Guaranteeing Local Differential Privacy on Ultra-low-power Systems - PowerPoint PPT Presentation

Guaranteeing Local Differential Privacy on Ultra-low-power Systems Woo-Seok Choi, Matthew Tomei, Jose Rodrigo Sanchez Vicarte, Pavan Kumar Hanumolu, Rakesh Kumar University of Illinois at Urbana-Champaign

Security in IoT IoT Cloud Data Aggregate Machine Analytics Statistics Learning • 50B devices estimated to be connected by 2020 • Must assess privacy and security risks

Conventional Data Collection Data Users Curator x 1 User 1 x 2 User 2 Trusted Server x N User N • Raw data collection

Privacy-Preserving Data Collection Users Data Curator User 1 Data y 1 x 1 SP Untrusted Server y N User N • Privatizing data through local processing

What is Differential Privacy? Are you a Democrat? Head Tail Toss a biased coin Lie! Truth! • Preserving privacy by randomized (noisy) output

DP for Numeric Data Users Data User 1 Random Curator Number Data y 1 x 1 Untrusted Server y N User N • Randomizing output by adding random number

Laplace Mechanism for DP Pr[1|1] = e e Pr[1|0] Pr[1|1] Pr[1|0]

DP on ULP Hardware • ULP hardware powers a large number of sensor/IoT systems • ULP hardware – Support fixed-point (FxP) hardware – Lack of floating-point hardware due to cost, area, energy, and latency Can DP be guaranteed on FxP HW?

Laplace RNG from FxP HW • Distribution discrepancy due to FxP hardware

Naïve DP Implementation Privacy is NOT guaranteed w/ naïve implementation on FxP HW

Proposed Solutions Finite privacy loss Infinite Infinite loss loss m M Thresholding Resampling Finite privacy loss Finite privacy loss Resampling Resampling range range M-n th m M m+n th M-n th m M m+n th

Resampling Finite privacy loss Resampling Resampling range range M-n th M m m+n th Resampling guarantees DP!

Thresholding Finite privacy loss M-n th m M m+n th Thresholding guarantees DP!

Why Hardware Support for DP • Software implementation issues – Latency for noising on MSP430 • Half-precision float: 1436 cycles • 20-bit fixed: 4043 cycles – Energy for noising on MSP430 • Half-precision float: 11.6 nJ • 20-bit fixed: 32.9 nJ HW provides (1) >700X lower latency (2) >300X lower energy (3) better security.

DP-Box in ULP System • Sensor data sent to DP-Box for noising • DP output read out by main processor once DP- Box asserts ‘Ready’

Utility for Statistical Query 20-bit FxP 16-bit FxP • Privacy-preserving data aggregation • # of data ↑ ⇒ more accurate estimate • Requires proper choice of hardware parameters

Utility for Randomized Response • DP-box configured for randomized response • # of data ↑ ⇒ more accurate estimate

Utility for Machine Learning Data 1000 2000 3000 4000 5000 Size e = 0.5 69 % 72 % 76 % 77 % 82 % e = 1 79 % 82 % 85 % 87 % 90 % e = 2 87 % 90 % 91 % 93 % 94 % No DP 96 % 98 % 98 % 99 % 99 % • Privacy-preserving learning • More privacy (higher e ) ⇒ more data required

Summary • Local DP is a promising mechanism in privacy- preserving data collection • Naïve implementation of DP does not guarantee privacy on ULP hardware • We propose Resampling and Thresholding DP output to guarantee privacy • We propose DP-Box, custom hardware support for providing local DP on ULP systems • DP-Box guarantees data privacy and provides high utility for aggregate statistics and machine learning

Thank you!