CS298 Proposal
Enchancing the security of Yioop discussion board
Prajna Gururaj Puranik (prajnagururaj.puranik@sjsu.edu)
Advisor: Dr. Chris Pollett
Committee Members: Prof Fabio Di Troia and Prof Nada Attar
Abstract:
Yioop is an open-source web portal that works as a search engine and a discussion board. To function as a wiki system and as a discussion board, Yioop provides a group feature that allows users to create, join and share content with each other. Such a system must store and access data, so data security is essential. Apart from database security, Yioop generates statistical data that needs to be protected. The security mechanism also covers access restrictions to the groups as well as the data shared among group members. The main objective of this project is to protect user data and make the portal more secure. While Yioop has a security mechanism in place, the goal for CS297 was to extend it by implementing several security measures like differential privacy, secret sharing, and homomorphic encryption. These techniques will be incorporated into Yioop as part of the CS298 project.
CS297 Results
- Created an encrypted group in Yioop. Users and threads were added to this group to check how these changes reflect in the database
- Implemented differential privacy to mask the number of users in groups. This deliverable ensures that Yioop is protected against statistical attacks
- Secret sharing encryption scheme was implemented. The secret was split into a number of shares such that a user can have parts of the secret. A threshold number of users combining their shares leads to decrypting the secret
- A partially homomorphic encryption scheme was implemented (Paillier cryptosystem)
Proposed Schedule
Week 1:
Jan 31 - Feb 7 | Submit CS298 Proposal |
Week 2 - Week 4:
Feb 8 - Feb 28 |
- Determine the threshold number of users required to flag and remove posts
- Add flag UI feature for the discussion board
- Generate shares to be distributed to all members of a group
|
Week 5 - Week 6:
Mar 1 - Mar 14 |
- Use the generated shares of group members to remove posts if threshold number of users flag a post
- Test the implemented flagging feature
|
Week 7 - Week 9:
Mar 15 - Apr 4 |
- Understand the existing upvote/downvote feature of the discussion board
- Discuss and decide limits for choosing two large prime numbers for encryption calculation
- Store total votes on each post in an encrypted form in the database using generated public and private keys
|
Week 10 - Week 11:
Apr 5 - Apr 19 |
- Use homomorphic encryption to add/subtract total votes on a post
- Test the implemented voting change
|
Week 12 - Week 14:
Apr 19 - May 9 | Finish CS298 Report and Presentation |
Key Deliverables:
- Software
- Build flagging feature for discussion board
- Implement secret sharing encryption to support flagging
- Implement homomorphic encryption technique to support voting feature in discussion board
- Report
- CS298 Report
- CS298 Presentation
Innovations and Challenges
- One of the challenges in the project is implementing the encryption techniques from scratch, without using external libraries
- Implementing the secret sharing encryption technique using finite field arithmetic requires a lot of research and a thorough understanding of the associated mathematics principles
- Homomorphic encryption algorithms are not mainstream, and there aren't many research papers published about Paillier encryption in particular. Implementing it as a voting mechanism requires a lot of time and research
References:
[1] C. Dwork, "Differential Privacy, 33rd International Colloquium on Automata, Languages and Programming, part II", 2006
[2] A. Shamir, "How to share a secret", Communications of the ACM, 612,613
[3] D. R. Stinson, M.R.Patterson, "Cryptograph Theory and Practice", 4th edition, page 467
[4] A. Acar et al., A Survey on Homomorphic Encryption Schemes: Theory and Implementation, Florida International University |