Resolving the shortcomings of services and applications

Professor Susanne Wetzel1, Daniel Mayer1, Fabian Förg1, Professor Ulrike Meyer2, and Georg Neugebauer2 

1 Stevens Institute of Technology, Department of Computer Science Castle Point on Hudson, Hoboken NJ 07030, USA {swetzel,dmayer,ffoerg}

2 RWTH Aachen, Department of Computer Science Mies-van-der-Rohe-Str. 15, D-52074 Aachen, Germany {meyer,neugebauer}

Today, services and applications such as Facebook, Twitter, Doodle, ZocDoc, etc. enjoy great popularity and are used by more and more people on a daily basis. While providing users with an increased level of convenience for daily chores and activities, or providing for a simplification of processes in their personal and business lives, these services and applications typically share two common shortcomings.

First and foremost: privacy concerns. Despite the fact that these services and applications typically have privacy policies that govern the use of the respective data, in most cases the users have little to no control over their data once it is collected by the service provider. In fact, by-and-large users have the choice between disclosing data or not being able to use the application or service. Second: lack of recognition of a user’s preferences. Oftentimes, it is not possible for the user to indicate preferences, e.g., preferring a specific time for a meeting arranged through Doodle. And even in cases where a user might be able to provide preferences, there is no guarantee that these preferences are properly recognized in the sequel, i.e., are unbiased.

It is in this context that the work of Professor Wetzel (Department of Computer Science) and her group in collaboration with the research group of Professor Meyer at RWTH Aachen (Germany) provides for novel solutions that address both problems. Specifically, this research strives to develop solutions that allow a user to use a service without having to disclose her data. In addition, this work provides the user with the capability to specify preferences and ensures that these are properly recognized in the process.

To date, the work of Professors Wetzel and Meyer and their groups has focused on so-called reconciliation protocols. By means of these types of protocols two (or more) users may reach an agreement. For example, in the case of Doodle, there is a reconciliation of the users’ calendars in order to determine a meeting time that will work for everyone. Or in case of ZocDoc it is the reconciling of the doctor’s appointment book with the patient’s calendar to find a time where the doctor can not only see the patient but the patient can fit the appointment into his calendar. Other applications include data mining, auctions, or voting.

Generally speaking, a protocol consists of a sequence of instructions that describe what the respective parties have to do, i.e., what they have to compute or what they communicate and when with others. The privacy-preserving unbiased reconciliation protocols developed by the groups of Professors Wetzel and Meyer are cryptographic protocol that make extensive use of homomorphic cryptography. In the context of privacy-preserving operations, homomorphic cryptography is gaining an increased interest in that it facilitates the computation on encrypted data. Specifically, using a homomorphic cryptosystem it is possible to carry out a certain operation on ciphertexts E(m1) (i.e., the encryption of plaintext m1) and E(m2) which in turn correspond to a specific operation on the plaintexts m1 and m2 without actually knowing these plaintexts.

Turning back to the scheduling, let us consider a simplified example where two parties Alice and Bob wish to find a common time for a meeting. The following table provides an example for the parties’ preferences for a one-hour meeting (neglecting specifics about a specific date):

Obviously, there is various options to determine the time slot that is most preferred by both parties—thus determining the notion of unbiasedness. One option is to consider the maximum of the sum of the parties’ preferences. An alternative approach is to consider the time slot where the minimum preference is maximized. Going with the sum of the ranks, 1 PM is the preferred starting time, whereas in case of considering the minimum of ranks it is the 3PM slot.

While popular systems like ZocDoc or Doodle would require the parties to share the information on available time slots with at least the service provider. (Note that these systems do not currently allow the specifying of preferences. If they did, they most likely would require the sharing of that data also.) Yet, in the protocols developed by the groups of Professors Wetzel and Meyer the parties can keep all this information private, i.e., both the starting times as well as their respective preferences. At the core, the newly-developed protocols use homomorphic encryption to carry out suitable tests in a specific order on the encrypted data.

To date, the groups have developed protocols for facilitating privacy- preserving unbiased scheduling, voting, and auctions. The solutions have been designed to be secure in the context of two commonly recognized attack sce- narios: semi-honest and malicious adversaries. While a semi-honest adversary follows the protocol but tries to learn as much as possible (also referred to as honest-but-curious adversary), a malicious adversary may engage in arbitrary actions to cause a privacy leakage or disturb unbiasedness.

The research team has implemented a comprehensive library for privacy- preserving operations and developed proof-of-concept scheduling apps for iOS and Android. For more information on the applications, protocols, apps, publications, and the project team, see the project website

The project is funded under NSF Award CCF 1018616 and DFG Grant ME 3704/1-1.