Professional Documents
Culture Documents
BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING
BY
A.SWAMY
(20Q65A0502)
CERTIFICATE
I would like to express our gratitude to head of the department Mrs.SHAKEER BASHA
C.S.E, Assistant Professor for her valuable suggestions during the course of our project work.
A.SWAMY
(20Q65A0502)
DECLARATION
I hereby declare that the results embodied in this dissertation entitled “Privacy Enhancing
Computation” is carried out by me during the year 2022-2023 in partialfulfilment of
the award of B.Tech, Computer Science And Engineering from Avanthi Institute Of
Engineering And Technology. I have not submitted the same to any other university or
organization for the award of other degree.
A.SWAMY
(20Q65A0502)
ABSTRACT
Here isn’t a comprehensive definition that fully incorporates the nuances of what privacy-
enhancing computation is. It’s best described as being a group of diverse technologies that work
together to secure the highest levels of private data conservation. Technologies that boost privacy
and protect data from infringements, beaches, and hacker attacks are used and controlled by
privacy-enhancing computation. Data can be shared freely and without disruption whilst
simultaneously ensuring privacy and security. According to technology research and consulting
company Gartner, by 2025, 50% of large businesses will adopt privacy-enhancing computation to
process data in untrusted climates and multiparty data analytics use cases.
Gartner also adds that the privacy-enhancing computation trend is not easy to execute in
business environments. It’s a complicated process that takes a long time to implement, with some
businesses waiting years to fully reap the benefits. The main reason why businesses choose to
implement privacy enhancing computation is to stave off and deter privacy risks. Any organization
that doesn’t protect its infrastructure risks being targeted by criminals and sacrificing vital
data. Data protection laws such as GDPR and CCPA compel organizations to set up safeguarding
measures for their compiled consumer data. It’s a safety net that was put in place to stop businesses
from incurring a financial loss associated with data breaches. Safeguarding important data in the
age of digital transformation is a key component to successful data migration procedures. It shields
businesses from potential harm whilst guaranteeing that data interpretation does affect the
fundamental authenticity, disposition, and interest of the individual.
INDEX
1 INTRODUCTION 1
6 EMCRYPTION 14-17
8.1 Business 19
8.2 Finance 20
8.3 Healthcare 20
10 FUTURE 26-27
11 CONCLUSION 28
12 REFERENCE 29
1. INTRODUCTION
Data is at the core of all businesses, the most valuable asset in the current age. As its value keeps
increasing, keeping this asset safe becomes the highest priority for organizations. Data needs to be
managed, processed, and analyzed to glean valuable insights. Since data is sensitive, it can also be
abused by malicious attackers. However, considering the tremendous volume of data that needs to
be safeguarded for privacy, data governance and technology integrations, the task becomes
herculean. Though there are privacy legislations such as GDPR in the EU and several others around
the globe, privacy breaches occur very often. One of the main reasons this is happening is because
of business transactions happening through third parties, to gain insights to improve their services,
to get some valuable data, or maybe just to earn additional money by using any available data.
Consumers are becoming increasingly concerned about sharing their personal data as they find it
difficult to track who uses them, the manner it is used and mainly who is responsible for handling
them. Since cyberattacks are on the rise, and attackers using more complex techniques to access
data, the use of privacy-enhancing computation (PEC) and technologies (PET) have become a
crucial security measure for organizations. PEC is one of the leading Gartner strategic technology
trends. With the adoption of technologies like AI, organizations today can process increasingly
complex and growing data in a structured, controlled, and protected manner. Enterprises having a
well-defined roadmap for PEC and technologies implementation are expected to minimize the
exposure to potential attacks and enable secured data usage.
1
2. PRIVACY ENHANCING COMPUTATION
These technologies have been around for some time but it’s only recently they have been used for
real-life applications and use cases. Gartner has classified PEC in the “people centricity” category
and according to the research and consulting company.
2
PEC has three forms, comprising of three technologies to protect data.
The first form involves technology providing a trusted environment where data can be
processed securely. To enable this there are trusted third parties and hardware trusted
execution environments.
The second form involves processing and analytics through privacy-aware machine
learning. The technologies leveraged in this form consists of federated machine learning
and privacy-aware machine learning.
The third form of PEC consists of technology enabling data and algorithms transformation.
These include homomorphic encryption to keep the data confidential, multiparty
computation, differential privacy, private set intersection, among others.
Due to gather, the privacy-enhancing computation trend is not easy to implement in most
businesses.This process is long-lasting as the integration should be quik and accurate.
