+********************************************************************** * * * Einladung * * * * Informatik-Oberseminar * * * +********************************************************************** Zeit: Freitag, 16. August 2024, 10:00 Uhr Ort: UMIC_025 (2165|025), Mies-van-der-Rohe-Str. 15, EG Referent: Malte Breuer M.Sc. Lehr- und Forschungsgebiet IT-Sicherheit Thema: Privacy-Preserving Kidney Exchange Abstract: Chronic kidney disease has become one of the most common causes of natural death in our modern society. The preferred treatment for chronic kidney disease is the transplant of a kidney from a living donor, who is typically a close friend or relative of the patient. An impediment that prevents such a living donation is that the found living donor is sometimes not medically compatible with the patient. Kidney exchange enables a patient to still receive a kidney transplant in such a situation by exchanging the living donor with other patients. Nowadays, many countries have centralized systems that organize kidney exchange, often on a nationwide scale. Hospitals can register their associated pairs of patients and medically incompatible donors with a central platform, which then tries to find potential exchanges among all registered pairs of patients and donors. Such a centralized kidney exchange system, however, harbors severe security risks that make the central platform susceptible to manipulation and corruption. The core issue is that the operator of the platform alone is responsible for the entire computation of the exchanges. This, for example, allows the platform operator to manipulate the computation such that a particular patient is treated with priority. This does not only make the platform operator susceptible to corruption but it also makes the platform a prime target for high impact attacks aimed at manipulating the computation of exchanges. The central platform becomes an even more attractive target for attackers as it stores the sensitive data of many patients and donors. Thus, any attack that leads to a data breach has a direct impact on the privacy of the sensitive data of many individuals. The main research goal of this thesis is to develop an alternative approach for kidney exchange that is resistant to manipulation and corruption, and protects the sensitive data of the involved patients and donors. To this end, we propose the model of a privacy-preserving kidney exchange system that follows a decentralized approach, where the computation of exchanges is distributed among a set of so-called computing peers. This model ensures that a computing peer is neither able to manipulate the computation of the exchanges nor to learn any information on the sensitive data of the involved patients and donors. We achieve this by using a cryptographic technique called secure multi-party computation. This allows a set of parties to compute a functionality on their private inputs such that each party only learns its own input and output and what can be deduced from both. The core contribution of this thesis is then the development of secure multi-party computation protocols that enable the computing peers to efficiently compute the exchanges for a set of patients and their associated medically incompatible donors. We evaluate the run time of all our protocols and show that our most efficient protocol scales for the large numbers of patients and donors that are to be expected in practice. Thereupon, we simulate the use of our most efficient protocols in our model of a privacy-preserving kidney exchange system over time using real-world data. Our simulations show that the number of transplants achieved over time in our privacy-preserving model is comparable to the number of transplants achieved in the model that is implemented by the existing kidney exchange systems that are susceptible to manipulation and corruption. Thus, our model allows for the replacement of most existing kidney exchange systems at a small or sometimes even negligible impact on the number of transplants over time, while significantly increasing the security guarantees compared to the existing systems. Es laden ein: die Dozentinnen und Dozenten der Informatik