implementing differential privacy side channel attacks
play

Implementing Differential Privacy & Side-channel attacks CompSci - PowerPoint PPT Presentation

Oct 09, 2022 •801 likes •1.22k views

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

  1. Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1

  2. Outline • Differential Privacy Implementations – PINQ: Privacy Integrated Queries [McSherry SIGMOD ‘09] – Airavat: Privacy for MapReduce [Roy et al NDSS ‘10] • Attacks on Differential Privacy Implementations – Privacy budget, state and timing attacks [Haeberlin et al SEC ‘11] • Protecting against attacks – Fuzz [Haeberlin et al SEC ‘11] – Gupt [Mohan et al SIGMOD ‘12] Lecture 14 : 590.03 Fall 12 2

  3. Differential Privacy • Let A and B be two databases such that B = A – {t}. • A mechanism M satisfies ε -differential privacy, if for all outputs O, and all such A, B P(M(A) = O) ≤ e ε P(M(B) = O) Lecture 14 : 590.03 Fall 12 3

  4. Differential Privacy • Equivalently, let A and B be any two databases • Let A Δ B = (A – B) U (B – A) … or the symmetric difference • A mechanism M satisfies ε -differential privacy, if for all outputs O, P(M(A) = O) ≤ e ε x |A Δ B| P(M(B) = O) Lecture 14 : 590.03 Fall 12 4

  5. PINQ: Privacy Integrated Queries [McSherry SIGMOD ‘09] • Implementation is based on C#’s LINQ language Lecture 14 : 590.03 Fall 12 5

  6. PINQ • An analyst initiates a PINQueryable object, which in turn recursively calls other objects (either sequentially or in parallel). • A PINQAgent ensures that the privacy budget is not exceeded. Lecture 14 : 590.03 Fall 12 6

  7. PINQAgent: Keeps track of privacy budget Lecture 14 : 590.03 Fall 12 7

  8. PINQ: Composition • When a set of operations O1, O2, … are performed sequentially, then the budget of the entire sequence is the sum of the ε for each operation. • When the operations are run in parallel on disjoint subsets of the data, the privacy budget for the all the operations is the max ε . Lecture 14 : 590.03 Fall 12 8

  9. Aggregation Operators Lecture 14 : 590.03 Fall 12 9

  10. Aggregation operators Laplace Mechanism • NoisyCount • NoisySum Exponential Mechanism • NoisyMedian • NoisyAverage Lecture 14 : 590.03 Fall 12 10

  11. PINQ: Transformation Sometimes aggregates are computed on transformations on the data • Where : takes as input a predicate (arbitrary C# function), and outputs a subset of the data satisfying the predicate • Select : Maps each input record into a different record using a C# function • GroupBy : Groups records by key values • Join : Takes two datasets, and key values for each and returns groups of pairs of records for each key. Lecture 14 : 590.03 Fall 12 11

  12. PINQ: Transformations Sensitivity can change once transformations have been applied. • GroupBy: Removing a record from an input dataset A, can change one group in the output T(A). Hence, |T(A) Δ T(B)| = 2 |A Δ B| • Hence, the implementation of GroupBy multiplies ε by 2 before recursively invoking the aggregation operation on each group. • Join can have a much larger (unbounded) sensitivity. Lecture 14 : 590.03 Fall 12 12

  13. Example Lecture 14 : 590.03 Fall 12 13

  14. Outline • Differential Privacy Implementations – PINQ: Privacy Integrated Queries [McSherry SIGMOD ‘09] – Airavat: Privacy for MapReduce [Roy et al NDSS ‘10] • Attacks on Differential Privacy Implementations – Privacy budget, state and timing attacks [Haeberlin et al SEC ‘11] • Protecting against attacks – Fuzz [Haeberlin et al SEC ‘11] – Gupt [Mohan et al SIGMOD ‘12] Lecture 14 : 590.03 Fall 12 15

  15. Covert Channel • Key assumption in differential privacy implementations: The querier can only observe the result of the query, and nothing else. – This answer is guaranteed to be differentially private. • In practice: The querier can observe other effects. – E.g, Time taken by the query to complete, power consumption, etc. – Suppose a system takes 1 minute to answer a query if Bob has cancer and 1 micro second otherwise, then based on query time the adversary may know that Bob has cancer. Lecture 14 : 590.03 Fall 12 16

