Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Sharing The Secret: Distributed Privacy-Preserving Monitoring

Mahyar Karimi, K. S. Thejaswini, Roderick Bloem, Thomas A. Henzinger

Abstract

In traditional runtime verification, a system is typically observed by a monolithic monitor. Enforcing privacy in such settings is computationally expensive, as it necessitates heavy cryptographic primitives. Therefore, privacy-preserving monitoring remains impractical for real-time applications. In this work, we address this scalability challenge by distributing the monitor across multiple parties -- at least one of which is honest. This architecture enables the use of efficient secret-sharing schemes instead of computationally intensive cryptography, dramatically reducing over-head while maintaining strong privacy guarantees. While existing secret-sharing approaches are typically limited to one-shot executions which do not maintain an internal state, we introduce a protocol tailored for continuous monitoring that supports repeated evaluations over an evolving internal state (kept secret from the system and the monitoring entities). We implement our approach using the MP-SPDZ framework. Our experiments demonstrate that, under these architectural assumptions, our protocol is significantly more scalable than existing alternatives.

Sharing The Secret: Distributed Privacy-Preserving Monitoring

Abstract

In traditional runtime verification, a system is typically observed by a monolithic monitor. Enforcing privacy in such settings is computationally expensive, as it necessitates heavy cryptographic primitives. Therefore, privacy-preserving monitoring remains impractical for real-time applications. In this work, we address this scalability challenge by distributing the monitor across multiple parties -- at least one of which is honest. This architecture enables the use of efficient secret-sharing schemes instead of computationally intensive cryptography, dramatically reducing over-head while maintaining strong privacy guarantees. While existing secret-sharing approaches are typically limited to one-shot executions which do not maintain an internal state, we introduce a protocol tailored for continuous monitoring that supports repeated evaluations over an evolving internal state (kept secret from the system and the monitoring entities). We implement our approach using the MP-SPDZ framework. Our experiments demonstrate that, under these architectural assumptions, our protocol is significantly more scalable than existing alternatives.
Paper Structure (73 sections, 7 theorems, 8 equations, 2 figures, 1 table)

This paper contains 73 sections, 7 theorems, 8 equations, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related work.
  3. Our approach.
  4. A tale of two sharings.
  5. Our protocol.
  6. Problem definition
  7. System.
  8. Monitor.
  9. Protocols.
  10. Correctness.
  11. Privacy.
  12. Repeated executions.
  13. Assumptions.
  14. Security model.
  15. Problem statement.
  16. ...and 58 more sections

Key Result

theorem 1

Privacy is preserved under unbounded repetition of the protocol.

Figures (2)

  • Figure 1: Monitoring entity that is distributed across several monitors.
  • Figure 2: Performance comparison across all case studies: (left) per-iteration timing, (center) circuit complexity (number of triples), (right) communication overhead. The three rows show ACS, Locks, and Presidential Car scenarios respectively.

Theorems & Definitions (15)

  • definition 1: Abstract Sharing System
  • definition 2: Share conversion
  • remark 1: Compositionality
  • theorem 1: Compositionality across rounds
  • definition 3: Adversary structure
  • theorem 2: System privacy
  • theorem 3: Monitor privacy
  • corollary 1: Joint privacy
  • definition 4: Efficient Share Conversion
  • theorem 3: Compositionality across rounds
  • ...and 5 more