It is an interesting fact that 27% of internet users never enter their real personal data when
registering on the websites,app’s,or any other system where it is allowed to hide private
information.
3
3. REASONS FOR IMPLEMENTATION PECs
When users enter their personal data into any website, application, and other forms, they want to
ensure that it will be kept private. The data store providers have to have full control and
management of this information. Getting a high level of security is not a complex task anymore.
Thanks to modern privacy techs, the users` data will be secure for 100%.
We would like to highlight the common reason for implementing data protecting technological
tools.
The first and foremost reason why we need PECs is to prevent any possible risk to the privacy of
the consumers of an organization. For any cybercriminal, any organization lacking a well-
established protection system provides a clear, golden opportunity for tapping and misusing the
system data without any answerability. This exposes the sensitive information of any
organization’s customers posing a threat to users’ privacy that ultimately affects their trust and
loyalty in the long run. It is vital to rule out the possibilities of other major issues such as human
dignity violations, misinterpretations, identity crises that may result after a security breach. Hence,
it is a dependable method to share data while assuring the customers and other businesses (in B2B
context).
4
3.2 BENEFITS OF IMPLEMENTATION PECs
Here are some of the benefits of enabling privacy-enhancing computation.
When there is no protection against the prevention of privacy data breaches, malicious users can
gain easy access to information without any permission. This can be various types of information
such as data from social media accounts, cloud stores, bank details, among others.
A Data breach can affect the privacy of the users and harm their lives for a long time. PECs are
capable of shielding access to sensitive information and ensures that a mandatory set of
permissions are enabled to protect and gain access to sensitive information.
5
3.2.2 Tackling undetermined and unfair conditions
It is difficult to track activities performed by third-party providers and how they are using the
sensitive consumer data. Agreed, there are terms and conditions and privacy policies, but there is
no way to ensure the policy rules are followed. This is where data protection laws and government
regulations can help users, as the violations can be challenged.
Personal data disclosure can compromise sensitive data and it can be used by malicious users to
do harm to individuals. Information can be misrepresented or changed for instance it can be
published representing another person. PEC ensures that such interpretation of data does not affect
the authenticity of the original person, identity and interest of the individual, even if the data is
misrepresented or used for different purposes.
When there is a lack of privacy, it can present a perfect arsenal for users with malicious intent to
misuse information and may change views or decisions of the original person, making them appear
out of character. This can create problems like misjudgements of people in real life, violating their
dignity. PECs can help avoid such situations.
6
4. PEC TECHNIQUES
The privacy-enhancing computation trend involves a range of different modern technologies that
aim to protect personal data in various methods.
Types of Privacy Enhancing Technologies PETs contribute to privacy and data protection in a
variety of ways. The first category of PETs are tools that alter data itself. These typically seek to
disrupt or break the connection between data and the individual they are associated with. Another
group of PETs focuses on hiding, or shielding, data, rather than altering it. Encryption is an
example of this, since it changes the format of data, but is intended to only obscure it temporarily,
7
rather than alter it permanently. Finally, there is a broad category of PETs that represent new
systems and data architectures for processing, managing, and storing data. Some of these systems
break apart data for computation or storage, whereas others provide management layers to track
and audit where information is flowing and for what purpose. *These categories are based on the
authors’ analysis of the PET space. The authors acknowledge that there are multiple ways to group
these technologies, techniques, and processes. Figure These different categories can be used
together to create layered protection. For example, data can be altered through de-identification
techniques, concealed through encryption, and processed using privacy-protective systems.
Following a brief discussion of the challenges that are associated with PETs, the remaining
sections of the report will describe different PETs and use cases within these categories.
8
4.3 MULTI-PARTY COMPUTATIONS
Homomorphic encryption is a technology allowing the processing of encrypted data for third-party
providers. This is a new way to protect data as the data remains confidential though it can be
processed. Private data used in sectors or for requirements like medical, banking, among others,
can be processed by a general index, without needing private information. Data can be unencrypted
only by specific individuals having the particular keys to access it.
9
Fig: Homomorphic Encryption
10
5. PERSONAL DATA STORES
A personal data store (PDS) is general access to individual data and the ability to upload, share,
change, or delete this data by the data owner. It can contain addresses, phone numbers, passport
data, bank accounts histories, electronic health records, etc. This technology enables controlling
own data by each individual. A personal data store aims to provide the opportunity to add or take
out the private data on the third-party providers’ side. This type of stores has a range of benefits
for a business like:
Technology enhances privacy by allowing secure access to client data. An excellent example of this
is AI companies that need secured access to client data to build machine learning models. Privacy-
enhancing technologies (PETs) are the only safe way to achieve this while simultaneously allowing
businesses to utilize and commercialize accumulating non-sensitive data.
