Security Analysis of PSLP: Privacy-Preserving Single-Layer Perceptron Learning for e-healthcare

Similar documents
Privacy-Preserving Using Data mining Technique in Cloud Computing

Framework Research on Privacy Protection of PHR Owners in Medical Cloud System Based on Aggregation Key Encryption Algorithm

Efficient Auditable Access Control Systems for Public Shared Cloud Storage

Integration of information security and network data mining technology in the era of big data

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

PRIVACY PRESERVING CONTENT BASED SEARCH OVER OUTSOURCED IMAGE DATA

Fine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing

Improved Attack on Full-round Grain-128

Security Weaknesses of an Anonymous Attribute Based Encryption appeared in ASIACCS 13

Auditing-as-a-Service for Cloud Storage

A robust smart card-based anonymous user authentication protocol for wireless communications

Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme

HIGH LEVEL SECURITY IMPLEMENTATION IN DATA SHARING ON SOCIAL WEBSITES

Encrypted Data Deduplication in Cloud Storage

CLUSTERING is one major task of exploratory data. Practical Privacy-Preserving MapReduce Based K-means Clustering over Large-scale Dataset

2 What does it mean that a crypto system is secure?

Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN

Attribute Based Encryption with Privacy Protection in Clouds

arxiv: v1 [cs.cr] 17 Jun 2012

Cryptanalysis and Improvement of a Dynamic ID Based Remote User Authentication Scheme Using Smart Cards

Improved Balanced Parallel FP-Growth with MapReduce Qing YANG 1,a, Fei-Yang DU 2,b, Xi ZHU 1,c, Cheng-Gong JIANG *

Enhanced Delegation Based Authentication Protocol for Secure Roaming Service with Synchronization

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments

Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN

Efficient Delegation-Based Authentication Protocol with Strong Mobile Privacy

On the security of a certificateless signature scheme in the standard model

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

Sharing Several Secrets based on Lagrange s Interpolation formula and Cipher Feedback Mode

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees

Secure Multiparty Computation

Three Party Authentication Scheme with Privacy in Telecare Medicine Information Systems

PassBio: Privacy-Preserving User-Centric Biometric Authentication

Structure-Preserving Certificateless Encryption and Its Application

Securing Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh

An Efficient Privacy-Preserving Outsourced Calculation Toolkits with Multiple Keys

Implementation of Aggregate Function in Multi Dimension Privacy Preservation Algorithms for OLAP

An efficient and practical solution to secure password-authenticated scheme using smart card

Analysis and Research on the Big Data Security Based on Cloud Platform. Bo Yang1, a

Homomorphic Encryption. By Raj Thimmiah

Using Fully Homomorphic Encryption for Statistical Analysis of Categorical, Ordinal and Numerical Data

Qingdao, , China. China. Keywords: Deep sea Ultrahigh pressure, Water sound acquisition, LabVIEW, NI PXle hardware.

An improved image encryption algorithm based on chaotic maps

Session Based Ciphertext Policy Attribute Based Encryption Method for Access Control in Cloud Storage

BioTechnology. An Indian Journal FULL PAPER. Trade Science Inc. Study on secure data storage based on cloud computing ABSTRACT KEYWORDS

Research on Design and Application of Computer Database Quality Evaluation Model

Clock-Based Proxy Re-encryption Scheme in Unreliable Clouds

Linear Cryptanalysis of Reduced Round Serpent

Privacy Preserving Enriched Map Reduce for Hadoop Based Big Data Applications

Defining Encryption. Lecture 2. Simulation & Indistinguishability

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM

IMPLEMENTATION AND COMPARATIVE STUDY OF IMPROVED APRIORI ALGORITHM FOR ASSOCIATION PATTERN MINING

Big Data & Hadoop ABSTRACT

Efficient keyword search over encrypted data in multi-cloud setting

A Less Weight Secure Data Sharing Scheme for Mobile Cloud Computing

Conjunctive Keyword Search with Designated Tester and Timing Enabled Proxy Re-Encryption Function for Electronic Health Cloud

International Journal of Science Engineering and Advance Technology, IJSEAT,Vol.3,Issue 8

Remote User Authentication Scheme in Multi-server Environment using Smart Card

Results and Discussions on Transaction Splitting Technique for Mining Differential Private Frequent Itemsets

Differential Fault Analysis on the AES Key Schedule

Privacy-preserving Health Data Sharing for Medical Cyber-Physical Systems

A NEW CONVERTIBLE AUTHENTICATED ENCRYPTION SCHEME BASED ON THE ELGAMAL CRYPTOSYSTEM

Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services

Content-Based Image Retrieval in Cloud Using Watermark Protocol and Searchable Encryption

