In a secure analytics platform, data sources consent to the exclusive use of their data for a pre-defined set of analytics queries performed by a specific group of analysts, and for a limited period. If the platform is secure under a sufficiently strong threat model, it can provide the missing link to enabling powerful analytics of sensitive personal data, by alleviating data subjects' concerns about leakage and misuse of data. For instance, many types of powerful analytics that benefit public health, mobility, infrastructure, finance, or sustainable energy can be made differentially private, thus alleviating concerns about privacy. However, no platform currently exists that is sufficiently secure to alleviate concerns about data leakage and misuse; as a result, many types of analytics that would be in the interest of data subjects and the public are not done. CoVault uses a new multi-party implementation of functional encryption (FE) for secure analytics, which relies on a unique combination of secret sharing, multi-party secure computation (MPC), and different trusted execution environments (TEEs). CoVault is secure under a very strong threat model that tolerates compromise and side-channel attacks on any one of a small set of parties and their TEEs. Despite the cost of MPC, we show that CoVault scales to very large data sizes using map-reduce based query parallelization. For example, we show that CoVault can perform queries relevant to epidemic analytics at scale.
翻译:在一个安全的分析平台上,数据来源同意将数据专用于由特定分析家群体进行一套预先界定的分析查询,而且时间有限。如果平台在足够强大的威胁模式下安全,它可以提供缺失的环节,通过减轻数据主体对数据泄漏和滥用数据的担忧,使敏感个人数据能够进行强有力的分析。例如,许多种类的强大分析可以以不同方式私下进行有利于公共健康、流动性、基础设施、金融或可持续能源的强大分析,从而减轻对隐私的关切。然而,目前没有足够安全的平台可以减轻对数据泄漏和误用的关切;结果,许多类型的分析将有利于数据主体和公众的类分析都无法完成。 CoVault使用新的多方执行功能加密(FE)来安全分析,这取决于秘密共享、多方安全计算(MPC)和不同信任的执行环境的独特组合。 CoVault是安全的,在非常强大的威胁模型下可以安全地缓解对数据泄露和误用,因此,我们可以使用一个规模的地球观测公司规模的小型威胁模型,用来容忍在相关规模上进行折价和侧的大规模攻击。