Privacy-enhancing technologies not only change the accessibility of information but work to change
privacy standards as well. For consumers, Innovative technology allows everyday users to take
swift action and secure personal information that could have otherwise been sent to third parties.
For businesses, privacy-enhancing technologies will enable them to track their data flows, including
transferred data that captures when, who, and the conditions of transfer.
11
5.3 WHAT IS PRIVACY COMPUTING
Privacy computing is a powerful cloud computing technology that insulates sensitive data and
protects it in a CPU enclave during the processing cycle. The refined data and the methods used to
process it are only attainable through an authorized program code. Privacy computing networks are
virtually invisible and cannot be tracked or recognized by attackers or cloud providers.
Cloud data privacy is becoming more crucial than ever during the digital age, as more and more
businesses automate processes and take steps to move full force into the digital expanse. Privacy
computing aims to provide assurances to businesses and facilitates the transfer of sensitive data to
public cloud services. Privacy computing removes the persisting data security exposure by
protecting data used during processing or runtime.
Several future privacy-enhancing technologies are being researched, developed, and implemented
by businesses worldwide. These include but are not restricted to limited disclosure technology,
anonymous credentials, enforcement of data handling conditions, and data transaction logs.
Privacy breaches and lack of self-sufficiency in analytical understanding are two reasons privacy-
enhancing technologies are imperative to modern digital culture.
Cryptographic Algorithms
12
Data Masking Techniques
Data masking techniques can be used by businesses that want to protect sensitive information in
data sets. Obfuscation is the central term associated with data masking. It describes the methods
used to rebuild sensitive information by diverting and misleading data from a profile or log.
AI & ML Algorithms
Synthetic data is created artificially through several algorithms, including powerful ML algorithms.
Privacy-enhancing technologies in this context can be used to transform data into testing
environments that third parties can share.
The post-Covid work environment has seen a massive migration into cloud-based networking
as digital transformation initiatives spring into action simultaneously as the economy picks up.
Data is the most critical aspect of modern business. Privacy-enhancing computing is just one of the
ways that companies are transforming their digital outlooks. As we work to become more
autonomous and streamline repetitive processes, migrating to the cloud is critical to data-driven
transitional policies that allow you to adapt in real time.
13
6. ENCRYTION
The most recognizable and common form of shielding data is encryption. Encryption is a reversible
process that converts data to an unintelligible form called ciphertext; decrypting the ciphertext
converts the data back into its original form (referred to as plaintext). The purpose of encryption
and decryption is to allow only authorized users to access the plaintext using a key for conversion.
Even if unauthorized users get access to the encrypted data, or ciphertext, they will not be able to
read it without having access to the key. Cryptographic algorithms, called ciphers, create random
strings of characters to represent the underlying data. These algorithms have corresponding
cryptographic keys, which are also strings of characters, and these are used together to change the
underlying data into ciphertext. The longer and more complex cryptographic keys are, the harder
it is for an adversary to crack the code and decipher the underlying plaintext data. Encryption can
use the same key to both encrypt and decrypt data, or different keys.
Symmetric key cryptography (also called private-key cryptography), uses the same key to both
encrypt and decrypt data. Symmetric keys are relatively short, so the process of shielding and
revealing, data is faster and requires fewer computing resources. It is also less resource intensive
because only one secure piece of information, the symmetric key, needs to be managed. Symmetric
key ciphers are typically used to encrypt data at-rest, in files and databases, because the entity
storing the information is managing both sides of that process anyway. Symmetric encryption at-
rest also occurs directly in computing devices to protect them from physical theft, such as disk or
hard-drive encryption (see the section below on Privacy Enhanced Hardware). The best at-rest
symmetric key ciphers are not computationally feasible to crack with current technology.Despite
its many advantages, symmetric cryptography has two important disadvantages that both pertain
to key management. As described above, there is only one key that needs to be kept secret. If a
user wants to share encrypted data with others, they will also have to share a copy of their one
private key to decrypt the data. In this case, copies of the single key are created and distributed to
authorized users. If any of these copies are lost, the data becomes vulnerable; therefore, exchanging
and securing unique symmetric keys must be done carefully and it is challenging to scale.
