Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proof Sketches: Verifiable In-Network Aggregation Minos Garofalakis Yahoo! Research, UC Berkeley, Intel Research Berkeley

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Proof Sketches: Verifiable In-Network Aggregation Minos Garofalakis Yahoo! Research, UC Berkeley, Intel Research Berkeley"— Presentation transcript:

1 Proof Sketches: Verifiable In-Network Aggregation Minos Garofalakis Yahoo! Research, UC Berkeley, Intel Research Berkeley minos@yahoo-inc.com, minos@cs.berkeley.edu Minos Garofalakis Joe Hellerstein Petros Maniatis Yahoo! Research, UC Berkeley, Intel Research Berkeley minos@yahoo-inc.com, minos@cs.berkeley.edu

2 Introduction & Motivation Context: Distributed, in-network aggregation –Network monitoring, sensornet/p2p query processing, … –Data is distributed – cannot afford to warehouse! –Approximations are often sufficient Can tradeoff approximation quality with communication Querier: “How many Win-XP hosts running patch X have CPU utilization > 95%?” “Predicate poll” query More general aggregate queries (SUM, AVG), general-purpose summaries (e.g., random samples) of (sub)populations

3 In-Network Aggregation Typical assumption: Benign aggregation infrastructure –Aggregator nodes cannot “misbehave” BUT, aggregators are often untrusted! –3 rd party hosted operations (e.g., Akamai), shared infrastructure, viruses/worms, … Challenge: Verifiable, efficient, in-network aggregation –Provide trustworthy, guaranteed-quality results with potentially malicious aggregators

4 Our Contributions Proof Sketches: Family of certificates for verifiable, approximate, in-network aggregation –Concise sketch synopses  Communication-efficient –Guarantee detection of malicious tampering whp if result is perturbed by more than a small error bound Basic Technique: Combines FM sketch with compact Authentication Manifest (AM) –Prevents inflation through crypto signatures; bounds deflation through complementary deflation detection Extensions: Verifiable random sampling; verifiable aggregates over multi-tuple nodes

5 Talk Outline  Introduction and Motivation  Overview of Contributions  System Model  AM-FM Proof Sketches  Extensions – Verifiable random samples – Verifiable aggregation over multi-tuple nodes  Experimental Results  Conclusions

6 System Model Inflation Attacks: Aggregators can manipulate or inject spurious PSRs Deflation Attacks: Aggregators can suppress valid PSRs U = size of sensor population

7 A Naïve Inflation Detector Straightforward application of crypto signatures –Each sensor node crypto signs each tuple satisfying the predicate poll, and sends up the tuple + signature –Aggregators simply union the signed tuple sets and forward up the tree Aggregators cannot forge sensor tuples –Within crypto function guarantees BUT, size of Authentication Manifest (AM) = size of answer set – O(U) in general!

8 Solution: AM-FM Proof Sketches Sketch and AM structure of size only O(logU) Based on the FM sketch for distinct-element counting Index of rightmost zero ~ log(Count) O(log(1/  ) sketches to get an estimate of the Count Bitmap of size O(logU) h() 1 012k with prob 1/2 k+1 P[h(x)=0] = ½, P[h(x)=1] = ¼, P[h(x)=2] = 1/8, …...

9 Adding AM to FM: Inflation Prevention Observation: Each FM sketch bit is an independent function of the input tuples AM = Authenticate each 1-bit in the FM sketch using a signed “witness”/exemplar sensor tuple –Crypto-signed tuple that turns that bit on Aggregators: Merge input PSRs (AM-FM sketches) –OR the FM sketches –Keep a single exemplar for each 1-bit –Size = O(logU) – Cannot forge 1-bits 1 1 1 1 1 1 1

10 AM-FM Proof Sketches: Bounding Deflation Malicious aggregator can omit 1-bits & witnesses from sketch  Underestimate predicate poll count Approach: Complementary Deflation Detection –Assumes that we know sensor count U –Use AM-FM to estimate count for both pred and !pred –Check that C pred + C !pred is close to U (based on sketching approximation guarantees) Adversary cannot inflate C !pred to compensate for deflating C pred Sum check will catch significant deviations

11 More Formally… Assume O(log()/  ) AM-FM proof sketches to estimate C pred and C !pred Verification Condition: Flag adversarial attack if C pred + C !pred < (1-)U Theorem: If verification step is successful, the AM-FM estimate is within § 2U of the true C pred whp –Adversary cannot deflate the result by more than 2U without being detected whp –Relative error guarantees for high-selectivity predicates

12 Verifiable Random Sampling Build a general-purpose, verifiable synopsis of node data –Can support arbitrary predicates, quantile/heavy-hitter queries, … Traditional (eg, reservoir) sampling + authentication fails –Adversary can arbitrarily bias the sample Solution: AM-Sample Proof Sketches –Use FM hashing to sample, retain tuples + AMs for all tuples mapping above a certain level –A la Distinct Sampling [Gibbons’01] – adapt level based on target sample size –Easily merged up the tree using max-level –Verification condition and error guarantees based on target sample size and knowledge of U

13 Aggregates over Multi-Tuple Nodes So far, focus on predicate poll queries –Each sensor contributes · 1 tuple to result Key Issue: Knowing the total number of tuples M –With known M, our earlier results and analysis apply Approach: Verifiable approximate counting algorithm –Estimate M using a logarithmic number of simple AM-FM predicate polls –To within a given accuracy , using predicate polls of the form –Detailed algorithm, analysis, … in the paper Fraction of sensors with #tuples ¸  k

