Smc Dst Project 1july09 1651

www.nanotechbiz.org [email protected]

A proposal on

Applications of Secure Multi party Computation SMC

Brief Synopsis: In this project we have proposed a promising solution for secure multiparty computation in various domains. We have already been working in this field from past years. We have obtained some significant results which shows that SMC can solve many problems in various fields. Our developed protocol can be used to perform secure computations which has applications in Business Process Outsourcing, Defense, Banking, Corporate sectors etc. We plan to implement our project in three phases. We will conduct many tests and surveys and implement our proposal in real life problems. The technique can be developed and commercialized for business.

PROBLEM STATEMENT AND DEFINITION Our aim is to find out a new promising solution to SMC. Many scientific calculations involves surveys and data from third organizations. Many organizations due to risk of data leakage and privacy preserving issue don’t willingly provide the scientific organization with their data and thus the experiments cannot be conducted will full effectiveness. Our work will be to find a new secured way of SMC which will allow many public organizations and other industries to willingly provide their data and other information for computation in a secured manner. With the help of a secured technique we will be able to conduct many surveys including data from industrial sector, educational and academic sector, medical sector, tertiary sector, and from other organizations etc. which will allow us to compute some very useful results. These results will lead to further development of our country by providing us with useful information. Usually private industries don’t share their data, account information, and other details of the functioning of the industry with public or with other such industries. Many private industries will be able to conduct useful surveys which will lead to development of the industrial sector as a whole. We will be able to evolve new technology faster and better by conducting many surveys in public. These surveys will tell us about the technology which is being used by the public the most. We will be able to conduct secured and privacy preserving surveys which will lead us with information about the thinking of people about a technology and the technology being used by the public the most. A countries growth depends upon the growth of its citizens, small and large scale industries, schools, colleges, academic institutions, small and large scale businesses and organizations and their collective growth of all of them is dependent upon many factors. For the proper functioning, improvement and betterment of an industry it is required to monitor its growth and for its improvement surveys are conducted. Surveys are basically collection of data and processing of the collected data to obtain some useful results. These results are then examined to get the required data. Surveys are conducted on a large scale to obtain useful results for the industry. The surveys may be done for market research, marketing benefits, to depict the progress and functioning of the Industry, the effect of one industry on another industry, the affect of industry on the citizens and the overall progress of a country. The surveys can provide detailed insight into the functioning of the industry as the surveys include data and

Cite as : Satydhar Joshi, "Research Proposal Report " [Online document], 2009 June09, Available HTTP: http://www.nanotechbiz.org Copyright Nanotechbiz.org

feedback directly collected from individual benefactors. Surveys can provide many useful results which can tell about the strength of the industry. OBJECTIVE The prime objective of this research is to find a solution to Secure Multiparty Computation (SMC). During the research period we will study the existing techniques, examine them, simulate them, and will try to find a better approach to the existing techniques. We will try to find a highly efficient and maximum security SMC technique. None of the existing techniques are totally secure, all of them having some kind of flaw or vulnerability or both. Our aim will be to find a new method of computation which can safely perform SMC, providing us with required security, efficiency, performance, scalability, applicability, portability and ease of use. The required task may be to perform a secure scientific computation, secure statistical analysis, privacy-preserving data mining, privacy-preserving geometric computations, privacy-preserving intrusion detection, privacy-preserving database query, privacy preserving surveys or any such kind of computation involving private data from many parties, where the security of the private data and the identity of the party is the prime concern. If government or any big organization wants to conduct surveys on hospitals, academic institutions, industries or financial organizations, financial and account information from banks etc. then the privacy and security of data of an individual or the organizations, in the computation is the major issue of concern. Currently many organizations refuse to give their data for survey purposes due to issues of less security and chances of data leakage involved in these types of data transactions. Research in this field can provide us with a new technique to perform SMC’s, which will allow many organizations to conduct surveys freely and this can help in the growth of our country. We will be able to perform SMC’s in a highly secured manner. Many SMC’s can yield useful result, and many such computations are not conducted due to security as a major issue. With a new method many organizations would be able to compute useful results through computations involving data from many organizations, but this computation will be secured, thus keeping the security and yielding a useful result. IMPLEMENTATION STRATEGY AND PLAN Phase I In this project we aim at finding more efficient, secure and reliable SMC technique. In the initial stage we plan to study the existing techniques of SMC. In phase one will closely examine these existing methods. Initially we will simulate them on a network. We will examine the security, functioning and other parameters of the techniques based on the previous simulations of techniques. Many experimental calculations will be performed with these methodologies. Based on the simulation and examination of the techniques we will find out the security vulnerabilities and other flaws in the present methods. A report will be prepared, based on the simulation and various issues related to these methods. First and foremost, we will lay down the network for simulation. We will connect around forty to fifty computers in a network using LAN. To test the proper functioning of a technique we will design a protocol based on the particular technique and use all the rules of that technique. A software will be

