Protecting Web Users’ Privacy

by Larry Hardesty,   MIT News

A System for disguising database queries could prevent customer profiling and price gouging.

Most website visits these days entail a database query — to look up airline flights, for example, or to find the fastest driving route between two addresses.

But online database queries can reveal a surprising amount of information about the people making them. And some travel sites have been known to jack up the prices on flights whose routes are drawing an unusually high volume of queries.

At the USENIX Symposium on Networked Systems Design and Implementation next week, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory and Stanford University will present a new encryption system that disguises users’ database queries so that they reveal no private information.

The system is called Splinter because it splits a query up and distributes it across copies of the same database on multiple servers. The servers return results that make sense only when recombined according to a procedure that the user alone knows. As long as at least one of the servers can be trusted, it’s impossible for anyone other than the user to determine what query the servers executed.

“The canonical example behind this line of work was public patent databases,” says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the conference paper. “When people were searching for certain kinds of patents, they gave away the research they were working on. Stock prices is another example: A lot of the time, when you search for stock quotes, it gives away information about what stocks you’re going to buy. Another example is maps: When you’re searching for where you are and where you’re going to go, it reveals a wealth of information about you.”

Of course, if the site that hosts the database is itself collecting users’ data without their consent, the requirement of at least one trusted server is difficult to enforce.  Wang, however, points to the increasing popularity of services such as DuckDuckGo, a search engine that uses search results from other sites, such as Bing and Yahoo, but vows not to profile its customers.

Splinter users a technique called function secret sharing, first described in 2015 by a trio of Israel computer scientists. The researchers found Splinter could return a result from a database with millions of entries in about a second.

“There’s always this gap between something being proposed on paper and actually implementing it,” Wang says. “We do a lot of optimization to get it to work, and we have to do a lot of tricks to get it to support actual database queries.”

“When you look at a lot of these systems that purport to provide various security properties, they work very nicely in theory, but user experience often comes down to performance, and the performance is not there,” says James Mickens, an associate professor of computer science at Harvard University. “What’s nice about Splinter is that they use these realistic applications and realistic workloads to show that, yeah, users would probably interact with this system. The system isn’t quite as a fast as a normal, non-privacy-preserving system, but there’s no free lunch. I think that the system does quite a good job of providing that additional privacy protection while still being reasonably performant.”  Read the report.

DCL: In light of the Trump administration’s recent demolishing of  Internet privacy laws due to big money influence and industry pressure, this kind of research is a welcome addition to our abilities to maintain some defenses against  “big brother”!

Leave a Reply