Privacy-Preserving Online Forms with Secret Sharing
Master Thesis
Abstract
Online forms are web-based interfaces that are used for collecting information from individuals over the Internet. They find common usage in diverse contexts such as surveys, event registrations, job applications, or political polls. However, the storage of form responses compromises the privacy of user data. I.e., a data breach can expose sensitive information, as forms often request personal data such as name, address, bank account numbers, or health conditions. Moreover, users have no control over how their data is processed or shared. Existing privacy-preserving solutions for online forms address these issues by encrypting the form data, which reduces but does not eliminate the risk of data breaches.
In this thesis, we introduce PrivForm, a privacy-preserving framework for online forms, which integrates with existing real-world systems. We use secret sharing to privately distribute form data among multiple servers and apply Secure Multi-Party Computation (MPC) protocols to privately analyze form response data. Thereby, we ensure data privacy as long as at least one server is honest. Moreover, only a data breach at all involved servers may compromise privacy. Furthermore, we present techniques for validating form input on both the client and server sides to provide security against malicious behavior.
Supervisors
- Andreas Brüggemann (brueggemann@encrypto.cs.tu-…)
- Hossein Yalame (yalame@encrypto.cs.tu-…)
- Prof. Dr.-Ing. Thomas Schneider ( schneider@encrypto.cs.tu-…)