  16. Threat Model • Assume the adversary (querier) does not have physical access to the machine. – Poses queries over a network connection. • Given a query, the adversary can observe: – Answer to their question – Time that the response arrives at their end of the connection – The system’s decision to execute the query or deny (since the new query would exceed the privacy budget) Lecture 14 : 590.03 Fall 12 17

  17. Timing Attack Function is_f(Record r){ if(r.name = Bob && r. disease = Cancer) sleep(10 sec); // or go into infinite loop, or throw exception return f(r); } Function countf(){ var fs = from record in data where (is_f(record)) print fs.NoisyCount(0.1); } Lecture 14 : 590.03 Fall 12 18

  18. Timing Attack Function is_f(Record r){ if(r.name = Bob && r. disease = Cancer) sleep(10 sec); // or go into infinite loop, or throw exception return f(r); } Function countf(){ var fs = from record in data If Bob has Cancer, then the query takes > 10 seconds where (is_f(record)) If Bob does not have Cancer, then query takes less than a second. print fs.NoisyCount(0.1); } Lecture 14 : 590.03 Fall 12 19

  19. Global Variable Attack Boolean found = false; Function f(Record r){ if(found) return 1; if(r.name = Bob && r.disease = Cancer){ found = true; return 1; } else return 0; } Function countf(){ var fs = from record in data where (f(record)) print fs.NoisyCount(0.1); } Lecture 14 : 590.03 Fall 12 20

  20. Global Variable Attack Boolean found = false; Function f(Record r){ if(found) return 1; if(r.name = Bob && r.disease = Cancer){ found = true; return 1; } else return 0; } Typically, the Where transformation does not change the Function numHealthy(){ sensitivity of the aggregate (each record transformed into var health = from record in data another value). where (f(record)) But, this transformation changes the sensitivity – if Bob has print health.NoisyCount(0.1); Cancer, then all subsequent records return 1. } Lecture 14 : 590.03 Fall 12 21

  21. Privacy Budget Attack Function is_f(Record r){ if(r.name = Bob && r.disease = Cancer){ run a sub-query that uses a lot of the privacy budget; } return f(r); } Function countf(){ var fs = from record in data where (f(record)) print fs.NoisyCount(0.1); } Lecture 14 : 590.03 Fall 12 22

  22. Privacy Budget Attack Function is_f(Record r){ if(r.name = Bob && r.disease = Cancer){ run a sub-query that uses a lot of the privacy budget; } return f(r); } If Bob does not has Cancer, then privacy budget decreases by 0.1. If Bob has Cancer, then privacy budget decreases by 0.1 + Δ . Function countf(){ var fs = from record in data Even if adversary can’t query for the budget, he can detect the where (f(record)) change in budget by counting how many more queries are print fs.NoisyCount(0.1); allowed. } Lecture 14 : 590.03 Fall 12 23

  23. Outline • Differential Privacy Implementations – PINQ: Privacy Integrated Queries [McSherry SIGMOD ‘09] – Airavat: Privacy for MapReduce [Roy et al NDSS ‘10] • Attacks on Differential Privacy Implementations – Privacy budget, state and timing attacks [Haeberlin et al SEC ‘11] • Protecting against attacks – Fuzz [Haeberlin et al SEC ‘11] – Gupt [Mohan et al SIGMOD ‘12] Lecture 14 : 590.03 Fall 12 24

  24. Fuzz: System for avoiding covert-channel attacks • Global variables are not supported in this language, thus ruling our state attacks . • Type checker rules out budget-based channels by statically checking the sensitivity of a query before they are executed • Predictable query processor ensures that each microquery takes the same amount of time, ruling out timing attacks . Lecture 14 : 590.03 Fall 12 25

  25. Fuzz Type Checker • A primitive is critical if it takes db as an input. • Only four critical primitives are allowed in the language – No other code is allowed. • A type system that can infer an upper bound on the sensitivity of any program (written using the above critical primitives). [Reed et al ICFP ‘10] Lecture 14 : 590.03 Fall 12 26

  26. Handling timing attacks • Each microquery takes exactly the same time T • If it takes less time – delay the query • If it takes more time – abort the query – But this can leak information! – Wrong Solution Lecture 14 : 590.03 Fall 12 27

  27. Handling timing attacks • Each microquery takes exactly the same time T • If it takes less time – delay the query • If it takes more time – return a default value Lecture 14 : 590.03 Fall 12 28

