guaranteeing local differential privacy on ultra low
play

Guaranteeing Local Differential Privacy on Ultra-low-power Systems - PowerPoint PPT Presentation

Guaranteeing Local Differential Privacy on Ultra-low-power Systems Woo-Seok Choi, Matthew Tomei, Jose Rodrigo Sanchez Vicarte, Pavan Kumar Hanumolu, Rakesh Kumar University of Illinois at Urbana-Champaign Security in IoT IoT Cloud Data


  1. Guaranteeing Local Differential Privacy on Ultra-low-power Systems Woo-Seok Choi, Matthew Tomei, Jose Rodrigo Sanchez Vicarte, Pavan Kumar Hanumolu, Rakesh Kumar University of Illinois at Urbana-Champaign

  2. Security in IoT IoT Cloud Data Aggregate Machine Analytics Statistics Learning • 50B devices estimated to be connected by 2020 • Must assess privacy and security risks

  3. Conventional Data Collection Data Users Curator x 1 User 1 x 2 User 2 Trusted Server x N User N • Raw data collection

  4. Privacy-Preserving Data Collection Users Data Curator User 1 Data y 1 x 1 SP Untrusted Server y N User N • Privatizing data through local processing

  5. What is Differential Privacy? Are you a Democrat? Head Tail Toss a biased coin Lie! Truth! • Preserving privacy by randomized (noisy) output

  6. DP for Numeric Data Users Data User 1 Random Curator Number Data y 1 x 1 Untrusted Server y N User N • Randomizing output by adding random number

  7. Laplace Mechanism for DP Pr[1|1] = e e Pr[1|0] Pr[1|1] Pr[1|0]

  8. DP on ULP Hardware • ULP hardware powers a large number of sensor/IoT systems • ULP hardware – Support fixed-point (FxP) hardware – Lack of floating-point hardware due to cost, area, energy, and latency Can DP be guaranteed on FxP HW?

  9. Laplace RNG from FxP HW • Distribution discrepancy due to FxP hardware

  10. Naïve DP Implementation Privacy is NOT guaranteed w/ naïve implementation on FxP HW

  11. Proposed Solutions Finite privacy loss Infinite Infinite loss loss m M Thresholding Resampling Finite privacy loss Finite privacy loss Resampling Resampling range range M-n th m M m+n th M-n th m M m+n th

  12. Resampling Finite privacy loss Resampling Resampling range range M-n th M m m+n th Resampling guarantees DP!

  13. Thresholding Finite privacy loss M-n th m M m+n th Thresholding guarantees DP!

  14. Why Hardware Support for DP • Software implementation issues – Latency for noising on MSP430 • Half-precision float: 1436 cycles • 20-bit fixed: 4043 cycles – Energy for noising on MSP430 • Half-precision float: 11.6 nJ • 20-bit fixed: 32.9 nJ HW provides (1) >700X lower latency (2) >300X lower energy (3) better security.

  15. DP-Box in ULP System • Sensor data sent to DP-Box for noising • DP output read out by main processor once DP- Box asserts ‘Ready’

  16. Utility for Statistical Query 20-bit FxP 16-bit FxP • Privacy-preserving data aggregation • # of data ↑ ⇒ more accurate estimate • Requires proper choice of hardware parameters

  17. Utility for Randomized Response • DP-box configured for randomized response • # of data ↑ ⇒ more accurate estimate

  18. Utility for Machine Learning Data 1000 2000 3000 4000 5000 Size e = 0.5 69 % 72 % 76 % 77 % 82 % e = 1 79 % 82 % 85 % 87 % 90 % e = 2 87 % 90 % 91 % 93 % 94 % No DP 96 % 98 % 98 % 99 % 99 % • Privacy-preserving learning • More privacy (higher e ) ⇒ more data required

  19. Summary • Local DP is a promising mechanism in privacy- preserving data collection • Naïve implementation of DP does not guarantee privacy on ULP hardware • We propose Resampling and Thresholding DP output to guarantee privacy • We propose DP-Box, custom hardware support for providing local DP on ULP systems • DP-Box guarantees data privacy and provides high utility for aggregate statistics and machine learning

  20. Thank you!

Recommend


More recommend