prepared which can perform SMC computations using the rules of the technique. We will then deploy the software on the network prepared. The network will be made ready for the process and the software will be used to perform the required tasks. Using this prepared set we will perform several computations. During the testing we will have our security team try to hack through the whole system. The security team will try to hack in the systems security and will try to leak out information and data involved in the process. This approach will allow us to find the vulnerabilities in the method. The security of the whole process would be analyzed and the data transfer would be constantly monitored using network tapping software. Several computations would be performed using the same technique to test the same for different purposes and using varies approaches. Many different types of computations would be performed to analyze a particular technique and its suitability for particular types of tasks and its usability in a particular application. The technique suited for a particular type of application may not be well suited for other types of computations. A detailed report would be prepared based on the testing and experimentation. Phase II In the second stage we will try to find a solution to these various issues along with the security issue as a major focus, and we will try to eliminate them. We will try to remove the flaws by examining the reports produced by the simulation and experimentation. The techniques will be modified accordingly to meet the needed security level. Based on the scope of enhancement in a particular we will try to eliminate any flaws in the technique and if necessary we will try to club different techniques to make a better one if possible. Then they will again be simulated and experimented on the test network as to ensure they meet the desired requirements. All the parameters and characteristics of the whole process would be noted and report would be prepared. If any technique seems out of scope of enhancement we will not work on it further. Only those techniques which can be improved or which have a chance of enhancement, will be worked on. Based on the study we will also prepare reports related to security concerning issues in various methods and various key features which are prime requisite of SMC. We will address key improvements which can be done in the existing techniques to improve their security, performance, applicability etc. and to over all improve the technique. Based on these we will present many papers on international level to address these issues related to a technique, the key prime requisite of a technique and the trends in SMC. We plan to send our work to various international conferences and journals. Phase III In third stage our aim would be to find out a new technique with maximum security. We will use the results obtained in the previous stages and will try to keep in mind the security related issues and other flaws in the existing methods. Based on our research and reports of the result of simulation and experiments conducted on the simulation network, we will try to evolve a new technique to address the existing security issues, free from the flaws of the existing era and having the maximum security. We will enlist the various required key features, the various issues related to SMC, and the major problems which remain a big hindrance for the SMC. We will find out various techniques to address the issues and will cycle through many of the available techniques to fix them. We will add

features in the technique by finding the best options available currently. We would combine a set of powerful and useful features and will try to address the common issues found in the earlier stages, by using suitable way. The technique to be developed would be free from all the flaws which have been found out in the existing techniques in the earlier stages, it should have all the features which are essential for SMC, it should provide maximum security, it should have wide range of applicability, it should be easy to implement, the performance should be optimal etc. We will conduct some final tests and surveys to demonstrate the technique, it powerful features and its working. We would conduct online surveys involving many academic institutes. Papers would be prepared for the technique which would show the detailed functioning of it along with the comparison with the other techniques. We plan to publish our work in major recognized journals and conferences. WORK DONE / RESULTS OBTAINED SO FAR We have already been working in this field from many years. We have presented many papers on some new techniques. We have tried to address many issues related to security and privacy.

P1

P11

P12

P2

P1k

A1

P21

A2

Pn

P2k

A3

P31

Party Layer

P3k

Az

TTP

Virtual Party Layer

Anonymizer Layer

Computation Layer Fig. 1. VPP Protocol.

