Archive for the ‘Trust’ Category
Here are the three (3) principles for privacy-preserving computation based on the Enigma P2P distributed multi-party computation model:
(a) Bring the Query to the Data: The current model is for the querier to fetch copies of all the data-sets from the distributed nodes, then import the data-sets into the big data processing infra and then run queries. Instead, break-up the query into components (sub-queries) and send the query pieces to the corresponding nodes on the P2P network.
(b) Keep Data Local: Never let raw data leave the node. Raw data must never leaves its physical location or the control of its owner. Instead, nodes that carry relevant data-sets execute sub-queries and report on the result.
(c) Never Decrypt Data: Homomorphic encryption remains an open field of study. However, certain types of queries can be decomposed into rudimentary operations (such as additions and multiplications) on encrypted data that would yield equivalent answers to the case where the query was run on plaintext data.
One important news item this week from the IoT space is the support by Atmel of Intel’s EPID technology.
Enhanced Privacy ID (EPID) grew from the work of Ernie Brickell and Jiangtao Li based on previous work on Direct Anonymous Attestations (DAA). DAA is very relevant because it is built-in into the TPM1.2 chip (of which there are several hundred million in PC machines).
Here is a quick summary of EPID:
- EPID is a special digital signature scheme.
- One public key corresponds to multiple private keys.
- Private key generates a EPID signature.
- EPID signature can be verified using the public key.
Interesting Security Properties:
- Anonymous/Unlinkable: Given two EPID signatures one cannot determine whether they are generated from one or two private keys.
- Unforgeable: Without a private key one cannot create a valid signature.
So the topic of “trust” always generates a million emails on various lists. Rather than rolling-up my own definition, I thought I’d borrow a good definition from the Trusted Computing Group community (courtesy of Graeme Proudler of HP Labs, UK).
It is safe to trust something when:
- It can be unambiguously identified.
- It operates unhindered.
- The user has first hand experience of consistent, good, behavior.
The definition is that of “technical trust”, namely “trust” in the mechanics of some computation (e.g. cryptographic computation, etc). In this case it refers to the TPM hardware. Note that “unhindered operation” is paramount for technical trust. This is still somewhat of a challenge for software (eg. think multi-tenant clouds and VMs).