CoVault: A Secure Analytics Platform

In a secure analytics platform, data sources consent to the exclusive use of their data for a pre-defined set of analytics queries performed by a specific group of analysts, and for a limited period. If the platform is secure under a sufficiently strong threat model, it can provide the missing link to enabling powerful analytics of sensitive personal data, by alleviating data subjects' concerns about leakage and misuse of data. For instance, many types of powerful analytics that benefit public health, mobility, infrastructure, finance, or sustainable energy can be made differentially private, thus alleviating concerns about privacy. However, no platform currently exists that is sufficiently secure to alleviate concerns about data leakage and misuse; as a result, many types of analytics that would be in the interest of data subjects and the public are not done. CoVault uses a new multi-party implementation of functional encryption (FE) for secure analytics, which relies on a unique combination of secret sharing, multi-party secure computation (MPC), and different trusted execution environments (TEEs). CoVault is secure under a very strong threat model that tolerates compromise and side-channel attacks on any one of a small set of parties and their TEEs. Despite the cost of MPC, we show that CoVault scales to very large data sizes using map-reduce based query parallelization. For example, we show that CoVault can perform queries relevant to epidemic analytics at scale.