In our previous work we devised the Virtual Cryptography technique which used Enforced Encryption. We developed the Virtual Party Protocol (VPP) which can be used safely to ensure the privacy of individual and preserving the data of the organization as a whole by not revealing the right data and will allow us to reach zero hacking security. In this method we will create some fake data and some virtual parties. Since the calculation is not dependent upon the number of parties, we can create any desired number of virtual parties. Now we will encrypt the data and create modifier tokens correspondingly. This modified data is mixed with fake data. These modifier tokens are related to the modification done in the data and will be used in the final computation to obtain the correct result. Now this modified data and the modifier tokens are distributed among the virtual parties. These parties will send their data to

anonymizers. The anonymizers will send this data to Third Party for computation. Third Party will use the data and the modifier tokens to compute the result. The modifier tokens will aid to bring the result obtained by the encrypted data values. The modifier tokens in any manner will not reveal the identity of the party or such. The modifier is a short collection of information which is used in the final computation to ensure the right result. The method of encryption, modifier tokens, encrypted data and the method of computation all are interdependent.

Fig. 2. Graph between number of Virtual Parties (x axis) vs Probability of hacking (y axis).

Fig. 3.number Graph between number of Parties axis) vs Probability of hacking(y The graph between of virtual parties k vs. (x the probability of hacking P(Pr) axis). for n=5,6,7,8,9,10 is

shown in Fig. 2. which clearly depicts that probability of hacking is nearly zero when the number virtual parties is three or more. Also the graph between number of parties and probability of hacking for k=5,6,7,8,9,10 is shown in Fig. 3. As the number of virtual parties is eight the probability of hacking is in the order of 10-5 or we can say nearly zero. APPLICATIONS SPECIAL EXPLAINATION FOR APPLICATIONS OF SMC IN THE FOLLOWING FIELDS: 

SCIENTIFIC COMPUTATIONS Many companies and organizations perform research in a wide area of fields for their development and betterment. Most of these researches are not revealed publicly and kept private to the company itself or made a patent of the company to make profit through it. If these researches can be shared with other organizations which are working in the same field the research can be boosted by a large factor. There are many scientific computations which require results from many experiments and researches. If we can find a way in which the scientific computation can be performed without revealing the result, but using it to compute the desired result than it can help research and scientific organizations and other companies greatly. Organizations and companies would be able to share their data, information and results with each other thus will boost the research further. 

DATABASE COMPUTATIONS Database transactions may involve data and information belonging to an individual. Security of data is our prime concern.



BANKING In banking there are many transactions and processes which involve private information and sensitive data belonging to an individual. Such type of transactions if not performed securely, can be used to leak out any private information of the individual, which can prove harmful for the individual in any manner. Many inter-banking and intra-banking transactions and processes many also involve such sensitive and private information or data. If we can find a secure method for sharing such type of data we can perform many computations and calculations related to banking which can give out many useful results. The privacy of individual will be maintained and the transactions will be done without any risk. There are many surveys conducted by banking sectors. These surveys may be related to customer or the employees working for the banks. Such surveys may include private data and information related to an individual and its privacy should be our prime concern. In such type of surveys their may be lack of data entries due to people not indulging into these surveys, because they may have fear of information and private data leakage. Even if may people does indulge in such surveys the data and information involved is still not secured.

If we can find a way to perform such surveys in which information related to an individual can be utilized in the survey but the information itself is not revealed, then it can help the banking sector greatly for conducting many useful surveys.  BUSINESS PROCESS OUTSOURCING Indian firms account for 80% share of the global market for cross border BPO services related to Finance and Accounting, Customer Interaction, and Human Resources Administration. According to the National Association of Software and Service Companies (NASSCOM), the revenues generated by ITES-BPO exports from India were US$2.5 billion during 2002, which increased to US$3.6 billion in 2003. In 2004, export of ITES-BPO to India generated revenues of US$5.2 billion. In addition to exports, the domestic market for BPO services has also grown. The domestic BPO market was US$0.2 billion in 2002, US$0.3 billion in 2003, US$0.6 billion in 2004, and US$0.86 billion in 2005. In India, the value of Human Resources operations outsourced during 2004 was US$165 million, as compared to just US$75 million during 2003. Emerging segments of the BPO industry in India include Knowledge Process Outsourcing (KPO) and Finance and accounting outsourcing. In 2005, the Indian ITES-BPO industry recorded an annual growth rate of 37% to reach a value of US$6.3 billion. Within a span of over a decade, India has become one of the most favored destinations across the world for business process outsourcing (BPO) operations. According to the National Association of Software and Service Companies (NASSCOM), the ITES-BPO exports from India in 2003-04 was US$ 3.1 billion was estimated to be US$ 6.3 billion by 2005-06. India has rapidly achieved the status of being the most preferred destination for business process outsourcing (BPO) for companies located in the US and Europe. This is because of the availability of low cost skilled manpower, a large English speaking population, and appropriate infrastructure in India. Security and privacy are the two major issues needed to be addressed by the Indian software industry to have an increased and long-term outsourcing contract from the US. Another important issue is about sharing employee’s information to ensure that data and vital information of an outsourcing company is secured and protected. This issue also calls for an immediate action, he added. It is to be noted that given the increasing manpower cost in India coupled with the demand for multi-locational operations from the US companies, countries like the Philippines, Ireland and Mexico may pose a threat to India in due course of time. Even countries such as China, Russia and Hungary are also gearing up on the IT front in a big way. What does security actually mean, in the context of human resources outsourcing, and how is security different from privacy? Is it even different? Are security concerns any different for a multinational company or a company that is considering offshore outsourcing, and is the customer or the service provider ultimately held responsible in the event of failure? One thing’s for sure – as corporations continue to broadly adopt outsourcing as a strategy to manage their HR processes and capabilities, concerns around security take on an entirely different dimension. Security is not just a consequential phenomenon that results from proliferation of information technology. Security has been a human resources concern since long before HR departments began to

