stadium
play

Stadium A Distributed Metadata-private Messaging System Nirvan - PowerPoint PPT Presentation

Aug 14, 2023 •207 likes •725 views

Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung Matei Zaharia Nickolai Zeldovich SOSP 2017 Previous talk: Anonymous broadcast This talk: Private messaging Alice Bob Problem: Communication

  1. Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung Matei Zaharia Nickolai Zeldovich SOSP 2017

  2. Previous talk: Anonymous broadcast

  3. This talk: Private messaging Alice Bob

  4. Problem: Communication metadata Alice Bob (oncologist)

  5. Goal: Hiding communication metadata Stadium Alice Bob (oncologist)

  6. Related work Metadata-private systems with cryptographic security limited in throughput. Dissent [OSDI’12] , Riposte [S&P’15] ~ 1.5 - 65 K messages / min Pung [OSDI’16] , Atom [SOSP’17]

  7. Related work Metadata-private systems with cryptographic security limited in throughput. Dissent [OSDI’12] , Riposte [S&P’15] ~ 1.5 - 65 K messages / min Pung [OSDI’16] , Atom [SOSP’17] Throughput increased by relaxing guarantees to differential privacy . ~ 2 M messages / min Vuvuzela [SOSP’15]

  8. Related work Metadata-private systems with cryptographic security limited in throughput. Dissent [OSDI’12] , Riposte [S&P’15] ~ 1.5 - 65 K messages / min Pung [OSDI’16] , Atom [SOSP’17] Throughput increased by relaxing guarantees to differential privacy . ~ 2 M messages / min Vuvuzela [SOSP’15] > 10 M messages / min Stadium [SOSP’17] First metadata-private messaging system to scale horizontally

  9. Vuvuzela: Differentially private messaging Dead-drops: virtually hosted addresses at which user messages are exchanged ● dead-drops

  10. Vuvuzela: Differentially private messaging Dead-drops: virtually hosted addresses at which user messages are exchanged ● Mixnet: servers re-randomize and permute messages ● mixnet

  11. Vuvuzela: Differentially private messaging Dead-drops: virtually hosted addresses at which user messages are exchanged ● Mixnet: servers re-randomize and permute messages ● Noise: servers add fake messages to obscure adversary observations ●

  12. Scaling limitations Every server handles all messages ● Running a server is expensive (e.g. 2M users / minute = 1.3 Gbps) ●

  13. Challenge: How to distribute workload across untrustworthy servers? 1. How to mix messages? 2. How to add noise?

  14. Stadium design Collaborative noise generation + verifiable parallel mixnet

  15. Stadium design Collaborative noise generation + verifiable parallel mixnet

  16. Stadium design Collaborative noise generation + verifiable parallel mixnet

  17. Contributions Stadium design ● Parallel mixnet ○ Collaborative noise generation ○ Verifiable processing including fast zero-knowledge proofs of shuffle ○ Multidimensional differential privacy analysis ● Implementation and evaluation of prototype ● 10 M messages/min with per-server costs of ~100 Mbps

  18. Parallel mixnets with cryptographic security of mixing have large depth. Iterated butterfly topology [ICALP ‘14] as used by Atom [SOSP ‘17] ● Large depth not good for low latency applications ● Repeat One butterfly iteration # of servers

  19. Stadium uses 2-layer mixnet with differential privacy analysis.

  20. Traffic analysis attacks take advantage of uneven routings. Trace messages by modeling likely paths through mixnet ( Borisov [PET ‘05] ) ●

  21. Traffic analysis attacks take advantage of uneven routings. Trace messages by modeling likely paths through mixnet ( Borisov [PET ‘05] ) ● Even if links are padded with dummy messages, adversary can incorporate ● adversary-known inputs and outputs to infer uneven routing

  22. Traffic analysis attacks take advantage of uneven routings. Trace messages by modeling likely paths through mixnet ( Borisov [PET ‘05] ) ● Even if links are padded with dummy messages, adversary can incorporate ● adversary-known inputs and outputs to infer uneven routing

  23. Traffic analysis attacks take advantage of uneven routings. Trace messages by modeling likely paths through mixnet ( Borisov [PET ‘05] ) ● Even if links are padded with dummy messages, adversary can incorporate ● adversary-known inputs and outputs to infer uneven routing

  24. Add noise messages to provide differential privacy for uneven routings. Adversary manipulates padding through known message injection ● Unlike padding, noise messages are independent of adversary action ●

  25. Noising internal links not helpful if messages aren’t mixed. Adversary learns path of all messages through compromised servers ●

  26. Noising internal links not helpful if messages aren’t mixed. Adversary learns path of all messages through compromised servers ●

  27. Ensure mixing by organizing providers into small groups of servers. Probability of compromise with random assignment falls exponentially with ● group size

