypting a month\u2019s worth of, say, daily running times grouped under a single attribute would take about 1.5 seconds, whereas if each day\u2019s result was encrypted under its own attribute, decrypting a month\u2019s worth would take 15 seconds.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Wang developed an interface that displays a Sieve user\u2019s data items as a list and allows the user to create and label icons that represent different attributes. Dragging a data item onto an icon assigns it that attribute. At the moment, the interface is not particularly user friendly, but its purpose is to show that the underlying encryption machinery works properly.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\"><strong>Blind manipulation<\/strong><\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Key homomorphism is what enables Sieve to revoke an app\u2019s access to a user\u2019s data. With key homomorphism, the cloud server can re-encrypt the data it\u2019s storing without decrypting it first \u2014 or without sending it to the user for decryption, re-encryption, and re-uploading. In this case, the researchers had to turn work that was largely theoretical into a working system.<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">\u201cAll these things in cryptography are very vague,\u201d Wang says. \u201cThey say, \u2018Here\u2019s an algorithm. Assume all these complicated math things.\u2019 But in reality, how do I build this? They\u2019re like, \u2018Oh, this group has this property.\u2019 But they don\u2019t tell you what the group is. Are they numbers? Are they primes? Are they elliptic curves? It took us a month or so to wrap our heads around what we needed to do to get this to work.\u201d<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #000000;\">Of course, a system like Sieve requires the participation of app developers. But it could work to their advantage. A given application might provide more useful services if it had access to data collected by other devices. And were a system like Sieve commercially deployed, applications could distinguish themselves from their competitors by advertising themselves as Sieve-compliant.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cryptographic system would allow users to decide which applications access which aspects of their data.<\/p>\n","protected":false},"author":6,"featured_media":8057,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47,17,28],"tags":[],"class_list":["post-8056","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it","category-research","category-techbiz"],"featured_image_urls":{"full":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0-150x150.jpg",150,150,true],"medium":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"1536x1536":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"2048x2048":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"ultp_layout_landscape_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"ultp_layout_landscape":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"ultp_layout_portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"ultp_layout_square":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"newspaper-x-single-post":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"newspaper-x-recent-post-big":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"newspaper-x-recent-post-list-image":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",95,63,false],"web-stories-poster-portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",448,299,false],"web-stories-publisher-logo":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",96,64,false],"web-stories-thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/03\/MIT-User-Control_0.jpg",150,100,false]},"author_info":{"info":["Amrita Tuladhar"]},"category_info":"<a href=\"https:\/\/www.revoscience.com\/en\/category\/news\/it\/\" rel=\"category tag\">IT<\/a> <a href=\"https:\/\/www.revoscience.com\/en\/category\/news\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/www.revoscience.com\/en\/category\/techbiz\/\" rel=\"category tag\">Tech<\/a>","tag_info":"Tech","comment_count":"0","_links":{"self":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/8056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/comments?post=8056"}],"version-history":[{"count":0,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/8056\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media\/8057"}],"wp:attachment":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media?parent=8056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/categories?post=8056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/tags?post=8056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}