International Technology Alliance in Network & Information Sciences Knowledge Inference for...

download International Technology Alliance in Network & Information Sciences Knowledge Inference for Securing and Optimizing Secure Computation Piotr (Peter) Mardziel,

of 62

  • date post

    03-Jan-2016
  • Category

    Documents

  • view

    213
  • download

    1

Embed Size (px)

Transcript of International Technology Alliance in Network & Information Sciences Knowledge Inference for...

  • Sharing between coalition domains is critical for mission success *Scout (Coalition A)Supporting force(Coalition B)Unmanned Air Vehicle (UAV)(Coalition A)Back-office Data Analyst(Coalition A)Satellite Communications backhaul(Coalition A)XXYXXXYZZYYYMixed force (Coalition A, C)

  • ITA Technologies facilitate sharingITA has developed many excellent technologies for sharing informationGaian DBInformation fabricControlled English Store

    All harness information and make it available to coalition partnersProvide a query or pub/sub interface

    But: there may be risk in sharing all informationMight like to allow some queries but not othersIf the query would reveal too much information about the raw dataIf a sequence of queries would do so, even if one would not*

  • Our research: Knowledge inferenceKey idea: use program analysis (of the query)

    to understand what the answer reveals about sensitive information to (a rational) recipient

    We call this analysis knowledge inference

    We have used knowledge inference in a variety of applications*

  • Summary of Results (outline)Knowledge-based security [CSF11, NIPSPP12, JCS13, HOTNETS13]Enforce a security policy based on adversarys (accumulated) knowledgeImplementation and experimental evaluationProof of soundness: will never underestimate adversary knowledge

    Knowledge-based security for SMC [PLAS12]Adapt knowledge inference to consider multiple parties secretsProof of soundness

    Optimizing SMC [PLAS13]Identify inferrable values by knowledge inferenceDo not bother to compute these using SMCLeads to 30x speedupProof of correctness of technique*

  • Papers on ITACS[JCS13] Piotr Mardziel, Stephen Magill, Mike Hicks and Mudhakar Srivatsa, Dynamic Enforcement of Knowledge-based Security Policies, Journal of Comp. Security, Feb12, https://www.usukitacs.com/node/1900.[NIPSPP12] Piotr Mardziel and Kasturi Rangan, Probabilistic Computation for Information Security, NIPS Probabilistic Programming Workshop, Dec12, https://www.usukitacs.com/node/2234.[PLAS12] P. Mardziel, M. Hicks, J. Katz and M. Srivatsa, Knowledge-Oriented Secure Multiparty Computation, Programming Languages and Analyses for Security, June12, https://www.usukitacs.com/node/2003.[PLAS13] Aseem Rastogi, Piotr Mardziel, Michael Hicks and Matthew Hammer, Knowledge Inference for Optimizing Secure Multi-party Computation, Programming Languages and Analyses for Security, June13. https://www.usukitacs.com/node/2310[HOTNETS13] Z. Shafiq, F. Le, M. Srivatsa and D. Towsley. Cross-Path Inference Attacks on Multipath TCP, ACM HotNets, July13. https://www.usukitacs.com/node/2491

    *

  • Knowledge about the worldLearning about the world from observations.

    *0.5 : Today = not-raining0.5 : Today = rainingweatherOutlook0.82 : Today = not-raining0.18 : Today = rainingOutlook = sunnyinference

  • Knowledge about secretsCharacterize adversary knowledge.

    *SecretsystemPublic OutputPublic Output = login failedinference 0.01 : Secret = 410.90 : Secret = 420.01 : Secret = 43

  • Levels of knowledge?Characterize system as safe vs. unsafe.

    * 0.05 : Secret = 410.05 : Secret = 420.05 : Secret = 43 0.02 : Secret = 410.40 : Secret = 420.02 : Secret = 43 0.01 : Secret = 410.90 : Secret = 420.01 : Secret = 43 1.00 : Secret = 42inferenceapprox.inferenceunsafesafe

  • Soundness of knowledgeSoundly approximate level of knowledge.