A New Method Of VPN Based On LSP Technology

THE provision of high data rate and facilitation of multiple

A Data Classification Algorithm of Internet of Things Based on Neural Network

Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN

Network Security Technology Project

Citation for the original published paper (version of record):

A Chosen-key Distinguishing Attack on Phelix

Available online at ScienceDirect. Procedia Computer Science 50 (2015 )

Inference Attack-Resistant E-Healthcare Cloud System with Fine-Grained Access Control

Secure Data De-Duplication With Dynamic Ownership Management In Cloud Storage

S. Indirakumari, A. Thilagavathy

Secure Conjunctive Keyword Ranked Search over Encrypted Cloud Data

On the Security of Group-based Proxy Re-encryption Scheme

SECURE MULTI-KEYWORD TOP KEY RANKED SEARCH SCHEME OVER ENCRYPTED CLOUD DATA

The Establishment of Large Data Mining Platform Based on Cloud Computing. Wei CAI

Cryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords

Weak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis

A NEW DIGITAL IMAGE ENCRYPTION ALGORITHM BASED ON 4D CHAOTIC SYSTEM

TOOLS FOR INTEGRATING BIG DATA IN CLOUD COMPUTING: A STATE OF ART SURVEY

International Journal of Computer Science Trends and Technology (IJCST) Volume 5 Issue 4, Jul Aug 2017

A Machine Learning Approach to Privacy-Preserving Data Mining Using Homomorphic Encryption

Secure Multiparty Computation

Order-Revealing Encryption:

Research on Software Scheduling Technology Based on Multi-Buffered Parallel Encryption

4th National Conference on Electrical, Electronics and Computer Engineering (NCEECE 2015)

FastGeo: Efficient Geometric Range Queries on Encrypted Spatial Data

Security Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017

Order-Revealing Encryption:

arxiv:cs/ v2 [cs.cr] 27 Aug 2006

Lectures 6+7: Zero-Leakage Solutions

A Smart Card Based Authentication Protocol for Strong Passwords

Privacy and Security Ensured Rule Mining under Partitioned Databases

Big Data - Security and Privacy

ADVANCES in NATURAL and APPLIED SCIENCES

Recent advances in security and privacy in big data

Delegated Access for Hadoop Clusters in the Cloud

FINE-GRAINED QUERY RESULTS VERIFICATION FOR SECURE SEARCH SCHEME OVER ENCRYPTED CLOUD DATA

Transcription:

Security Analysis of PSLP: Privacy-Preserving Single-Layer Perceptron Learning for e-healthcare Jingjing Wang 1, Xiaoyu Zhang 1, Jingjing Guo 1, and Jianfeng Wang 1 1 State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi an, P.R. China jingjw123@163.com,moliyanyan@163.com,jiaozuoguojing@163.com jfwang@xidian.edu.cn Abstract. With the synchronous development of both cloud computing and machine learning techniques, the clients are preferring to resort to the cloud server with substantial resources to train learning model. However, in this outsourcing paradigm it is of vital significance to address the privacy concern of client s data. Many researchers have been focusing on preserving the privacy of client s data in learning model. Recently, Wang et al. presented a privacy-preserving single-layer perceptron learning for e-healthcare scheme with using paillier cryptosystem and claimed that their scheme can protect the privacy of user s medical information. By analysing the process of iteration and the communication between the cloud and the user, we present that the honest-but-curious cloud can obtain the private medical information. Besides, the leakage of medical cases will lead to the exposure of the specific single-layer perceptron model of e-healthcare, which has gigantic commercial value. Keywords: Outsourcing computation, Single-layer perceptron neural network, Privacy preservation, Paillier cryptosystem 1 Introduction With the rapid development of cloud computing, cloud storage and the data collection capacity, an era of big data is now under way [1]. In the era of big data, it is common to extract useful information from large databases by using the techniques of data mining and machine learning [2]. Among these techniques, neural network model with strong ability to learn the feature of big data is often used to predict outputs efficiently, which has drawn more attention in recent years. Considering a huge amount of data and the complexity of the construction of neural network model, users are inclined to outsource their data and computation to the cloud server. However, the openness and heterogeneity of the network inevitably brings the security problems to data stored in the cloud server. Therefore, the outsourcing paradigm will bring a potential threat to user s privacy information. In order to

