Abstract
Verification and traceability of supply-chain data is a common example for public analysis of confidential data. Finding the correct balance between confidentiality and utility often is anything but trivial. In order to ensure confidentiality and thus protect companies’ competitive advantages, existing approaches employ probabilistic output obfuscation. However, it is known that this form of obfuscation might render a system subject to averaging attacks. In these attacks, an adversary repeatedly queries for the same analysis and combines the probabilistic outputs, thus implementing an estimator that eliminates the obfuscation. A clear picture on the performance of such attacks is missing, information that is crucial for mitigating averaging attacks.
Our contributions are threefold: First, using an existing supply-chain verification protocol (RVP) as a particularly efficient example of protocols with output obfuscation, we extensively analyze the risk posed by averaging attacks. We prove rigorously that such attacks perform exceptionally well if obfuscation is based on random values sampled independently in every query. We generalize our analysis to all protocols that employ probabilistic output obfuscation. Second, we propose the paradigm of data-dependent deterministic obfuscation (D\({^3}\)O) to prevent such attacks. Third, we present mRVP, a D\({^3}\)O-based version of RVP, and empirically demonstrate practicality and effectiveness of D\({^3}\)O. The results show that our mitigations add negligible runtime overhead, do not affect accuracy, and effectively retain confidentiality.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
PALISADE Lattice Cryptography Library (release 1.11.5), September 2021. https://palisade-crypto.org/
Agrawal, T.K.: Contribution to development of a secured traceability system for textile and clothing supply chain. Ph.D. thesis, University of Borås (2019)
Asghar, H.J., Kaafar, D.: Averaging attacks on bounded noise-based disclosure control algorithms. Proc. Priv. Enhancing Technol. 2020(2), 358–378 (2020)
Becher, K., Beck, M., Strufe, T.: An enhanced approach to cloud-based privacy-preserving benchmarking. In: Proceedings of NetSys (2019)
Becher, K., Lagodzinski, J.A.G., Strufe, T.: Privacy-preserving public verification of ethical cobalt sourcing. In: Proceedings of TrustCom (2020)
Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127–144. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054122
Boenisch, F., Munz, R., Tiepelt, M., Hanisch, S., Kuhn, C., Francis, P.: Side-channel attacks on query-based data anonymization. In: Proceedings of ACM CCS (2021)
Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868–886. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_50
Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory 6(3), 1–36 (2014)
Caro, M.P., Ali, M.S., Vecchio, M., Giaffreda, R.: Blockchain-based traceability in Agri-Food supply chain management: a practical implementation. In: Proceedings of IOT Tuscany (2018)
Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409–437. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_15
Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley Series in Telecommunications and Signal Processing, Wiley, Hoboken (2006)
Denning, D.E.: Secure statistical databases with random sample queries. ACM Trans. Database Syst. 5(3), 291–315 (1980)
Duchi, J.C., Jordan, M.I., Wainwright, M.J.: Local privacy and statistical minimax rates. In: Proceedings of FOCS (2013)
Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1
Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144 (2012). https://eprint.iacr.org/2012/144
Francis, P., Probst Eide, S., Munz, R.: Diffix: high-utility database anonymization. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds.) APF 2017. LNCS, vol. 10518, pp. 141–158. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67280-9_8
Gadotti, A., Houssiau, F., Rocher, L., Livshits, B., de Montjoye, Y.-A.: When the signal is in the noise: exploiting Diffix’s sticky noise. In: Proceedings of USENIX Security (2019)
Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009)
Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75–92. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_5
Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers, 6th edn. Oxford University Press, Oxford (2008)
Katz, J., Lindell, Y.: Introduction to Modern Cryptography, 2nd edn. Chapman & Hall/CRC (2014)
Kellaris, G., Papadopoulos, S.: Practical differential privacy via grouping and smoothing. Proc. VLDB Endow. 6(5), 301–312 (2013)
Kerschbaum, F.: A privacy-preserving benchmarking platform. Ph.D. thesis, Karlsruhe Institute of Technology (2010)
Kleinberg, J., Papadimitriou, C., Raghavan, P.: Auditing Boolean attributes. In: Proceedings of ACM PODS (2000)
Kotz, S., Kozubowski, T.J., Podgórski, K.: The Laplace Distribution and Generalizations: A Revisit with Applications to Communications, Economics, Engineering, and Finance. Birkhäuser, Boston (2001)
Lindell, Y.: Tutorials on the Foundations of Cryptography: Dedicated to Oded Goldreich, 1st edn. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57048-8
Malik, S., Kanhere, S., Jurdak, R.: ProductChain: scalable blockchain framework to support provenance in supply chains. In: Proceedings of NCA (2018)
Massart, P.: Concentration Inequalities and Model Selection: Ecole d’Eté de Probabilités de Saint-Flour XXXIII - 2003. Lecture Notes in Mathematics, Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-48503-2
Mertens, F.: Ueber einige asymptotische gesetze der zahlentheorie. J. für die reine und angewandte Mathematik (1874)
Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_16
