LPDA-EC: A Lightweight Privacy-Preserving Data Aggregation Scheme for Edge Computing
Jiale Zhang, Yanchao Zhao, Jie Wu & Bing Chen @ Nanjing University of Aeronautics and Astronautics & Temple University
IEEE MASS 2018
Chengdu, China
Background p Simple application scenario: smart grid ED1
Make Decisions Household1
搽 EDn
ED1, ED2 … EDn Responses Data Center
Householdn
•
Users collect the sensitive data
•
Then, forward them to the data center
•
Making the intelligent decisions
Oct 10, 2018
MASS 2018
Page 2
Background Traditional data transmission • Communication overhead • Adversary can eavesdrop the channel • System entities may not fully trusted • User’s private data may leakage
How to efficiently transmit the data while protecting user’s privacy?
Oct 10, 2018
MASS 2018
Page 3
PPDA solution p PPDA: Privacy-preserving data aggregation •
Cryptographic scheme to protect the data privacy
•
Signature scheme to ensure the integrity Encryption & Signature
Verification & Local aggregation
Decryption
User 1
ED1, ED2 … EDn User 2
搽 User n
Oct 10, 2018
EDAgg
Responses
Responses Aggregator
Data Center
Reducing the communication overhead ! MASS 2018
Page 4
Problem statement p So what’s the problem? •
We can ensure the user’s privacy — cryptographic
•
Data can be aggregated — homomorphic
•
The data integrity can be guaranteed — signature
•
Why can’t we just use it?
Oct 10, 2018
MASS 2018
Page 5
Problem statement p Two small wrinkles: •
Oct 10, 2018
Complex signature and verification operations
MASS 2018
Page 6
Problem statement p Two small wrinkles: •
Complex signature and verification operations 2012 TPDS: EPPA
Notations
Descriptions
Sign & Ver Cost
! + 1 ∗ %& +(! + 1) ∗ %+
%&
Multiplication operation
Total Cost
2! + 5 ∗ %& + %( + (! + 9)%+
%(
Exponentiation operation
%+
Pairing operation
2014 TII: PEDA Sign & Ver Cost
! + 1 ∗ %& + 2! + 1 ∗ %( +(! + 1) ∗ %+
Total Cost
3! ∗ %& + 5! + 1 ∗ %( + ! + 1 ∗ %+
•
Oct 10, 2018
Aggregator is always resource-constraint
MASS 2018
Page 7
Edge Computing p Edge computing architecture How to construct a new signature method to solve the computational problem in PPDA?
Lightweight PPDA
How to apply the new signature to traditional PPDA while ensure users data privacy?
Oct 10, 2018
MASS 2018
Page 8
Our work p LPDA: System model •
Shifting the time-consuming operations to ES Entities
Trusted Model
TA
Fully trusted
CC
Honest-but-curious
ES
Honest-but-curious
ETs Adversary
Oct 10, 2018
MASS 2018
Malicious
Page 9
OOS: Online/offline signature p BLS signature scheme (BLS’01: Asymmetric version) •
KeyGen: output
•
Sign ((%, +): output , -./ ← 1(+ )'
•
Verify ($%, +, , -./ ): accept if 3 1 + , $% = 3(, -./ , !" )
!" , $% = !"
3 1 + , $% = 3 1 + , !"
'
'
, (% ← *
= 3(1(+ )' , !" ) = 3(, -./ , !" )
p Property • Signature aggregation: anyone can compress n signatures into one Verify ($%, +, , ∗ ) = “accept”
$%" , +" → ,"
...
Aggregate
→ ,∗
Convinces verifier that: User 7 signed the msg +8
$%5 , +5 → ,5 Oct 10, 2018
MASS 2018
Page 10
OOS Construction p Offline signature: •
Calculate the DTCH function value: (*+, =