Florian Kerschbaum - University of Waterloo
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
On Using Differential Privacy
Oct 19, 2022
Download: MP4 Video Size: 214.8MBWatch on YouTube
Abstract
Differential Privacy has become a widely used tool to protect privacy in data science applications. In this talk, I will present two use cases for differential privacy: a) in collection of key-value statistics and b) as a protection against membership inference attacks. Key-value statistics are commonly used to gather information about the use of software products. Yet, the collector may be untrusted, and the data of each user should be protected. There exist a number of differentially private collection methods that perturb the data at the client's site. However, these are very inaccurate. In theory it would also be possible to collect these statistics using secure computations. However, that is too inefficient to even test. We show that a new combination of differentially privacy and secure computation achieves both high accuracy and high efficiency. In the second application, we investigate the theoretical protection of differential privacy against membership inference attacks on neural network models. There exist proofs of theoretical upper bounds that scale with the privacy parameter. We show theoretically and empirically that those bounds do not hold against existing membership inference attacks in a natural deployment. We show that when using existing data sets from different sources on the Internet (instead of the same data set as in lab experiments) and unmodified existing, even no longer state-of-the-art membership inference attacks, the bound does not hold. We provide a theoretical explanation using a model that removes an unrealistic assumption about the training that, namely that it is iid.
About the Speaker
Florian Kerschbaum is a professor in the David R. Cheriton School of Computer Science at the University of Waterloo (joined in 2017), a member of the CrySP group, and NSERC/RBC chair in data security (since 2019). Before he worked as chief research expert at SAP in Karlsruhe (2005 – 2016) and as a software architect at Arxan Technologies in San Francisco (2002 – 2004). He holds a Ph.D. in computer science from the Karlsruhe Institute of Technology (2010) and a master's degree from Purdue University (2001). He served as the inaugural director of the Waterloo Cybersecurity and Privacy Institute (2018 – 2021). He is an ACM Distinguished Scientist (2019). He is interested in security and privacy in the entire data science lifecycle. He extends real-world systems with cryptographic security mechanisms to achieve (some) provable security guarantees. His work is used in several business applications.