  28. Problem: Scaling noise generation Vuvuzela server # of fake messages

  29. Problem: Distributed noise generation Stadium servers Aggregate # of fake messages

  30. Problem: Distributed noise generation Stadium servers probability Aggregate distribution # of fake messages

  31. Poisson distribution for distributed noise generation Additive Discrete Non-negative Noise mechanism Laplace Gaussian Poisson Poisson provides all properties nicely ●

  32. Multidimensional analysis for reducing noise requirements When a user changes communication pattern, only a few links are affected ● Reduce noise by a factor of where is probability link is affected ●

  33. Verifiable processing pipeline Ensure noise messages stay in system ● Utilize various cryptographic zero knowledge proofs of integrity ● Hybrid verification scheme ● Zero knowledge proof of shuffle is bottleneck processing cost ● Multicore Bayer-Groth verifiable shuffle on Curve25519 ○ ~ 20X performance speedup over state of the art ○ E.g. 100K ciphertext shuffle speedup from 128 seconds to ~7 seconds ○

  34. Implementation Prototype ● Control and networking logic in Go (2500 lines of code) ○ Verifiable processing protocols in C++ (9000 lines of code) ○ Highly optimized Bayer-Groth verifiable shuffle implementation ■ Available at github.com/nirvantyagi/stadium ○

  35. Evaluation Recall goal: horizontal scalability with inexpensive servers ● What is the cost of operating a Stadium server? ● Does Stadium horizontally scale? ●

  36. Evaluation methodology Deploy Stadium on up to 100 Amazon c4.8xlarge EC2 VMs ● 36 virtual cores, 60 GB memory ○ US East region ○ Message size: 144 B ○ Extrapolate scaling patterns to larger deployment sizes ●

  37. Operating costs of a Stadium server are relatively small 88 - 173 Mbps 6-13% of Vuvuzela’s 1.3Gbps Bandwidth is dominant cost ● Operating costs ~ $110 / month* ● Top 300 of relays in Tor offer > 140 Mbps ● *W. Norton. 2010. Internet Transit Prices - Historical and Projected. Technical Report. http://drpeering.net/white-papers/ Internet-Transit-Pricing-Historical-And-Projected.php

  38. Messages are effectively distributed across servers to reduce latency Stadium

  39. Conclusion Stadium: high-throughput, horizontally-scaling, metadata-private system ● Verifiable parallel mixnet resistant to traffic analysis ○ Fast zero-knowledge proofs of shuffle ○ Collaborative noise generation with Poisson distribution ○ Multidimensional differential privacy analysis ● Implementation and evaluation of prototype ● Prototype at github.com/nirvantyagi/stadium

  40. Reserve Slides

  41. Dead-drop message exchange d4cf2802a26e60e489a0b6949a8d881c d4cf2802a26e60e489a0b6949a8d881c e0784f9889a878fdb3c6c27d6a8318fb

  42. Dead-drop message exchange

  43. Dead-drop message exchange Easy to observe conversations

  44. Dead-drop message exchange d4cf2802a26e60e... e0784f9889a878f...

  45. Dead-drop message exchange

  46. Dead-drop message exchange 2 d4cf2802a26e60e... 0 1 e0784f9889a878f... 0 Dead-drop access counts reveal conversation

  47. Dead-drop message exchange 2 d4cf2802a26e60e... 0 1 e0784f9889a878f... 0 Dead-drop access counts reveal conversation Add “noise” to access counts with fake messages!

  48. Differential Privacy Pr[Alice talking to Bob] Pr[Alice not talking to Bob]

  49. Differential Privacy Pr[Alice talking to Bob] Pr[Alice not talking to Bob] probability no noise 1 0 # of 2-message dead-drops

  50. Differential Privacy Pr[Alice talking to Bob] Pr[Alice not talking to Bob] probability no noise with noise 1 0 ~1000 # of 2-message dead-drops

Recommend

Update to the Stadium Advisory Group (SAG) for the CSU Multi-Purpose Stadium June 13, 2016

Update to the Stadium Advisory Group (SAG) for the CSU Multi-Purpose Stadium June 13, 2016

Update to the Stadium Advisory Group (SAG) for the CSU Multi-Purpose Stadium June 13, 2016 Tonights Agenda 5:30 pm - Meeting called to order Public Comment (up to 30 minutes) Stadium Updates Doug Wilson, Project Manager,

568 views • 42 slides
STADIUM ADVISORY STADIUM ADVISORY COMMITTEE February 3, 2012 Lory Student Center What are the

STADIUM ADVISORY STADIUM ADVISORY COMMITTEE February 3, 2012 Lory Student Center What are the

STADIUM ADVISORY STADIUM ADVISORY COMMITTEE February 3, 2012 Lory Student Center What are the reasons that lead us to believe that an on-campus stadium will serve the best interests of our University? Is our end game limited to winning

