Guaranteeing Local Differential Privacy on Ultra-low-power Systems - - PowerPoint PPT Presentation

Guaranteeing Local Differential Privacy

• n Ultra-low-power Systems

Woo-Seok Choi, Matthew Tomei, Jose Rodrigo Sanchez Vicarte, Pavan Kumar Hanumolu, Rakesh Kumar University of Illinois at Urbana-Champaign

Security in IoT

• 50B devices estimated to be connected by 2020
• Must assess privacy and security risks

IoT Cloud

Data Analytics Aggregate Statistics Machine Learning

Conventional Data Collection

User 1 User 2 User N Trusted Server

x1 x2 xN

Users Data Curator

• Raw data collection

Privacy-Preserving Data Collection

• Privatizing data through local processing

Untrusted Server

Users Data Curator

User 1

Data x1 y1

User N

yN

SP

What is Differential Privacy?

• Preserving privacy by randomized (noisy) output

Are you a Democrat?

Toss a biased coin Head Tail

Truth! Lie!

DP for Numeric Data

Untrusted Server

Users Data Curator

User 1

Data x1

Random Number

y1

User N

yN

• Randomizing output by adding random number

Pr[1|0] Pr[1|1] Pr[1|1] = ee Pr[1|0]

Laplace Mechanism for DP

DP on ULP Hardware

• ULP hardware powers a large number of

sensor/IoT systems

• ULP hardware

– Support fixed-point (FxP) hardware – Lack of floating-point hardware due to cost, area, energy, and latency

Can DP be guaranteed

• n FxP HW?

Laplace RNG from FxP HW

• Distribution discrepancy due to FxP hardware

Naïve DP Implementation

Privacy is NOT guaranteed w/ naïve implementation on FxP HW

Proposed Solutions

m M

Infinite loss Finite privacy loss Infinite loss

m M M-nth m+nth

Finite privacy loss

m M M-nth m+nth

Finite privacy loss Resampling range Resampling range

Thresholding Resampling

Resampling

Resampling guarantees DP!

m M M-nth m+nth

Finite privacy loss Resampling range Resampling range

Thresholding

Thresholding guarantees DP!

m M M-nth m+nth

Finite privacy loss

Why Hardware Support for DP

• Software implementation issues

– Latency for noising on MSP430

• Half-precision float: 1436 cycles
• 20-bit fixed: 4043 cycles

– Energy for noising on MSP430

• Half-precision float: 11.6 nJ
• 20-bit fixed: 32.9 nJ

HW provides (1) >700X lower latency (2) >300X lower energy (3) better security.

DP-Box in ULP System

• Sensor data sent to DP-Box for noising
• DP output read out by main processor once DP-

Box asserts ‘Ready’

Utility for Statistical Query

• Privacy-preserving data aggregation
• # of data ↑ ⇒ more accurate estimate
• Requires proper choice of hardware parameters

20-bit FxP 16-bit FxP

Utility for Randomized Response

• DP-box configured for randomized response
• # of data ↑ ⇒ more accurate estimate

Utility for Machine Learning

• Privacy-preserving learning
• More privacy (higher e) ⇒ more data required

Data Size 1000 2000 3000 4000 5000 e = 0.5 69 % 72 % 76 % 77 % 82 % e = 1 79 % 82 % 85 % 87 % 90 % e = 2 87 % 90 % 91 % 93 % 94 % No DP 96 % 98 % 98 % 99 % 99 %

Summary

• Local DP is a promising mechanism in privacy-

preserving data collection

• Naïve implementation of DP does not guarantee

privacy on ULP hardware

• We propose Resampling and Thresholding DP
• utput to guarantee privacy
• We propose DP-Box, custom hardware support for

providing local DP on ULP systems

• DP-Box guarantees data privacy and provides high

utility for aggregate statistics and machine learning

Thank you!