    * 0.05 : Secret = 410.05 : Secret = 420.05 : Secret = 43 0.02 : Secret = 410.40 : Secret = 420.02 : Secret = 43 0.01 : Secret = 410.90 : Secret = 420.01 : Secret = 43 1.00 : Secret = 42actualinferencesound approx.inferenceunsafesafe

  • Technology: probabilistic programmingProgramswhose inputs and outputs may be distributions rather than valueswhich may contain uses of probabilistic choiceEffectively represent algorithmic description of a probabilistic modelconditional probability distribution relating inputs and outputs*Pr [ Outlook = sunny | Today = not-raining ] = 0.9weather(today) { if (today == not-raining) { if (flip 0.9) return sunny else return overcast } else if (today == raining) { if (flip 0.8) return overcast else return sunny }} CODE

  • Maintain a representation of each queriers belief about secrets possible valuesEach query result revises the belief; reject if actual secret becomes too likelyCannot let rejection defeat our protection.timeQ1Q3Q2Reject*OK (answer)OK (answer)Knowledge-based security

  • Policy = knowledge thresholdAnswer a query if, for queriers revised belief, Pr[my secret] < tCall t the knowledge threshold

    Choice of t depends on the risk of revelation*

  • Prob: Implementation (CSF11, JCS13)Queries are simple imperative programs

    Approach: abstract interpretation for implementing probabilistic operations. Building blocks:lattice point enumerationinteger programming

    Key idea: abstract interpretation is soundNever underestimate the knowledgeBut may overestimate itImproves audit timeMay reject some legal queries

    Application to sensor networks, location [NIPSPP12]Gave demo earlier in the weekApplication to MPTCP [HOTNETS13]*

  • Current activity: Modeling time/changeSecrets can change over time.

    In progress: formal model, theorems about knowledge of both the stream of secrets and the delta function*Pr [ Secret2 = 42 | Secret1 = 42 ] = 0.900392delta(secret1) { if (flip 0.9) return secret1 else return (uniform 0,255)} CODEPr [ Secret1 = 42 ] = 1.0

  • Other activitiesExpand expressiveness, improve performanceModel continuous distributions, not just discrete onesEmploy other forms of approximation

    More applicationsMultiparty TCP flowsSensor networksMobility*

  • Joint computations over secretsRather than asymmetric queries, may want to compute joint resultsCoalitions each have sensor networks; use them to answer queries while hiding detailsCoalitions perform joint mission planning; staff mission without knowing total resources*Q = Some functionxyQ (X,Y)attack at dawn

  • Secure multiparty computationMultiple parties have secrets to protect.Want to compute some function over their secrets without revealing them.*xyQ(x,y)True / FalseQ = if x y then out := True else out := False

  • Secure multiparty computationUse trusted third party.*xyQ = if x y then out := True else out := FalseTrue

  • Secure multiparty computationSMC lets the participants compute this without a trusted third party.*T

    xyQ(x,y)TrueQ = if x y then out := True else out := False

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.*xyQ(x,y)True / FalseQ = if x y then out := True else out := False

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.* what is implied can be a lot*x = ?xy=2Q(x,2)Q = if x y then out := True else out := FalseFalseAB

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.* what is implied can be a lot*x = 1Q(x,2)Q = if x y then out := True else out := FalseFalse

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.* what is implied can be a lot*x = ?Q(x,3)Q = if x y then out := True else out := FalseFalse

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.* what is implied can be a lot*x{1,2}Q(x,3)Q = if x y then out := True else out := FalseFalse

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.* what is implied can be a lot*x = ?Q(x, )Q = if x y then out := True else out := FalseFalse

  • Secure multiparty computationNothing is learned beyond what is implied* by the query output.* what is implied can be a lot*x 1Q(x, )Q = if x y then out := True else out := FalseFalse

  • Knowledge-based security for SMC (PLAS12)Results (details in paper): Adapt knowledge inference to SMC settingEnforce threshold-based policiesTwo techniques: Belief sets and SMC-based belief trackingProof that our methods are sound (never underapproximate adversary knowledge)

    Implementation not sufficiently performant for use on-line*

  • Goal: Make SMC more performant (PLAS13)SMC is an appealing technology, but it is very slowImplementation based on garbled circuitsSeveral orders of magnitude slower than normal computation

    Recent work has developed general methods to improve SMC performanceCircuit-level optimizationsPipelining circuit generation and execution (increases parallelism and decreases memory)But: ultimately SMC is always going to be much slower than normal computation

    Idea: use knowledge inference to find opportunities to replace SMC with normal computation in particular programs, with no loss to security*

  • Example Joint Median Computation

    { A1, A2 }, { B1, B2 }

    Assume: A1 < A2 and B1 < B2 and Distinct(A1, A2, B1, B2)

    a = A1 B1;b = a ? A2 : A1;c = a ? B1 : B2;d = b c;output = d ? b : c;**Can show that Alice and Bob can infer a and d

  • Secure Computation**output = d ? b : c;dda = A1 B1;b = a ? A2 : A1;c = a ? B1: B2;d = b c;Knowledge leads to optimized protocol

  • Median Example Analysis from Bobs Perspective**a = A1 B1;b = a ? A2 : A1;c = a ? B1 : B2;d = b c;output = d ? b : c;a = (output B1) Recall: B1 < B2

  • Formalization of Knowledge**x can be