Pibernik, R., Zhang, Y., Kerschbaum, F., Schröpfer, A.: Secure collaborative supply chain planning and inverse optimization - the JELS model. Eur. J. Oper. Res. 208(1), 75–85 (2011)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
van den Brink, S., Kleijn, R., Sprecher, B., Tukker, A.: Identifying supply risks by mapping the cobalt supply chain. Resour. Conserv. Recycl. 156, 104743 (2020)
Wainwright, M.J.: High-Dimensional Statistics: A Non-Asymptotic Viewpoint. Cambridge Series in Statistical and Probabilistic Mathematics, Cambridge University Press, Cambridge (2019)
Westerkamp, M., Victor, F., Küpper, A.: Blockchain-based supply chain traceability: token recipes model manufacturing processes. In: Proceedings of the 2018 IEEE International Conference on Blockchain (2018)
Acknowledgements
We dedicate this work to our late colleague, mentor, and friend Axel Schröpfer, who raised the founding question of this contribution and enriched our work through numerous discussions. Javier Parra-Arnau is the recipient of a “Ramón y Cajal” fellowship (ref. RYC2021-034256-I) funded by the Spanish Ministry of Science and Innovation and the European Union – “NextGenerationEU”/PRTR (Plan de Recuperación, Transformación y Resiliencia). This work also received support from the Government of Spain under the projects “COMPROMISE” (PID2020-113795RB-C31/AEI/10.13039/501100011033) and “MOBILYTICS” (TED2021-129782B-I00), the latter funded also by the European Union “NextGenerationEU”/PRTR. The authors at KIT are supported by KASTEL Security Research Labs (Topic 46.23 of the Helmholtz Association) and Germany’s Excellence Strategy (EXC 2050/1 ‘CeTI’; ID 390696704).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Local Differential Privacy
Local differential privacy (LDP) [14] is an adaptation of differential privacy (DP) to a local anonymization scenario, where individuals do not fully trust the data controller and, therefore, anonymize their data locally, on their own, before handing it to the controller. The setting is as follows. Consider a set of data providers each wishing to protect private data \(X_i\in \mathscr {X}\) on their own. A randomized anonymization mechanism \(\mathcal {A}\) is a mechanism that maps \(X_i\) randomly to \(Y_i\), where the \(Y_i\)’s are the anonymized versions of \(X_i\)’s, the data each individual will send to the controller. For any pair of input values \(x,x^\prime \in \mathscr {X}\), and for all \(\mathcal {O}\subseteq \) range(\(\mathcal {A}\)), we say \(\mathcal {A}\) satisfies \(\varepsilon \)-LDP with \(\varepsilon >0\), if
One of the primary approaches to designing LDP mechanisms is through the addition of Laplace noise [15]. The Laplace mechanism \(\mathcal {A_L}\) masks the actual private data x by adding noise L distributed according to a Laplace distribution, and then it returns the randomized response \(\mathcal {A_L}(x) = x + L\).
1.2 A.2 Averaging Attacks Against Obfuscation Protocols: Formalization of the Special Case
Recall that the outputs of RVP are two values \(x_1,x_2\) that are multiplicatively blinded with \(r_1\) and additively blinded with \(r_2\), i.e.,
They are used for computing the target function
where \(0<r_2\ll r_1\) ensures
Given that both the dividend and the divisor are additively blinded with the same \(r_2\), an adversary can subtract one from the other in order for \(r_2\) to cancel out, as follows.
This causes a reduction to multiplicative blinding and renders the quotient subject to factorization in order to obtain
Consequently, \(\delta =x_1-x_2\) and \(\rho \approx \frac{x_1}{x_2}\) together yield \(x_1\) and \(x_2\) as follows.
Given that \(r_1\) is exponentially larger than \(r_2\), the computed values are close approximations with negligible deviation.
1.3 A.3 Averaging Attacks Against Obfuscation Protocols: Omitted Statement
The precise concentration bounds are given below. The proof can be found in [35].
Theorem 3
Let \(X_1, \dots , X_\kappa \) be a sequence of independent random variables with, for \(k \in [\kappa ]\), expected value \(\mathbb {E}\left[ X_k\right] \) equal to \(\mu _k\). Further, let X be the random variable \(X= \kappa ^{-1} \cdot \sum _{k=1}^{\kappa } (X_k - \mu _k)\).
-
1.
If for every \(k\in [\kappa ]\) the random variable \(X_k\) is sub-Gaussian with parameter \(\sigma _k\), then
$$\begin{aligned} \mathbb {P}\left[ |X| \geqslant t \right] \leqslant 2 \cdot \exp \left( - \frac{t^2 \cdot \kappa ^2}{2 \cdot \sum _{k=1}^\kappa \sigma _k^2}\right) . \end{aligned}$$ -
2.
If for every \(k\in [\kappa ]\) the random variable \(X_k\) is sub-exponential with parameters \((\nu _k, b_k)\), then with
$$\begin{aligned} \nu _*= \sqrt{\sum _{k=1}^\kappa \frac{\nu _k^2}{\kappa }} \quad \text {and} \quad b_*= \max _{k \in [\kappa ]} b_k \end{aligned}$$it holds
$$ \mathbb {P}\left[ |X| \geqslant t\right] \leqslant {\left\{ \begin{array}{ll} 2\cdot \exp \left( - \frac{t^2 \cdot \kappa }{2 \cdot \nu _*^2}\right) , &{} \text { if } 0 \leqslant t \leqslant \frac{\nu _*^2}{b_*}; \\ 2\cdot \exp \left( - \frac{t \cdot \kappa }{2 \cdot b_*}\right) , &{} \text { for } t \geqslant \frac{\nu _*^2 }{b_*}. \end{array}\right. } $$
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Becher, K., Lagodzinski, J.A.G., Parra-Arnau, J., Strufe, T. (2023). Analysis and Prevention of Averaging Attacks Against Obfuscation Protocols. In: Tibouchi, M., Wang, X. (eds) Applied Cryptography and Network Security. ACNS 2023. Lecture Notes in Computer Science, vol 13905. Springer, Cham. https://doi.org/10.1007/978-3-031-33488-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-33488-7_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33487-0
Online ISBN: 978-3-031-33488-7
eBook Packages: Computer ScienceComputer Science (R0)