2 address the above privacy preserving problem, several related works have been proposed [3][4][5]. Recently, Wang et al. [3] have proposed an efficient privacy-preserving singlelayer perceptron learning (PSLP) scheme by using paillier cryptosystem. In the PSLP system, hospital outsources the ciphertext of medical cases and heavy calculation tasks to the cloud server, which is honest-but-curious. However, the cloud server can obtain the sensitive medical data and the final optimal weight vector in the training process. In the following, we will review their PSLP scheme and point out a security weakness based on that one linear equation with one unknown number w j = w j + ηy i x i,j (for 1 j n) can be solved. 2 Review of the PSLP Scheme In this section, we will overview the PSLP scheme, which is composed of two stages: system setting and privacy-preserving single-layer perceptron learning. 2.1 Notations In order to facilitate reading, we first present some notations. m: the number of medical case. n: the feature number of a piece of medical case. x i : a piece of medical case, x i = (x i,1,, x i,n ) (i {1,, m}). e x i : the ciphertext of a piece of medical case, e x i = (ex i,1,, ex i,n ) (i {1,, m}). y i : the label or desired output of a piece of medical case, i {1,, m}, y i = 1 denotes class C 1 and y i = 1 denotes class C 2. w: a weight vector, w = (w 1,, w n ), w j (j {1,, n}) is corresponding to x i,j (for 1 i m). In the mean while, w (t) means the weight vector which is updated by t 1 times, t is a positive integer number. e w: the ciphertext of weight vector w, e w = (ew 1,, ew n ). In the mean while, e w (t) means the ciphertext of weight vector which is updated by t 1 times, t is a positive integer number. sign(z): a sign function, if z 0, output 1; otherwise output -1. N: the product of two large prime numbers in paillier cryptosystem, it is public. η: learning rate of the single-layer perceptron learning model. 2.2 PSLP Scheme We briefly review the PSLP scheme below. System setting. The hospital runs the paillier cryptosystem s key generation algorithm to obtain the public key P K, and the private key SK according to the security parameter k. And then, the hospital runs the paillier encryption algorithm Enc( ) to encrypt the medical cases x = { x 1,, x m }

3 with the public key P K, and obtains the corresponding ciphertexts ex = {e x 1,, e x m }. Afterwards, the hospital sends the ciphertexts ex and the desired outputs {y 1,, y m } (y i { 1, 1}) to the cloud server. Privacy-preserving single-layer perceptron learning. The main steps of the PSLP scheme are described in Fig. 1. Fig. 1. The Process of PSLP Scheme Step 1: The hospital initializes a weight vector w = (w 1,, w n ), and sends it to the cloud server. Step 2: The cloud server obtains the weight vector w = (w 1,, w n ), and then selects a piece of ciphertext of medical information e x i = (ex i,1,, ex i,n ) (i {1,, m}), then calculates M j = ex w j i,j (w j 0) or M j = ex N w j i,j (w j < 0) (for 1 j n) and A = n j=1 M j. The cloud server returns A to the hospital. Step 3: The hospital obtains the ciphertext A and decrypts it with paillier decryption algorithm Dec( ), and then calculates the value of the function sign( ) where we denote ỹ = sign(dec(a)). The value of ỹ is sent to the cloud server.

4 Step 4: After receiving the ỹ, the cloud server compares the ỹ with the desired output y i. If ỹ y i, calculates V j = ex η i,j (y i = 1) or V j = ex N η i,j (y i = 1). In the meanwhile, the cloud server encrypts the weight vector w by using paillier encryption algorithm Enc( ), ew j = Enc(w j ) (w j 0) or ew j = Enc(N w j ) (w j < 0) (for 1 j n). And then, the cloud server calculates ew j = ew j V j (for 1 j n) to update weight vector w. Ultimately, the cloud server sends back the ciphertext of updated weight vector e w to the hospital. If ỹ = y i, the plaintext of weight vector w will be returned to the hospital. Note that the weight vector is encrypted only once when it is updated in the first time. Step 5: If the hospital receives the ciphertext of weight vector e w, it obtains w by using the paillier decryption algorithm w j = Dec(ew j ) (for 1 j n), and sends the decrypted plaintext w to the cloud server, then the cloud server continues to run from step 2. The hospital will terminate the training process if one or more of the following conditions are satisfied. The first condition is that the number of iterations is larger than a preset threshold, and the second condition is that the weight vector hospital received is plaintext for every medical case. 3 Security Analysis of the PSLP Scheme Because the medical information x = { x 1,, x m } has tremendous commercial value, the honest-but-curious cloud server may want to obtain the privacy medical information. In this section, we will show a honest-but-curious cloud server is able to obtain the private medical information in the PSLP scheme. Let A be an honest-but-curious cloud server, it is able to obtain the private medical information. That is, in an iteration process, if A updates the weight vector w, it would obtain the plaintext of updated weight vector w returned by the hospital as described in step 5 of section 2. Then, A possesses the plaintext of weight vector w before updating, the plaintext of updated weight vector w, the learning rate η and the desired output y i. Trivially, A can obtain the values of medical case x i = (x i,1,, x i,n ) according to the linear equation with one unknown number w j = w j + ηy i x i,j (for 1 j n). Therefore, the cloud server can obtain the private medical information x i by solving these equations. Furthermore, the more times the algorithm iterates, the more medical cases will be leaked. Besides, if the medical cases are disclosed, it would be easier for A to know the practical meaning of each feature value corresponding weight vector w. However, in the PSLP scheme, A can also obtain the final optimal weight vector w = (w 1,, w n ), when the terminal condition is the second one as described in step 5 of section 2. Therefore, the leakage of medical cases will lead to the exposure of the specific single-layer perceptron model for e-healthcare. However, the model also has gigantic commercial value. In the following, we analyze the reason for security weakness of the PSLP scheme. The main cause is that the cloud server must obtain the plaintext of the