14 Other Extensions / Issues Discuss “generalized template” for proof sketches to support verifiable query results –E.g., Bloom-filter proof sketch Accountability: Trace-back mechanisms for pinpointing attackers Only approximate knowledge of population size U

15 Experimental Study Study average-case behavior of AM-FM proof sketches for verifiable predicate polls Population of 100K sensors, fixed number of sketches to 256 –About 4% of space for “naïve” –  ¼ 0.15 wp 0.8 Parameters –Predicate selectivity –“Coverage” of malicious aggregators –Two adversarial strategies (Targeted, Safe)

16 Some Results: Benign Population

17 Experimental Summary Average case behavior is better than (worst-case) bounds suggest –Adversary has even less “wiggle room” to deflate result without being detected Bounds based on worst case for sketch approximation and combination of pred/!pred estimates Adversary typically has limited coverage in the aggregation tree –Can only affect a small fraction of the aggregated results

18 Conclusions Introduced Proof-Sketches – first compact certificate structure for verifiable, in-network aggregation Basic technique: AM-FM proof sketch –Adds concise AM to basic FM sketch; prevents deflation through complementary deflation detection Extensions –Verifiable random sampling –Approximate verifiable counting for general aggregates over multi-tuple nodes Future: Extending ideas and methodology to more general approximate in-network queries (e.g., joins)

19 Thank you! http://www.cs.berkeley.edu/~minos/ minos@yahoo-inc.com, minos@cs.berkeley.edu minos@yahoo-inc.com, minos@cs.berkeley.edu

20 Some Results: Safe Adversary

Download ppt "Proof Sketches: Verifiable In-Network Aggregation Minos Garofalakis Yahoo! Research, UC Berkeley, Intel Research Berkeley"

Similar presentations

Raghavendra Madala. Introduction Icicles Icicle Maintenance Icicle-Based Estimators Quality Guarantee Performance Evaluation Conclusion 2 ICICLES: Self-tuning.

Raghavendra Madala. Introduction Icicles Icicle Maintenance Icicle-Based Estimators Quality Guarantee Performance Evaluation Conclusion 2 ICICLES: Self-tuning.
I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.

I have a DREAM! (DiffeRentially privatE smArt Metering) Gergely Acs and Claude Castelluccia {gergely.acs, INRIA 2011.
Randomized Sensing in Adversarial Environments Andreas Krause Joint work with Daniel Golovin and Alex Roper International Joint Conference on Artificial.

Randomized Sensing in Adversarial Environments Andreas Krause Joint work with Daniel Golovin and Alex Roper International Joint Conference on Artificial.
Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.

Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Harikrishnan Karunakaran Sulabha Balan CSE 6339.  Introduction  Icicles  Icicle Maintenance  Icicle-Based Estimators  Quality & Performance  Conclusion.

Harikrishnan Karunakaran Sulabha Balan CSE  Introduction  Icicles  Icicle Maintenance  Icicle-Based Estimators  Quality & Performance  Conclusion.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Joint work with Xinran Wang, Sencun Zhu and Guohong Cao Dept. of Computer Science &
Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.

Computer Science SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks Yi Yang, Xinran Wang, Sencun Zhu and Guohong Cao April 24, 2007.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.

IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.

Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.
1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.

1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.
Graph-Based Synopses for Relational Selectivity Estimation Joshua Spiegel and Neoklis Polyzotis University of California, Santa Cruz.

Graph-Based Synopses for Relational Selectivity Estimation Joshua Spiegel and Neoklis Polyzotis University of California, Santa Cruz.
Sharing Aggregate Computation for Distributed Queries Ryan Huebsch, UC Berkeley Minos Garofalakis, Yahoo! Research † Joe Hellerstein, UC Berkeley Ion Stoica,

Sharing Aggregate Computation for Distributed Queries Ryan Huebsch, UC Berkeley Minos Garofalakis, Yahoo! Research † Joe Hellerstein, UC Berkeley Ion Stoica,
Approximate XML Query Answers Alkis Polyzotis (UC Santa Cruz) Minos Garofalakis (Bell Labs) Yannis Ioannidis (U. of Athens, Hellas)

Approximate XML Query Answers Alkis Polyzotis (UC Santa Cruz) Minos Garofalakis (Bell Labs) Yannis Ioannidis (U. of Athens, Hellas)
Operator Placement for In-Network Stream Query Processing.

Operator Placement for In-Network Stream Query Processing.
Computer Science Spatio-Temporal Aggregation Using Sketches Yufei Tao, George Kollios, Jeffrey Considine, Feifei Li, Dimitris Papadias Department of Computer.

Computer Science Spatio-Temporal Aggregation Using Sketches Yufei Tao, George Kollios, Jeffrey Considine, Feifei Li, Dimitris Papadias Department of Computer.
Processing Data-Stream Joins Using Skimmed Sketches Minos Garofalakis Internet Management Research Department Bell Labs, Lucent Technologies Joint work.

Processing Data-Stream Joins Using Skimmed Sketches Minos Garofalakis Internet Management Research Department Bell Labs, Lucent Technologies Joint work.

Similar presentations

Ads by Google