1 MEVAL: A Practically Efficient System for Secure Multi-party Statistical Analysis Koki Hamada NTT Secure Platform Laboratories.

Slides:

Advertisements

Similar presentations

MQ Series Cross Platform Dominant Messaging sw – 70% of market Messaging API same on all platforms Guaranteed one-time delivery Two-Phase Commit Wide EAI.

Advertisements

MPC for Comparing Two Shared Secrets without Bit-Decomposition Takashi Nishide * Kazuo Ohta The University of Electro-Communications * Hitachi Software.

Computer networks Fundamentals of Information Technology Session 6.

Operating System.

1 GridTorrent Framework: A High-performance Data Transfer and Data Sharing Framework for Scientific Computing.

Lesson 1-Introducing Basic Network Concepts

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

1 Virtual Machine Resource Monitoring and Networking of Virtual Machines Ananth I. Sundararaj Department of Computer Science Northwestern University July.

GridFlow: Workflow Management for Grid Computing Kavita Shinde.

1 Communication Complexity מגישים: מיכאל זמור: /2 אבי מינץ: ערן מנצור: ת.ז /9.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

OS Spring’03 Introduction Operating Systems Spring 2003.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

EEC-484/584 Computer Networks Lecture 14 Wenbing Zhao

Performance Comparison of Congested HTTP/2 Links Brian Card, CS /7/

OS Fall ’ 02 Performance Evaluation Operating Systems Fall 2002.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Leveraging State Information for Automated Attack Discovery In Transport Protocol Implementations Samuel Jero, Hyojeong Lee, and Cristina Nita-Rotaru Purdue.

What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.

Final Presentation 4/21/2010 By Guofu Xiong, Yuli Deng.

Ajou University, South Korea ICSOC 2003 “Disconnected Operation Service in Mobile Grid Computing” Disconnected Operation Service in Mobile Grid Computing.

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Mapping Internet Addresses to Physical Addresses (ARP)

Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.

A Secure Protocol for Computing Dot-products in Clustered and Distributed Environments Ioannis Ioannidis, Ananth Grama and Mikhail Atallah Purdue University.

A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.

Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.

Parallel Programming Models Jihad El-Sana These slides are based on the book: Introduction to Parallel Computing, Blaise Barney, Lawrence Livermore National.

EXPOSE GOOGLE APP ENGINE AS TASKTRACKER NODES AND DATA NODES.

By Matt Deakyne, Adam Krasny, and Derek Meek. History of ICE ICE stands for Internet Communications Engine Object-oriented middleware allowed programmers.

Transport Layer 3-1 Chapter 4 Network Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012  CPSC.

Internetworking An internetwork is typically comprised of many physical networks over which data travels There are many different types of physical networks:

 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.

A Comparative Study of the Linux and Windows Device Driver Architectures with a focus on IEEE1394 (high speed serial bus) drivers Melekam Tsegaye

Introduction to information technology Dr.Fatimah Ali Al-Rowibah.

Swapping to Remote Memory over InfiniBand: An Approach using a High Performance Network Block Device Shuang LiangRanjit NoronhaDhabaleswar K. Panda IEEE.

Towards a Billion Routing Lookups per Second in Software  Author: Marko Zec, Luigi, Rizzo Miljenko Mikuc  Publisher: SIGCOMM Computer Communication Review,

Performance evaluation of component-based software systems Seminar of Component Engineering course Rofideh hadighi 7 Jan 2010.

OPERATING SYSTEMS CS 3530 Summer 2014 Systems with Multi-programming Chapter 4.

INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.

TEMPLATE DESIGN © Predicate-Tree based Pretty Good Protection of Data William Perrizo, Arjun G. Roy Department of Computer.

1 Presented By: Eyal Enav and Tal Rath Eyal Enav and Tal Rath Supervisor: Mike Sumszyk Mike Sumszyk.

Client-Server Model of Interaction Chapter 20. We have looked at the details of TCP/IP Protocols Protocols Router architecture Router architecture Now.

Intel Research & Development ETA: Experience with an IA processor as a Packet Processing Engine HP Labs Computer Systems Colloquium August 2003 Greg Regnier.

A Hyper-heuristic for scheduling independent jobs in Computational Grids Author: Juan Antonio Gonzalez Sanchez Coauthors: Maria Serna and Fatos Xhafa.

Computer Science and Engineering Copyright by Hesham El-Rewini Advanced Computer Architecture CSE 8383 April 11, 2006 Session 23.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.

March 2001 CBCB The Holy Grail: Media on Demand over Multicast Doron Rajwan CTO Bandwiz.

CSCI-235 Micro-Computer Applications The Network.

Remote Timing Attacks are Practical David Brumley Dan Boneh [Modified by Somesh.

Internal and External Sorting External Searching

Development of a QoE Model Himadeepa Karlapudi 03/07/03.

Communication Complexity Guy Feigenblat Based on lecture by Dr. Ely Porat Some slides where adapted from various sources Complexity course Computer science.

Week1: Introduction to Computer Networks. Copyright © 2012 Cengage Learning. All rights reserved.2 Objectives 2 Describe basic computer components and.

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

1 Network Communications A Brief Introduction. 2 Network Communications.

Chapter 16 Client/Server Computing Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.

Computer Network Architecture Lecture 1: Introduction to Computer Networking.

