Speaker:
Florian Kerschbaum
University of Waterloo

Abstract:

Differential Privacy has become a widely used tool to protect privacy in data science applications.  In this talk, I will present two use cases for differential privacy: a) in collection of key-value statistics and b) as a protection against membership inference attacks.  Key-value statistics are commonly used to gather information about the use of software products.  Yet, the collector may be untrusted, and the data of each user should be protected.  There exist a number of differentially private collection methods that perturb the data at the client's site.  However, these are very inaccurate.  In theory it would also be possible to collect these statistics using secure computations.  However, that is too inefficient to even test.  We show that a new combination of differentially privacy and secure computation achieves both high accuracy and high efficiency.  In the second application, we investigate the theoretical protection of differential privacy against membership inference attacks on neural network models.  There exist proofs of theoretical upper bounds that scale with the privacy parameter.  We show theoretically and empirically that those bounds do not hold against existing membership inference attacks in a natural deployment.  We show that when using existing data sets from different sources on the Internet (instead of the same data set as in lab experiments) and unmodified existing, even no longer state-of-the-art membership inference attacks, the bound does not hold.  We provide a theoretical explanation using a model that removes an unrealistic assumption about the training that, namely that it is iid.

About: Florian Kerschbaum is a professor in the David R. Cheriton School of Computer Science at the University of Waterloo (joined in 2017), a member of the CrySP group, and NSERC/RBC chair in data security (since 2019). Before he worked as chief research expert at SAP in Karlsruhe (2005 – 2016) and as a software architect at Arxan Technologies in San Francisco (2002 – 2004). He holds a Ph.D. in computer science from the Karlsruhe Institute of Technology (2010) and a master's degree from Purdue University (2001). He served as the inaugural director of the Waterloo Cybersecurity and Privacy Institute (2018 – 2021). He is an ACM Distinguished Scientist (2019). He is interested in security and privacy in the entire data science lifecycle. He extends real-world systems with cryptographic security mechanisms to achieve (some) provable security guarantees. His work is used in several business applications.

The weekly security seminar has been held every semester since spring of 1992. We invite personnel at Purdue and visitors from outside to present on topics of particular interest to them in the areas of computer and network security, computer crime investigation, information warfare, information ethics, public policy for computing and security, the computing "underground," and other related topics. More info