  28. Fuzz Predictable Transaction • P-TRANS ( λ , a, T, d) – λ : function – a : set of arguments – T : Timeout – d : default value • Implementing P-TRANS ( λ , a, T, d) requires: – Isolation: Function λ (a) can be aborted without waiting for any other function – Preemptability: λ (a) can be aborted in bounded time – Bounded Deallocation: There is a bounded time needed to deallocate resources associated with λ (a) Lecture 14 : 590.03 Fall 12 29

  29. Outline • Differential Privacy Implementations – PINQ: Privacy Integrated Queries [McSherry SIGMOD ‘09] – Airavat: Privacy for MapReduce [Roy et al NDSS ‘10] • Attacks on Differential Privacy Implementations – Privacy budget, state and timing attacks [Haeberlin et al SEC ‘11] • Protecting against attacks – Fuzz [Haeberlin et al SEC ‘11] – Gupt [Mohan et al SIGMOD ‘12] Lecture 14 : 590.03 Fall 12 30

  30. GUPT Lecture 14 : 590.03 Fall 12 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&P), 2019 (Dustin)

726 views • 44 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and Dan Boneh and Kenny Paterson USENIX Security Symposium Meet Alice the Anonymous Activist Blogger PK A anonymous 2 Alices Lack of Privacy Send

395 views • 21 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef @vanhoefm CCS 2017, 1

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef @vanhoefm CCS 2017, 1

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Mathy Vanhoef @vanhoefm CCS 2017, 1 October 2017 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Lessons learned 2 Overview Key reinstalls in 4-way

566 views • 38 slides
Why Black Hats Always Win Val Smith (valsmith@attackresearch.com) Chris

Why Black Hats Always Win Val Smith (valsmith@attackresearch.com) Chris

Why Black Hats Always Win Val Smith (valsmith@attackresearch.com) Chris (chris@sdnaconsulting.com) Slide: 1 Bios Val Smith Affiliations: Attack Research Metasploit Work: Attack Techniques Research Previous Talks Pen

1.07k views • 76 slides
Physical and Data Link Layer Kameswari Chebrolu Dept. of Electrical Engineering, IIT Kanpur

Physical and Data Link Layer Kameswari Chebrolu Dept. of Electrical Engineering, IIT Kanpur

Physical and Data Link Layer Kameswari Chebrolu Dept. of Electrical Engineering, IIT Kanpur Problem Statement Make two computers talk to each other Pictures courtesy Peterson & Davie Hosts Communication end-points PCs,

293 views • 11 slides
Java Technologies Web Filters The Context Upon receipt of a request, various processings may

Java Technologies Web Filters The Context Upon receipt of a request, various processings may

Java Technologies Web Filters The Context Upon receipt of a request, various processings may be needed: Is the user authenticated? Is there a valid session in progress? Is the IP trusted, is the user's agent supported, ...?

720 views • 21 slides
CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Threat Modeling Professor Qiang Zeng Spring 2020 Previous Class The CIA Triad as security objectives Threat: potential Attack: attempt Compromise: success Vulnerability: security

660 views • 29 slides
A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomas Fabsic 1 , Viliam Hromada 1 , Paul

A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomas Fabsic 1 , Viliam Hromada 1 , Paul

LDPC and MDPC Codes QC-MDPC McEliece Attack of Guo et al. QC-LDPC McEliece Our Attack A Reaction Attack on the QC-LDPC McEliece Cryptosystem Tomas Fabsic 1 , Viliam Hromada 1 , Paul Stankovski 2 , Pavol Zajac 1 , Qian Guo 2 , Thomas Johansson

693 views • 37 slides
Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2

Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2

Practical Algebraic Attacks on the HITAG2 TM Stream Cipher Nicolas T. Courtois 1 Sean O Neil 2 Jean-Jacques Quisquater 3 1 - University College London, UK 2 - VEST Corporation, France 3 - Universit Catholique de Louvain, Belgium Algebraic

995 views • 61 slides
Optical Properties of Liquid Argon measured by the PDS in ProtoDUNE-SP Bryan Ramson (on behalf of

Optical Properties of Liquid Argon measured by the PDS in ProtoDUNE-SP Bryan Ramson (on behalf of

Optical Properties of Liquid Argon measured by the PDS in ProtoDUNE-SP Bryan Ramson (on behalf of the DUNE collaboration) LIDINE 2019, Manchester, UK August 30, 2019 You Inst Logo Introduction(What is DUNE?) The Fermilab Deep Underground

346 views • 18 slides

More recommend