Table of Contents
Fetching ...

MOZAIK: A Privacy-Preserving Analytics Platform for IoT Data Using MPC and FHE

Michiel Van Kenhove, Erik Pohle, Leonard Schild, Martin Zbudila, Merlijn Sebrechts, Filip De Turck, Bruno Volckaert, Aysajan Abidin

TL;DR

MOZAIK tackles the privacy challenge of IoT data analytics by encrypting data at the source and enabling computation on encrypted data through two cryptographic paradigms: secure multi-party computation (MPC) and fully homomorphic encryption (FHE). The architecture integrates Obelisk-based storage, modular data processing components, and a model provider to support end-to-end confidentiality from ingestion to results. A heartbeat analysis use case demonstrates end-to-end privacy during sensing, storage, and ML inference, validating the feasibility of cryptographic PET-enabled analytics on IoT data. Evaluation reveals that while both MPC and FHE enable privacy-preserving analytics, MPC generally offers superior throughput and latency performance, with FHE providing simpler deployment but substantial overhead and latency, guiding practical trade-offs and potential hybrids for real-world deployment.

Abstract

The rapid increase of Internet of Things (IoT) systems across several domains has led to the generation of vast volumes of sensitive data, presenting significant challenges in terms of storage and data analytics. Cloud-assisted IoT solutions offer storage, scalability, and computational resources, but introduce new security and privacy risks that conventional trust-based approaches fail to adequately mitigate. To address these challenges, this paper presents MOZAIK, a novel end-to-end privacy-preserving confidential data storage and distributed processing architecture tailored for IoT-to-cloud scenarios. MOZAIK ensures that data remains encrypted throughout its lifecycle, including during transmission, storage, and processing. This is achieved by employing a cryptographic privacy-enhancing technology known as computing on encrypted data (COED). Two distinct COED techniques are explored, specifically secure multi-party computation (MPC) and fully homomorphic encryption (FHE). The paper includes a comprehensive analysis of the MOZAIK architecture, including a proof-of-concept implementation and performance evaluations. The evaluation results demonstrate the feasibility of the MOZAIK system and indicate the cost of an end-to-end privacy-preserving system compared to regular plaintext alternatives. All components of the MOZAIK platform are released as open-source software alongside this publication, with the aim of advancing secure and privacy-preserving data processing practices.

MOZAIK: A Privacy-Preserving Analytics Platform for IoT Data Using MPC and FHE

TL;DR

MOZAIK tackles the privacy challenge of IoT data analytics by encrypting data at the source and enabling computation on encrypted data through two cryptographic paradigms: secure multi-party computation (MPC) and fully homomorphic encryption (FHE). The architecture integrates Obelisk-based storage, modular data processing components, and a model provider to support end-to-end confidentiality from ingestion to results. A heartbeat analysis use case demonstrates end-to-end privacy during sensing, storage, and ML inference, validating the feasibility of cryptographic PET-enabled analytics on IoT data. Evaluation reveals that while both MPC and FHE enable privacy-preserving analytics, MPC generally offers superior throughput and latency performance, with FHE providing simpler deployment but substantial overhead and latency, guiding practical trade-offs and potential hybrids for real-world deployment.

Abstract

The rapid increase of Internet of Things (IoT) systems across several domains has led to the generation of vast volumes of sensitive data, presenting significant challenges in terms of storage and data analytics. Cloud-assisted IoT solutions offer storage, scalability, and computational resources, but introduce new security and privacy risks that conventional trust-based approaches fail to adequately mitigate. To address these challenges, this paper presents MOZAIK, a novel end-to-end privacy-preserving confidential data storage and distributed processing architecture tailored for IoT-to-cloud scenarios. MOZAIK ensures that data remains encrypted throughout its lifecycle, including during transmission, storage, and processing. This is achieved by employing a cryptographic privacy-enhancing technology known as computing on encrypted data (COED). Two distinct COED techniques are explored, specifically secure multi-party computation (MPC) and fully homomorphic encryption (FHE). The paper includes a comprehensive analysis of the MOZAIK architecture, including a proof-of-concept implementation and performance evaluations. The evaluation results demonstrate the feasibility of the MOZAIK system and indicate the cost of an end-to-end privacy-preserving system compared to regular plaintext alternatives. All components of the MOZAIK platform are released as open-source software alongside this publication, with the aim of advancing secure and privacy-preserving data processing practices.
Paper Structure (65 sections, 11 equations, 7 figures, 3 tables, 8 algorithms)

This paper contains 65 sections, 11 equations, 7 figures, 3 tables, 8 algorithms.

Figures (7)

  • Figure 1: Architectural overview of Obelisk HFS. The system consists of five distinct microservices: the ingest service, the sink service, the streaming service, the query service, and Keycloak as the identity service. Ingested data is placed on a Kafka message queue topic to be consumed by the sink and streaming service. Data is eventually stored in a Clickhouse data store. The Traefik API gateway ensures requests are directed to the correct service.
  • Figure 2: Schematic overview of the proposed proof-of-concept system architecture of MOZAIK. The data generated by an IoT device is encrypted and securely stored in Obelisk. The FHE server or MPC parties perform computation on the encrypted data on request while ensuring user privacy and store the encrypted result back into Obelisk. The model provider supplies a machine learning model to the computation servers for inference on the user's data. This figure contains resources from Flaticon.com.
  • Figure 3: Visualization of the ad hoc analysis (a) and streaming (b) mode provided by the MOZAIK platform. In ad hoc analysis mode, ingested data is only processed upon explicit request by the user. In streaming mode, the user explicitly grants the continuous processing of their data for a certain time period. This figure contains resources from Flaticon.com.
  • Figure 4: Sequence diagram illustrating the complete end-to-end flow of an ad hoc MPC analysis. An IoT sensor device collects and encrypts data points, after which they are stored within the user's dataset in Obelisk. The user later initiates an ad hoc analysis on selected data points, triggering the computation flow. Finally, the user obtains the analysis result.
  • Figure 5: Summary of annotated classes of the heartbeat classification dataset.
  • ...and 2 more figures

Theorems & Definitions (2)

  • Definition 1: Replicated Secret Sharing
  • Definition 2: Ripple Carry Adder