14
Asymmetric cryptography, also known as public-key cryptography, is slower than symmetric
cryptography because different keys are necessary to encrypt and decrypt data. However, it is more
scalable,since it is designed to enable secure key-exchange among multiple users. Asymmetric
cryptography is based on a pair of keys that is generated for each user. One of the keys remains
always private and is only known to the user, while the other is public and it is shared with any
device the user would like to securely exchange data with.A fundamental principle of asymmetric
cryptography is that the public and private key in the key pair can both encrypt and decrypt the
data. However, during a data transfer only one of the keys (either the public or private) is used to
encrypt data, and the other key is used to decrypt data, and vice versa. When a user wants to share
data, they will encrypt the information using a recipient’s public key. Asymmetric cryptography
then ensures that only that recipient’s private key, can decrypt the message. In this way, many
parties can have the tools to secure data, but only one receiver can decipher the information.
Because of this functionality, asymmetric cryptography is commonly used to protect data in-
transit. In today’s connected world, this includes extremely common use cases, such as e-mail,
logging into a website, or exchanging messages on platforms, as well as digital currency
applications such as sending and receiving Bitcoin.
Data is crucial to a company success maintaining its privacy and ensuring regulatory
compliance are difficuly.learn about privacy enhancing technologies that protect data
One of the most important issues in technology is data protection, especially in an age where
companies collect sensitive data that can eventually cause catastrophic data breaches to occur. In
the United Kingdom, privacy is the right to control how a person can use their personal and
identifiable data. Data supplied must be retrieved without the use of statistical output.
FEDERATED LEARNING
Federated learning is machine learning technology which helps a device learn an underlying
prediction model by sharing data while retaining data local to the system. Mobile phones download
and improve the current model and upload only their summaries to the centralized model. From
then the change is then averaged with other devices updates to increase the shared model. Multiple
15
entities can build smart machines without sharing data through federated learning. It reduces
storage requirements from central servers or cloud storage systems.
ON-DEVICE LEARNING
User behaviour is analysed by the device for identifying a pattern without sending individual
information on an external computer or network server. On-site learning improves algorithmic
intelligence through autocorrection. Apple Face ID enables users to use a machine learning
algorithm to collect data about how their face looks, this helps identify users more accurately and
safely.
PSEUDONYMIZATION/OBFUSCATION/DATA MASKING
Various methods, such as obfuscating data and re-using pseudonyms can be used in the
replacement and concealment of sensitive data by introducing sensitive data in a false manner.
Usually, it is used by companies to protect user data and respect the privacy law. Some methods
of anonymisation including renaming or deleting information can cause reidentify.
16
Why Privacy-Enhancing Computation Is Important For Digital
Transformation?
The post-Covid work environment has seen a huge migration into cloud-based networking
as digital transformation initiatives spring into action at the same time as the economy picks up.
Data is the most important aspect of modern business. Privacy-enhancing computing is just one of
the ways that businesses are transforming their digital outlooks. As we work to become more
autonomous and streamline repetitive processes, migrating to the cloud is critical to data-driven
transitional policies that allow you to adapt in real-time.
In this context, digital transformation can be described as a cultural change that requires
organizations to repeatedly challenge existing conditions by using policies that champion
investigation and innovation. This directly correlates to the implementation of privacy-enhancing
computation which allows for layered security measures to be put in place, which have long-term
measurable benefits to both the business and the consumer
17
7. PRIVACY ENHANCED HARDWARE
18
8. PRIVACY ENHANCIND TREND USE
Any enterprise and facility want to keep their data private under all conditions. Privacy-enhancing
technologies make it much easier and reliable. The main purpose of this trend is to encrypt data
that is processed on the third-parties hardware. The use of thee techs is vast and can be applied in
various industries like:
8.1 BUSINESS
Most business companies are constantly dealing with huge amounts of data – internal as well as
customers`. It can be phone numbers, addresses, emails, photos, and other documents. Each client
wants to be sure that their personal information will not be announced to third parties without their
permission. PETs are essential for implementing companies that process customers` private data
as their reputation and reliability depend on it.
19
8.2 FINANCE
Establishments that do business with their customers` finances and bank accounts data demand the
highest level of protecting this data. Banks and other financial facilities take a huge responsibility
for keeping the data confidential and protect it from any hacker attacks. As customers provide
payments on different online shops, apps, etc., using their account number, the financial
institutions have to ensure that the private data won’t be accessed by third-parties.
8.3 HEALTHCARE
Due to digitalization, the healthcare industry implements electronic health records systems to save
accurate data about each patient and track their states of health. Some patients` data can be shared
to research the inauspicious effects of particular treatments and drug influences. Privacy-
enhancing computation technologies ensure that specific patients` data will be kept secure.
8.4 APPLICATIONS
Web and mobile applications are usually maintained by third-party providers. They apply changes,
updates, and testing processes. PETs help to reduce access to users` data without affecting the
process of maintaining the app. This trend supports both sides – customers and providers to keep
a high rank.
