Open access
Author
Date
2022Type
- Doctoral Thesis
ETH Bibliography
yes
Altmetrics
Abstract
In recent years we have seen unprecedented growth in networked devices and services that collect increasingly detailed information about individuals.
This trend of large-scale data collection prompts various important challenges, including ensuring that the collected data is protected from data breaches and misuse. Although increasing public perception and expectations toward data privacy have led to new data privacy regulations, modern data processing systems offer little to no privacy protection mechanisms, and users must fully entrust third parties with their data.
To resolve this issue, many recent research efforts are exploring how to build data processing systems that follow the end-to-end encryption paradigm where data is encrypted at the source such that services never see data in the clear.
Existing encrypted data processing systems show great promise by allowing for confidential computation, but they are often limited to a few aspects of the system design.
Important functionalities such as notions of data ownership, selective release of information, or even guarantees about the robustness of the computations are missing.
In this dissertation, we propose a new class of encrypted data processing tools and systems that expand to the requirements of streaming data applications. We present three privacy-centric systems designs, each addressing issues in employing encrypted data processing in data streaming pipelines and introducing new tools to support extended functionality. TimeCrypt presents techniques for time series databases to offer efficient queries on encrypted streaming data while supporting fine-grained access control. Zeph introduces the concept of providing a service with the means to extract value from encrypted streaming data safely while ensuring data confidentiality and privacy by serving only privacy-compliant views of the data. Zeph cryptographically enforces that privacy transformations are executed before releasing data. Lastly, RoFL extends collaborative analytics systems that stream ephemeral encrypted updates to a service with techniques that provide robustness guarantees.
We present the design, implementation, and detailed evaluation for each of the three systems, demonstrating their feasibility. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000594164Publication status
publishedExternal links
Search print copy at ETH Library
Contributors
Examiner: Paterson, Kenneth
Examiner: Hithnawi, Anwar
Examiner: Capkun, Srdjan
Examiner: Druschel, Peter
Publisher
ETH ZurichSubject
Security; Privacy; Cloud Computing; Stream Processing; Encrypted Data Processing; Access Control; Secure Multiparty Computation; Homomorphic Encryption; Privacy-Preserving AnalyticsOrganisational unit
09653 - Paterson, Kenneth / Paterson, Kenneth
More
Show all metadata
ETH Bibliography
yes
Altmetrics