Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation

Authors: 

Shuofeng Liu and Zihan Wang, The University of Queensland; Minhui Xue, CSIRO's Data61; Long Wang and Yuanchao Zhang, Information Security Department, Ant Finance; Guangdong Bai, The University of Queensland

Abstract: 

Obtaining the authorization of users (i.e., data owners) prior to data collection has become commonplace for online service providers (i.e., data processors), in light of the stringent data regulations around the world. However, it remains a challenge to uphold the principle of purpose limitation, which mandates that collected data should only be processed for the purpose that the data owner has originally authorized. In this work, we advocate algorithm specificity, as a means to enforce the purpose limitation principle. We propose AlgoSpec, which obscures data to restrict its usability solely to an authorized algorithm or algorithm group. AlgoSpec exploits the nature of polynomial approximation that given the input data and the highest order, any algorithm can be approximated with a unique polynomial. It converts the original authorized algorithm (or a part of it) into a polynomial and then creates a list of alternatives to the original data. To assess the efficacy and efficiency of AlgoSpec, we apply it to the entropy method and Naive Bayes classification under datasets of different magnitudes from 10^2 to 10^6. AlgoSpec significantly outperforms cryptographic solutions such as fully homomorphic encryption (FHE) in efficiency. On accuracy, it achieves a negligible Mean Squared Error (MSE) of 0.289 in the entropy method against computation over plaintext data, and identical accuracy (92.11%) and similar F1 score (87.67%) in the Naive Bayes classification.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {298282,
author = {Shuofeng Liu and Zihan Wang and Minhui Xue and Long Wang and Yuanchao Zhang and Guangdong Bai},
title = {Being Transparent is Merely the Beginning: Enforcing Purpose Limitation with Polynomial Approximation},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {6507--6524},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/liu-shuofeng},
publisher = {USENIX Association},
month = aug
}