5 weight vector w in order to calculate the w x i (i {1,, m}) by using paillier cryptosystem. Trivially, if the cloud server obtains the plaintext of weight vector w before updating and the updated weight vector w, it would be easy to obtain the medical case x i by solving this linear equation with one unknown vector w = w + ηy i x i. Besides, the plaintext of medical cases greatly increase the probability of guessing the meaning of each feature value correctly for the cloud server. Here we describe above steps by a concrete example as below. Suppose w (1) j 0 (for 1 j n), y 1 = 1, ỹ = 1. The main steps of this example are concluded in Fig. 2. Fig. 2. The Process of A Concrete Example Hospital: initializes a weight vector w (1) = (w (1) 1,, w(1) n ), sends it to the cloud server. Cloud server: chooses the medical case e x 1 = (ex 1,1,, ex 1,n ), calculates M j = ex w(1) j 1,j (for 1 j n) and A = n j=1 M j, returns A to the hospital. Hospital: decrypts A and calculates ỹ = sign(dec(a)), sends ỹ to the cloud server.

6 Cloud server: because ỹ y 1, calculates V j = ex η 1,j and ew(1) j = Enc(w (1) j ) (for 1 j n). And then, it calculates ew (2) j = ew (1) j V j (for 1 j n) and sends back the ciphertext of updated weight vector e w (2) to the hospital. Hospital: decrypts the ciphertext of updated weight w (2) j = Dec(ew (2) j ) (for 1 j n), suppose the number of iterations is less than a preset threshold, it sends the w (2) = (w (2) 1,, w(2) n ) to the cloud server. Now, A possesses the plaintext of weight vector w (1) before updating, the plaintext of updated weight vector w (2), the learning rate η and the desired output y 1. Trivially, A can obtain the values of medical case x 1 = (x 1,1,, x 1,n ) according to the linear equation with one unknown number w (2) j = w (1) j +ηy 1 x 1,j (for 1 j n). Therefore, the cloud server can obtain the private medical information x 1 by solving these equations. Furthermore, the more times the algorithm iterates, the more medical cases will be leaked. 4 Conclusion In this paper, we present that the PSLP scheme proposed by Wang et al. [3] is not secure against the honest-but-curious cloud server. The reason why their scheme suffers from the serious attack is that in paillier cryptosystem the cloud server must obtain the plaintext of weight vector to calculate the product w x i (i {1,, m}), which leads to the cloud server obtain the plaintexts of the medical cases easily by the equation w = w + ηy i x i. Therefore, the PSLP scheme can not protect the sensitive medical information as they claimed. And we will give a full solution in our future works. References [1] Xindong Wu, Xingquan Zhu, Gong-Qing Wu, and Wei Ding. Data mining with big data. ieee transactions on knowledge and data engineering, 26(1):97 107, 2014. [2] Wei Fan and Albert Bifet. Mining big data: current status, and forecast to the future. ACM sigkdd Explorations Newsletter, 14(2):1 5, 2013. [3] Guoming Wang, Rongxing Lu, and Cheng Huang. Pslp: Privacy-preserving single-layer perceptron learning for e-healthcare. In Information, Communications and Signal Processing (ICICS), 2015 10th International Conference on, pages 1 5. IEEE, 2015. [4] Fanyu Bu, Yu Ma, Zhikui Chen, and Han Xu. Privacy preserving backpropagation based on bgv on cloud. In High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, pages 1791 1795. IEEE, 2015.

[5] Qingchen Zhang, Laurence T Yang, and Zhikui Chen. Privacy preserving deep computation model on cloud for big data feature learning. IEEE Transactions on Computers, 65(5):1351 1362, 2016. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback