Antonis Papadimitriou, Arjun Narayan, Andreas Haeberlen

Slides:

Advertisements

Similar presentations

Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.

Advertisements

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Experimental Economics Fall 2009 Yale University.

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

Forwarding Redundancy in Opportunistic Mobile Networks: Investigation and Elimination Wei Gao 1, Qinghua Li 2 and Guohong Cao 3 1 The University of Tennessee,

1 Sensor Relocation in Mobile Sensor Networks Guiling Wang, Guohong Cao, Tom La Porta, and Wensheng Zhang Department of Computer Science & Engineering.

Information Gathering in Government Bailout Decision: An Experiment Ayung Tseng December 8,

CLOUD COMPUTING, INFORMATION FLOWS, AND MARKETS Subir K. Chakrabarti Department of Economics IUPUI Rajeev R. Raje Department of Computer and Information.

1 1 Chenhao Tan, 1 Jie Tang, 2 Jimeng Sun, 3 Quan Lin, 4 Fengjiao Wang 1 Department of Computer Science and Technology, Tsinghua University, China 2 IBM.

CS492: Special Topics on Distributed Algorithms and Systems Fall 2008 Lab 3: Final Term Project.

Secure Web Applications via Automatic Partitioning Stephen Chong, Jed Liu, Andrew C. Meyers, Xin Qi, K. Vikram, Lantian Zheng, Xin Zheng. Cornell University.

Technology Panel What technical tools are in our disposal for achieving privacy Privacy: Technology + Policy –Technology can Implement Policy –Without.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Technology Panel What technical tools are in our disposal for achieving privacy and security Privacy: Technology + Policy –Without Policy, technology will.

Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.

Deadline-sensitive Opportunistic Utility-based Routing in Cyclic Mobile Social Networks Mingjun Xiao a, Jie Wu b, He Huang c, Liusheng Huang a, and Wei.

GraphSC: Parallel Secure Computation Made Easy Kartik Nayak With Xiao Shaun Wang, Stratis Ioannidis, Udi Weinsberg, Nina Taft, Elaine Shi 1.

Protecting Sensitive Labels in Social Network Data Anonymization.

1 Privacy Preserving Data Mining Haiqin Yang Extracted from a ppt “Secure Multiparty Computation and Privacy” Added “Privacy Preserving SVM”

Addressing Issues David Conrad Internet Software Consortium.

Hidden Risks in Casualty (Re)insurance Casualty Actuaries in Reinsurance (CARe) 2007 David R. Clark, Vice President Munich Reinsurance America, Inc.

Scalable Multi-Class Traffic Management in Data Center Backbone Networks Amitabha Ghosh (UtopiaCompression) Sangtae Ha (Princeton) Edward Crabbe (Google)

PRISM: Private Retrieval of the Internet’s Sensitive Metadata Ang ChenAndreas Haeberlen University of Pennsylvania.

A. Haeberlen Fault Tolerance and the Five-Second Rule 1 HotOS XV (May 18, 2015) Ang Chen Hanjun Xiao Andreas Haeberlen Linh Thi Xuan Phan Department of.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Efficient k-Coverage Algorithms for Wireless Sensor Networks Mohamed Hefeeda.

DynamicMR: A Dynamic Slot Allocation Optimization Framework for MapReduce Clusters Nanyang Technological University Shanjiang Tang, Bu-Sung Lee, Bingsheng.

Comparison of Tarry’s Algorithm and Awerbuch’s Algorithm CS 6/73201 Advanced Operating System Presentation by: Sanjitkumar Patel.

Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.

Auditing Information Leakage for Distance Metrics Yikan Chen David Evans TexPoint fonts used in EMF. Read the TexPoint manual.

Privacy-Preserving Data Aggregation without Secure Channel: Multivariate Polynomial Evaluation Taeho Jung 1, XuFei Mao 2, Xiang-Yang Li 1, Shao-Jie Tang.

IncApprox The marriage of incremental and approximate computing Pramod Bhatotia Dhanya Krishnan, Do Le Quoc, Christof Fetzer, Rodrigo Rodrigues* (TU Dresden.

A Hierarchical Edge Cloud Architecture for Mobile Computing IEEE INFOCOM 2016 Liang Tong, Yong Li and Wei Gao University of Tennessee – Knoxville 1.

Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.

Screening for Patients’ Health Insurance and Confidentiality Needs

Location of mobile devices in the Ad Hoc Network

Symmetric Cryptography

Research Methods Dr. X.

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

A Study of Group-Tree Matching in Large Scale Group Communications

MPC and Verifiable Computation on Committed Data

Privacy Preserving Similarity Evaluation of Time Series Data

SocialMix: Supporting Privacy-aware Trusted Social Networking Services

Lesson 2-9 AP Computer Science Principles

Privacy and Fault-Tolerance in Distributed Optimization Nitin Vaidya University of Illinois at Urbana-Champaign.

Performance Evaluation of Adaptive MPI

Intra-Domain Routing Jacob Strauss September 14, 2006.

Deposit Insurance and the Coexistence of Commercial and Shadow Banks

Spare Register Aware Prefetching for Graph Algorithms on GPUs

Private and Secure Secret Shared MapReduce

By (Group 17) Mahesha Yelluru Rao Surabhee Sinha Deep Vakharia

Efficient CRT-Based RSA Cryptosystems

Differential Privacy in Practice

Mingxing Zhang, Youwei Zhuo (equal contribution),

Cryptography and Security Fall 2009 Steve Lai

Providing Secure Storage on the Internet

Qianyi Huang, Yixin Tao, and Fan Wu

Private Graph Algorithms in the Semi-Honest Model

Security in Network Communications

Autonomous Aggregate Data Analytics in Untrusted Cloud

Project Title Team Members EE/CSCI 451: Project Presentation

Yiannis Nikolakopoulos

Privacy-Preserving Dynamic Learning of Tor Network Traffic

Pramod Bhatotia, Ruichuan Chen, Myungjin Lee

Malicious-Secure Private Set Intersection via Dual Execution

MPC Scenario 1. “Privacy-protected contingency tables”

Alan Kuhnle*, Victoria G. Crawford, and My T. Thai

National Income: Where it Comes From and Where it Goes

Helen: Maliciously Secure Coopetitive Learning for Linear Models

Distributed Systems and Algorithms

Presentation transcript:

DStress: Efficient Differentially Private Computations on Distributed Data Antonis Papadimitriou, Arjun Narayan, Andreas Haeberlen University of Pennsylvania

Motivation: Systemic risk Bank A Bank C Bank B If house prices fall If house prices fall Bank A Bank B Bank C debt=200 debt=200 payout = 20 Capital = 100 80 Capital = 100 102 120 Capital = 200 218 20 20 18 Banks reduce risk by buying “insurance” contracts This means they rely on others to meet obligations B and A will have problems if C goes bankrupt Systemic risk: The risk of snowball bankruptcies in the financial graph Measuring it could provide early warning (2008 crisis!)

I knew C was going to kill us all! Challenge: Privacy All 3 banks fail! Bank A Bank B Bank C debt=200 debt=200 I knew C was going to kill us all! Capital = 80 Capital = 102 Capital = 218 Why can’t we collect data and measure the systemic risk? Economists have algorithms, e.g., [EN, EGJ] We know how to execute graph algorithms Privacy concern 1: Graph values and edges are very sensitive Privacy concern 2: Even the output of the computation can leak information

Approach All 3 banks fail! 80 102 218 Bank A debt=200 Bank B Bank C All 3 banks fail! debt=200 Capital = 80 Capital = 102 Capital = 218 Banks keep data and take part in distributed computation Goal: Privacy and efficiency Output privacy Value privacy Edge privacy Efficiency Result: Private distributed graph computations (not only systemic risk!) Differential privacy Existing Secure multiparty computation (MPC) Secure message transfer protocol New Formulation as vertex programs

Outline Systemic risk Privacy concerns Approach Distributed computation Protecting values Protecting edges Protecting output Evaluation

How do systemic risk algorithms work? 40 27/ 135/ 40 Bank A Bank B Bank C 200 20 Capital = 80 Capital = 102 Capital = 20 prorate: 162*(200/240) = 135 In-payments = 20 + 40 = 60 Capital = 60 + 102 = 162 Shortfall = 240 - 162 = 78 Systemic risk = total shortfall [EN01] computes the systemic risk by simulating payment between banks Economists formulate this as a matrix computation Step: Aggregation: But matrix operations are expensive in secure multiparty computation (MPC) Computing systemic risk for entire US graph would take > 200 years! 𝐹𝐹 𝑝 ′ 𝑝 =Λ 𝑝 ′ Π Τ Λ 𝑝 ′ 𝑝+ 𝐼−Λ 𝑝 ′ 𝑝 +𝑒 +(𝐼−Λ( 𝑝 ′ ))( 𝑝 ) ( 𝑝 −𝑝)

Systemic risk as a vertex program 40 27/ 135/ 40 Bank A Bank B Bank C 200 20 Capital = 80 Capital = 102 Capital = 20 Idea: Run algorithm as a distributed simulation The simulation of payments can be expressed as a vertex program Advantage: Vertex programs are faster in MPC No matrix ops, no need to read entire matrix

Privately running vertex programs We had to overcome several challenges Protecting values Secret sharing Secure MPC Protecting edges Re-sharing Variant of ElGamal encryption Re-randomizable encryption keys Homomorphic mixing Protecting output Differential privacy Sensitivity and utility analysis Read our paper for details!

Privately running vertex programs: Value privacy B’s Committee C’s Committee 20 -37 78 -12 52 54 Bank A Bank B Bank C 20/200 135/200 Capital = 80 102 20 17 -13 +35 -29 10 Challenge: Hide intermediate values of the computation Solution: Committee of k banks Secret sharing and MPC Result: No committee member can observe intermediate state!

Privately running vertex programs: Edge privacy B’s Committee C’s Committee Bank A Bank B Bank C 17 17 17 -13 -13 -13 Aha! Contract (C,B) exists I have to use blue key – so (C,B) exists +35 +35 +35 -29 -29 -29 10 10 10 Challenge 1: Direct communication can leak edge Solution 1: Route shares via C and B They already know about edge (C,B) Challenge 2: Encryption keys can leak edge Solution 2: Use re-randomizable encryption keys Please look at paper for other challenges!

Privately running vertex programs: Output privacy $100±𝜀 $2000±𝜀 VS Problem: Output can leak information Solution: Differential privacy Add noise to result Mask contribution of any individual contract Systemic risk with noise OK, because we’re looking for devastating effects For details look at our paper!

Outline Systemic risk Privacy concerns Approach Distributed computation Protecting values Protecting edges Protecting output Evaluation

Implementation and experimental setup Evaluation questions: What is the computational cost of vertex programs in MPC? What is the communication cost of vertex programs in MPC? How does the size of MPC blocks affect the cost of vertex computations? What is the cost of message transfers? What is the end-to-end cost of DStress? How does DStress compare to monolithic MPC? Can DStress scale to the size of the entire US financial network? Evaluation questions: What is the computational cost of vertex programs in MPC? What is the communication cost of vertex programs in MPC? How does the size of MPC blocks affect the cost of vertex computations? What is the cost of message transfers? What is the end-to-end cost of DStress? How does DStress compare to monolithic MPC? Can DStress scale to the size of the entire US financial network?

What is the cost of vertex program steps in MPC? Vertex update Message transfer Aggregate … Iterations Vertex update Message transfer Aggregate … Iterations 12 members 16 members 8 members 20 members [EN01] EGJ[14] Aggregation We evaluated the cost of MPC steps Eisenberg-Noe, “Systemic Risk in Financial Systems”, Management Science, 2001 Elliott-Golub-Jackson. "Financial networks and contagion." American Economic Review, 2014 Tradeoff between performance and privacy (committee sizes) Completion time is reasonable even for committees of 20 banks The largest inter-bank collusion observed involved 16 banks

Can DStress scale to the US financial network? # US banks We show DStress performance for large networks This is an extrapolation from smaller scale experiments DStress would take less than 5 hours for the US financial system! Compare that with 200+ years for naïve application of MPC

Conclusion Motivation: Computing the systemic risk could serve as an early warning system for the financial network Solution: DStress can execute distributed vertex programs with privacy guarantees Challenges: Many subtle ways sensitive information can leak Differential privacy to protect output Secret sharing and MPC to hide intermediate values Secure message transfer protocol to hide edges Evaluation: DStress could be used for graphs the size of the US financial system Thank you!