You’ve likely heard the phrase “data is the new oil.” And as we enter a new decade, it appears that
data remains one of the most valuable assets a company can produce – and keep safe.
As business operations continue to prioritize data privacy and security, consumers are becoming
more aware of their own personal data and are getting wary of who they let manage it. In fact, a
recent survey from Pew Research Center discovered that 79 percent of adults were concerned with
how companies were using the amount of data (like IP addresses) collected about them. Further,
52 percent opted not to use a product or service due to worries about how their personal
information might be collected.
20
8.5 ENTER -PRIVACY ENHANCING COMPUTATION (PEC).
While this technology has been around for decades in the academic realm, only very recently has
it started being utilized in real-world applications. One of the Top Strategic Technological Trends
of 2021 chosen by Gartner, if PEC wasn’t already on your radar, it will be by the end of this article.
21
9. DATA DISPERSION
Data dispersion refers to a process where data are broken into smaller pieces and maintained across
a distributed storage infrastructure that, typically, spans multiple geographic locations. In this
process, software is used to break data fields up in a random way. For example, if a piece of data
is a social security number, the software will break apart the 9 digits in random chunks and store
them in different places. Data dispersion can provide data security and enhanced privacy because
even if a storage location is breached, or those files accessed, the information will not be complete,
or comprehensible, without the remaining pieces. Information could still be compromised, but
multiple locations would need to be targeted, along with the underlying software that broke the
data into smaller pieces. Data dispersion can also improve scalability and performance of systems
because smaller pieces of information are being stored, and it can be used in tandem with processes
that create redundancy and backup storage. Data can be replicated, and then broken down into
smaller pieces and stored across multiple devices. This is called storage slicing, and it is a concept
similar to the mature Redundant Array of Inexpensive Disks (RAID) technology. RAID helps
ensure data can be made available and reassembled even if some storage devices, or locations are
compromised, or otherwise unavailable. Data dispersion can be used with other PETs such as
encryption. The small chunks of information can subsequently be encrypted in storage, in a process
known as database sharding, or “microsharding.” 64 Data dispersion is becoming much more
common with the increasing use of Cloud services. Distributing storage through the Cloud has
significantly reduced the cost and administrative burden associated with maintaining multiple
storage locations required for dispersion. However, the distribution of data across multiple
geographical locations can also increase compliance and availability risk. Since data can be
dispersed across several geographical regions, and even across several Cloud service providers,
outages can occur and make pieces of data inaccessible. Additionally, data may be subject to the
laws and regulations of different jurisdictions, complicating regulatory compliance
22
Privacy-Enhancing Computation Examples
Here are some key uses for Privacy-Enhancing Computation (PEC):
9.1.1 HR
The use of PEC in the Human Resources Department can be in facilitating gender equality and
reducing the gender pay gap in the workplace.
As all privacy-enhancing technologies were counted above, we would like to discuss where these
technologies are used and what functions they perform to protect users` private data.
9.2.1 Anonymizers
This tool is related to users` behavior on the web. Its main aim is to hide the real geolocation,
email, and other information about users. It is not also hidden but replaced by inexisting data like
accidental emails, nicknames, IP addresses. It can perform for one website, mail, messenger as
well as for the browser.
24
9.2.5 EPID
This is a kind of digital signature that is created to identify the group or system members without
showing who it is. The key is usually complex and consists of several verification steps.
9.2.6 Pseudonymization
This technique aims to identify private data with pseudonyms and hide the real content. It does not
influence data analysis or data processing. It is used to cover the individual as well as group
information.
25
10. FUTURE
As the world increasingly moves online and more data is shared, privacy concerns will continue
to grow. To address these concerns, researchers are working on ways to improve privacy-
enhancing computation.
26
Privacy-enhancing computation will continue to evolve as new technologies are developed and
improved upon. As Privacy becomes an ever more important concern for individuals and
organizations alike, the importance of this field will only grow in the years to come.
27
11. CONCLUSION
The amount of data being processed on the web is huge, and it continues to grow every day. When
people are asked to fill in their personal information, they want to be sure that this info will be
announced, published, or stolen. It concerns all spheres of their lives – from social media to bank
account data.
Today there is a wide range of technological tools to help protect data in different ways. Some of
these methods process the individual data, others can protect vast amounts of information. Most
internet users want to stay anonymous, even if they use delivery services. Thanks to privacy-
enhancing technologies, the security borders continue to expand their abilities and level of
anonymity
28
12. REFERENCE
29