Summary of the 3rd Privacy Engineering Network (PEN-NL) workshop

Last week the third workshop of the Privacy Engineering Network in the Netherlands (PEN-NL) took place. We founded this network to allow privacy engineers from academia and industry to meet in an informal setting, and to exchange ideas. The focus of this network will (perhaps for the time being) on the technical perspective, but we do encourage non-technical people working in the field to join. If you are interested in our activities or would like to participate, take a look at our home page or subscribe to our mailinglist to receive updates and announcements of upcoming events. Workshops typically consist of several brief and not necessarily fully polished presentations, followed by drinks. Events are hosted by businesses and universities throughout the Netherlands. Here is a brief summary of the event (in a packed room!).

Mark Abspoel (Roseman Labs) - Hands-on privacy-preserving data processing with the Virtual Data Lake

Because I had to teach in Nijmegen first, I entered towards the end of the presentation. Therefore I was unable to make a nice summary of the talk.

Stan Korzilius (TU Eindhoven) - MPC protocols for sine and cosine evaluation in fixed-point arithmetic

Stan (a postdoc of Berry Schoenmakers) talked about MPC (secure multiparty computation) protocols for sine and cosine evaluation in fixed-point arithmetic. The goals is to contribute different elementary functions to Berry’s Python MPC (MPyC) library. Here the focus was on computing the sine and cosine of secret-shared values, which is relevant for e.g. fingerprint alignment and image rotation, with arbitrary precision (as specified by a parameter). This is in contrast with most CPUs that typically use splines but focus on achieving a fixed precision as specified by IEEE standards.

The library uses fixed-point arithmetic instead of true floating point numbers because these are too complex to work with. With fixed-point artihmetic you can essentially represent a floating point number with a precision of f digits by an integer by scaling the number with a factor 2^f (shifting the dot to the right until it falls off). Addition is easy. Multiplication requires rounding (as it potentially adds f more fractional digits). In MPC this is done probabilistically, because that’s cheaper.

Stan subsequently explained how the sine of a secret shared x can be computed by:

1. first blinding the secret shares with some random r_i,
2. then compute sin (x_i+r_i) in public, and
3. then compute the final result sin (x) using the trigonometric relationship sin (x+y) = sin (x)cos (y) + cos (x)sin (y) and using some precomputed value for the sin (∑r_i).

He also explained how to do rounding to some parameter θ.

Isabel Barbera (Rhite) - PLOT4ai: an open source Privacy Library of Threats for AI/ML

Isabel talked about an open source Privacy Library of Threats for AI/ML PLOT4AI, that she developed over the years while consulting organisations on this topic. It is a collection of 86 threats of AI, classified in 8 categories:

• tech & processes
• accessibility
• non-compliance
• unawareness
• ethics & human rights
• identifiability & linkability
• safety
• security

It was inspired by LINDDUN, a threat modelling tool for privacy, developed by Kim Wuyts from the KU Leuven. The first version was released 2021, and was presented at PEPR as LINDDUN-ML with 25 threats at the time.

The online version of the library gets updated regularly. There is also a physical card version. The cards use a question-based approach, as this brings focus, facilitates curiosity and engagement and hence makes it easier to identify decisions. The back of each card provides recommendations and pointers to further resources.

PLOT4AI has been integrated into IRPA (the Dutch municipalities AI riks assessment tool) and is a recommended AI assessment tool by CNIL and OECD.

Jeroen Prinse (NCSC) - SecureNed: Privacy-preserving sharing of cyber intelligence data

Jeroen talked about SecureNed, a privacy-preserving tool for sharing threat intelligence data. It uses the virtual data lake MPC platform of Roseman Labs that Mark talked about in the first slot.

SecureNed is a network of more than 100 participants: government institutions and private sector (KPN, FoxIT, Northwave, Deloitte, ESET). It allows participants to report incidents or to contribute to surveys. NCSC SecureNed combines the individual inputs into aggregate reports using MPC, creating a broad and common picture of current cyber threats in NL, enriched with NCSC insights. The results are shared with with participants in a very fast feedback loop. (This is the main benefit for participating.)

Members are vetted before they can join SecureNed; there are also security requirements for the MPC nodes they must run locally. Trustees vet beforehand what functions can be evaluated using the MPC (it is of course baked in before release) - it did not become clear during the presentation how this was communicated to the participants themselves.

Some examples of SecureNed use:

• ask participants through a survey whether they saw attacks related to war in Ukraine.
• compile statistics on ransomware attacks (downtime, ransom paid), enriched with police data, without revealing individual amounts.

Future plans:

• compile registries of known vulnerabilities and threat actors.
• matchmaking: connect two parties both studying the same threat actor at the same time (when given permission to do so).