IT-enable their processes and capabilities. Prior to IT-enabled HR, the definition of security was more passive – the state of being safe or secure. Questions around who physically saw what records, where the records were stored and how they were transported there, for example, were usually the types of security topics discussed in the context of HR. However, today’s IT-enabled HR systems have amplified and broadened security needs to the extent that security concerns now overarch all IT-enabled HR processes as well. Now add the backdrop. EXISTING WORK DONE ON THE PROJECT In [1-5] we have shown that applications of SMC can be felt in various areas like banking, BPO, defense and many other areas. Also we have shown the implementation of our proposed SMC protocols. Other work done in this regard is shows that SMC can be realized for various applications as shown in [6-9]. PUBLICATIONS IN SMC 1.

Rohit Pathak, Satyadhar Joshi: Secure Multi-party Computation Using Virtual Parties for Computation on Encrypted Data. Proc. of The First International Workshop on Mobile & Wireless Networks (MoWiN-2009) in Conjunction with The Third International Conference on Information Security and Assurance (ISA’09), Springer Lecture Notes on Computer Science (June 2009) 2. Rohit Pathak, Satyadhar Joshi: Secured Communication For Business Process Outsourcing Using Optimized Arithmetic Cryptography Protocol Based On Virtual Parties. Proc. International Conference on Contemporary Computing. Springer Communications in Computer and Information Science ISSN: 1865-0929 (August 2009) 3. Rohit Pathak, Satyadhar Joshi: Secure Multi-Party Computation Protocol For Defense Applications In Military Operations Using Virtual Cryptography. Proc. International Conference on Contemporary Computing. Springer Communications in Computer and Information Science ISSN: 1865-0929 (August 2009)9 4. Rohit Pathak, Satyadhar Joshi: Secure Multi-Party Computation Protocol for Statistical Computation on Encrypted Data. Proc. 2009 International Conference on Software Technology and Engineering (ICSTE 2009) (July 2009) 5. Rohit Pathak, Satyadhar Joshi, “A Novel Protocol for Privacy Preserving Banking Computations using Arithmetic Cryptography” International Conference On Security and Identity Management (SIM) – 2009, Sponsored by Research Council of UK (RCUK), May 11-12, 2009 6. Mishra D.K., Chandwani M., “Extended protocol for secure multi-party computation using ambiguous identity,” WSEAS Transactions on Computer Research, Greece, Vol. 2, No. 2, Feb. 2007, pp. 227-233. 7. Mishra D.K., Chandwani M., “Arithmetic cryptography protocol for secure multi-party computation,” In Proceeding of IEEE SoutheastCon 2007: The International Conference on Engineering – Linking future with past, Richmond, Virginia, USA, 22-25 Mar 2007, pp. 22-24 8. Mishra D.K., Chandwani M., “Anonymity enabled secure multi-party computation for Indian BPO,” In Proceeding of the IEEE Tencon 2007: International conference on Intelligent Information Communication Technologies for Better Human Life, Taipei, Taiwan on 29 Oct. - 02 Nov. 2007, pp. 52-56.