PUBA: Privacy-Preserving User-Data Bookkeeping and Analytics

Authors: Valerie Fetzer (Karlsruhe Institute of Technology, KASTEL), Marcel Keller (CSIRO’s Data61), Sven Maier (Karlsruhe Institute of Technology, KASTEL), Markus Raiber (Karlsruhe Institute of Technology, KASTEL), Andy Rupp (University of Luxembourg and KASTEL SRL), Rebecca Schwerdt (Karlsruhe Institute of Technology, KASTEL)

Volume: 2022
Issue: 2
Pages: 447–516

Download PDF

Abstract: In this paper we propose Privacy-preserving User-data Bookkeeping & Analytics (PUBA), a building block destined to enable the implementation of business models (e.g., targeted advertising) and regulations (e.g., fraud detection) requiring user-data analysis in a privacy-preserving way. In PUBA, users keep an unlinkable but authenticated cryptographic logbook containing their historic data on their device. This logbook can only be updated by the operator while its content is not revealed. Users can take part in a privacypreserving analytics computation, where it is ensured that their logbook is up-to-date and authentic while the potentially secret analytics function is verified to be privacy-friendly. Taking constrained devices into account, users may also outsource analytic computations (to a potentially malicious proxy not colluding with the operator). We model our novel building block in the Universal Composability framework and provide a practical protocol instantiation. To demonstrate the flexibility of PUBA, we sketch instantiations of privacy-preserving fraud detection and targeted advertising, although it could be used in many more scenarios, e.g. data analytics for multi-modal transportation systems. We implemented our bookkeeping protocols and an exemplary outsourced analytics computation based on logistic regression using the MP-SPDZ MPC framework. Performance evaluations using a smartphone as user device and more powerful hardware for operator and proxy suggest that PUBA for smaller logbooks can indeed be practical.

Keywords: MPC, Bookkeeping, Building-Block, Analytics, UC

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.