Emiliano De Cristofaro's research portrait


Developing systems using efficient cryptographic protocols for privacy-preserving information sharing

At the heart of Emiliano De Cristofaro's research into security, privacy, and applied cryptography is the view of privacy as an enabler. His current work is developing systems using efficient cryptographic protocols for privacy-preserving information sharing, in order to ensure that only the minimum information necessary to complete a task is revealed.

"It's needed wherever the parties have limited mutual trust and want to or must share information with each other," he said at the recent Academic Centre of Excellence in Cyber Security Research (ACE-CSR) meeting. "Ideally, it should happen so only the minimum amount of information required is disclosed."

De Cristofaro's interest in security and privacy date to his time as an undergraduate in the early 2000s at the University of Salerno, when the Italian government was moving services online. A key formative incident was the EU's introduction of RFID-enabled passports.

"I was reading the technical details and something sounded fishy," he recalls. After some effort, he and some friends succeeded in reading the personal details held on the passports, even though they were supposed to be accessible only to certified readers. The same vulnerability was found by other researchers in other countries, and an updated version of the passports was quickly issued.

The idea of privacy as an enabler came from an internship at Nokia, which at the time saw privacy as a way to differentiate its products.

"I really agreed with some of the people there that privacy can also be seen as an enabler, not necessarily just something you have or don't have, but something that you must have to really unlock certain computational scenarios. It's been a key point in my research since my dissertation - the idea that if you don't have some clear, provable privacy guarantees certain information sharing cannot take place because the sensitivity of the data is so high that a non-disclosure agreement or trust is not enough."

That dissertation received the Dean’s Dissertation Fellowship award and was written at the University of California at Irvine, partially funded by an IARPA grant on Automatic Privacy Protection, which sought to advance the state of the art on privacy-preserving information sharing. . Finally, just prior to arriving at UCL, he spent several years at PARC, the famed lab and Xerox subsidiary, where he won the Computer Science Lab’s Excellence Award and came to appreciate the importance of taking a multi-disciplinary approach to system design.

His current work expands upon the techniques developed in his dissertation (PDF), using cryptography to perform operations on data while still keeping it secret: Private Set Intersection (PSI).

"It goes a little bit beyond just encryption, where you have binary access to data - access if you have the key, no access if you don't. I quickly realised when I started to study cryptography that even cooler than that, you can basically perform certain kinds of operations such as searching while the data is encrypted. You can search on a given keyword and have the authorisation to do so - so you can do it without learning anything else in the text you are searching on. "

De Cristofaro continues to develop these ideas. Traditionally, the difficulty with PSI was its computational intensity. He proposes more efficient protocols, as well as variants that make it possible to compute only the magnitude of the intersected set (PSI Cardinality-only), assessing the similarity of two sets without disclosing their content (private sample set similarity), private and size-hiding substring and pattern matching, and extensions for private database querying.

As examples of the kinds of problems PSI can help to solve (PDF), De Cristofaro cites matching airplane passenger manifests to terrorist watchlists, or a national tax authority that wishes to verify whether a suspected tax evader has an account with a foreign bank. In the latter case, the bank owes a duty of confidentiality to its clients, while the tax authority does not want to reveal the names of suspects. In the former, the security agency wants to protect both the list and its size (since leaking the size repeatedly over time would reveal when new names were added), and innocent passengers would prefer not to have their movements monitored. In both situations, both sides are protected by tools that allow the parties to find matches without exposing the rest of the lists.

De Cristofaro is particularly interested in applying these techniques to secure genome testing (PDF), an important goal as the cost of genome sequencing continues to plummet. Once such tests are really cheap, they will be used to facilitate personalised medicine and for genome-wide association studies to pinpoint genetic links to specific diseases and conditions. Yet genetic information is highly sensitive and non-revocable, and, as De Cristofaro says, a unique identifier that discloses ethnicity, predispositions to various kinds of illnesses (including mental), and information about relatives. Nor can "the ultimate identifier" be reliably de-identified obfuscated through aggregation, as practiced with other types of data.

De Cristofaro's idea is to take a privacy by design approach using the above techniques to give individuals control over their genomes while allowing testing. As a proof of concept, last year De Cristofaro, working with a team at UC Irvine, created a platform (Genodroid) and an Android app to test a small amount of an individual's genomic data, carried in encrypted form on their phone. Their first app is a simple paternity test that returns a result indicating whether or not there's a match without revealing any genomic information. The plan is to expand this approach into other areas as the price of sequencing continues to drop.

He has also explored using cryptographic protocols to propose a privacy-enhanced version of Twitter-style micro-blogging (PDF).

De Cristofaro's latest project is applying these ideas to security analytics in order to better predict attackers' behaviour and allocate resources. The key problem: many companies are reluctant to disclose security data, fearing that disclosure will open them to legal liability or accusations of negligence, expose sensitive data, or create opportunities for competitors, But the community at large can benefit from information such as attackers' IP addresses and domains, metadata about attack techniques, malware, and types of attacks, and vulnerabilities such as phishing emails and advanced persistent threats. Applying PSI might make it possible to share this data more safely. There could be substantial benefits: many companies are hit by the same attacks and attackers.

While De Cristofaro is still seeking diversified data sets to test this idea, he says the initial results are promising and could also be applied to intelligence agencies. In that scenario, agencies with different security clearances would still be able to benefit from sharing - with privacy.


This page was last modified on 07 Feb 2015.

Dr Emiliano De Cristofaro





+44 020 7679 0349


+44 020 3108 5040


E.DeCristofaro (at) ucl.ac.uk