MQ Series Cross Platform Dominant Messaging sw – 70% of market

Distributed Network Traffic Feature Extraction for a Real-time IDS

Introduction to Operating System (OS)

Committed MPC Multiparty Computation from Homomorphic Commitments

Replication Middleware for Cloud Based Storage Service

Comparison of LAN, MAN, WAN

Network Media, models and number systems

MQ Series Cross Platform Dominant Messaging sw – 70% of market

Path Oram An Extremely Simple Oblivious RAM Protocol

Presentation transcript:

1 MEVAL: A Practically Efficient System for Secure Multi-party Statistical Analysis Koki Hamada NTT Secure Platform Laboratories

2 Overview Introduction of our MPC system MEVAL (Multi-party EVALuator) Main features of MEVAL: – 8.7 MIPS (million instructions per second) 61-bit multiplication – 6.9 seconds for Sorting 1 million 20-bit items

3 Outline Overview of MEVAL Performance Techniques Demonstration

4 OVERVIEW OF MEVAL

5 MEVAL (Multi-party EVALuator)

6 Intended application Secure outsourcing of data storage and analysis 1.Data holders outsource data storage to MEVAL servers 2.Servers conduct analysis on request and return the result Requirement: MEVAL servers never see the stored data MEVAL servers 1. 2.

7 Implemented operations Basic MPC protocols – Dealing, revealing – Addition, multiplication – Bet-decomposition, comparison, equality test – Shuffling – Sorting Statistical functions – Count, sum, min, max, median, sum of squares – Mean, variance, Student’s t-test Fully realized as MPC protocols Computed from revealed count, sum, and sum of squares

8 Practical accomplishments of MEVAL

9 PERFORMANCE OF MEVAL

10 Experimental outline

11 Performance on 1-Gbps LAN Running-time on 1-Gbps LAN in seconds – Input values were randomly chosen # items Addition = MIPS Multiplication = 8.73 MIPS Shuffling = 3,439,617 items/s Equality test (20-bit) = MIPS Comparison (20-bit) = 7.30 MIPS Sorting (20-bit) = 136,273 items/s

12 Performance on 10-Gbps LAN Running-time on 10-Gbps LAN in seconds – Input values were randomly chosen # items Addition = MIPS Multiplication = MIPS Shuffling = 6,634,379 items/s Equality test (20-bit) = MIPS Comparison (20-bit) = MIPS Sorting (20-bit) = 331,049 items/s

13 Performance on WAN Running-time on WAN in seconds – 200-Mbps best-effort delivery network was used – Network delay between machines were 24.6, 36.1 and, 46.7 ms – Input values were real medical data # items11001,54710,829108,290 Addition = MIPS Multiplication = MIPS Shuffling = 161,385 items/s Equality test (20-bit) = MIPS Comparison (20-bit) = MIPS Sorting (20-bit) = 8,511 items/s

14 TECHNIQUES USED IN MEVAL

15 Techniques used in MEVAL Implementation techniques Efficient high-level protocols

16 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field

17 Without asynchronous processing In our settings, times consumed by data transfer and local computation are comparable So, naïve implementation leaves many resources unused – Example: cascade conductions of MPC protocols ComputeReceiveSend 1 st conduction ComputeReceiveSend 2 nd conduction Receive Network usage CPU usage

18 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details (before applying our ideas):

19 Asynchronous processing Asynchronous implementation enables better resource usage ComputeReceiveSend ComputeReceiveSend Receive Compute Send Receive Thread 1 Thread 2 Thread 3 Compute Send Network usage CPU usage

20 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details:

21 Balancing resource usage If implementation is asynchronous, maximum of resource usages determines total running time Balancing resource usage is important for reducing running time on asynchronous implementation Sending/receiving Computation Running time 30 s 8 s 30 s 8 s 30 s 18 s 20 s Case #2Case #1 Case #3

22 Pseudorandom secret sharing Pseudorandom secret sharing technique [CDI05] is used to convert network communication to local computation – Almost half of communications can be converted to local computation – AES-NI is used to obtain 30-Gbps pseudorandom generation Typical communication on 3-party MPC: mask and send

23 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details:

24 Mersenne prime field operation Local computations mainly consist of the following operations: - Pseudorandom number generation30-Gbps - Field addition12-Gbps - Field multiplication0.5-Gbps - Pseudorandom number generation30-Gbps - Field addition12-Gbps70-Gbps - Field multiplication0.5-Gbps30-Gbps

25 Implementation techniques Careful implementation was done for real-world performance Main points of our efficient implementation are: 1.Asynchronous processing 2.Pseudorandom secret sharing technique implemented with AES-NI 3.Optimized field operations on Mersenne prime field Time consumed by sending/receiving Time consumed by local computation Running time Running time details:

26 Our efficient protocols Efficient high-level protocols were also investigated: – Bit-decomposition for small number of parties – Radix sort protocol

27 Our bit-decomposition protocol # items Multiplication = MIPS Comparison (20-bit) = MIPS Running time on 10-Gbps LAN Communication complexityRound complexity Multiplication1 Our bit-decomposition204 bits21

28 Our bit-decomposition protocol (contd.)

29 Our sorting protocol Radix sort algorithm:

30 Our sorting protocol (contd.) Our technique: “Shuffle and reveal” In addition, “Shuffle and reveal” technique is again used to improve efficiency of resultant MPC radix sort protocol Computing destinations ShufflingRevealing MPC bitwise stable sort:

31 DEMONSTRATION

32 Outline of demonstration MEVAL is demonstrated on this laptop PC – Client program (R with add-on) runs on host OS (Windows 7) – Three server programs runs on a single virtual machine (Ubuntu 12.04) This laptop PC (Thinkpad) Virtual machine (Ubuntu 12.04) Process #1 (MPC server #1) Process #2 (MPC server #2) Process #3 (MPC server #3) R with add-on (Client program)