684 views • 21 slides
Las Vegas Stadium Authority Financial Oversight Overview Financial Oversight The Stadium

Las Vegas Stadium Authority Financial Oversight Overview Financial Oversight The Stadium

Las Vegas Stadium Authority Financial Oversight Overview Financial Oversight The Stadium Authority oversees a number of bank trusts and accounts related to the stadium project and Authority operations Staff collects and reviews bank

567 views • 9 slides
RJR Stadium- Board of Education Workshop November 20, 2012 RJR Stadium Proposal n Role of the

RJR Stadium- Board of Education Workshop November 20, 2012 RJR Stadium Proposal n Role of the

RJR Stadium- Board of Education Workshop November 20, 2012 RJR Stadium Proposal n Role of the Staff of the WSFCS q Remain neutral and protect the interest of the district. q Listen to all participant s sides. q Advise Home Field Advantage

839 views • 62 slides
RJR Stadium- Board of Education Workshop November 20, 2012 RJR Stadium Proposal Role of the

RJR Stadium- Board of Education Workshop November 20, 2012 RJR Stadium Proposal Role of the

RJR Stadium- Board of Education Workshop November 20, 2012 RJR Stadium Proposal Role of the Staff of the WSFCS Remain neutral and protect the interest of the district. Listen to all participants sides. Advise Home Field

1.25k views • 62 slides
The stadium has changed the skyline in Limerick forever. Now the province has a multi-purpose

The stadium has changed the skyline in Limerick forever. Now the province has a multi-purpose

The stadium has changed the skyline in Limerick forever. Now the province has a multi-purpose stadium facility to rival any modern stadia across Europe SCALE OF IMPACTS ASSESSMENT Prior to stadium completion Heineken Cup game resulted in 3.5

276 views • 16 slides
Stadium Road Neighbourhood By Max Holmes, VP Academic and University Affairs What is the Stadium

Stadium Road Neighbourhood By Max Holmes, VP Academic and University Affairs What is the Stadium

SCD071-19 Stadium Road Neighbourhood By Max Holmes, VP Academic and University Affairs What is the Stadium Road Neighbourhood? The Planning Area Principles of the Plan Build Long Term Value Prioritize Affordable Living Create a

462 views • 10 slides
Las Vegas Stadium Alternative Funding Concept State of Nevada Creates Stadium Authority via

Las Vegas Stadium Alternative Funding Concept State of Nevada Creates Stadium Authority via

DRAFT | For Discussion Purposes Las Vegas Stadium Alternative Funding Concept State of Nevada Creates Stadium Authority via State Legislation Proposed $750M $750M Clark County Las Vegas Construction Fund (TBD) Stadium Authority 1 Loan

860 views • 48 slides
Update on Brandywell Stadium Renaming Proposal Consultation Do you believe that the name of

Update on Brandywell Stadium Renaming Proposal Consultation Do you believe that the name of

Update on Brandywell Stadium Renaming Proposal Consultation Do you believe that the name of the Brandywell Football Stadium should be changed to the Ryan McBride Brandywell Stadium? Responses Total: 6775

145 views • 10 slides
STADIUM AUTHORITY PURPOSE: A Clark County Stadium Authority (CCSA) is to be created and is

STADIUM AUTHORITY PURPOSE: A Clark County Stadium Authority (CCSA) is to be created and is

CLARK COUNTY STADIUM AUTHORITY PURPOSE: A Clark County Stadium Authority (CCSA) is to be created and is to be responsible for the design, financing, construction and operation of the new domed stadium. COMPOSITION: The CCSA shall be

324 views • 4 slides
Stadium Security In a Changing Environment Bishwa Silwal and Mustapha Olokun Advisor: Dr.

Stadium Security In a Changing Environment Bishwa Silwal and Mustapha Olokun Advisor: Dr.

Stadium Security In a Changing Environment Bishwa Silwal and Mustapha Olokun Advisor: Dr. Christie Nelson Background on Recent Stadium Terrorist Events Manchester Stadium (May 22, 2017) Explosive device concealed in a black vest or a

538 views • 10 slides
CPS Athletics and Facilities Presentation February 12, 2018 Stargel Stadium Reconstruction

CPS Athletics and Facilities Presentation February 12, 2018 Stargel Stadium Reconstruction

CPS Athletics and Facilities Presentation February 12, 2018 Stargel Stadium Reconstruction 2002: Start Stadium Reconstruction 2004: Stargel Stadium Dedication Initial project cost:$5,459,000 2015: Field and track improvements $397,000

359 views • 9 slides
Update to the Stadium Advisory Group (SAG) for the CSU Multi-Purpose Stadium October 16, 2017

Update to the Stadium Advisory Group (SAG) for the CSU Multi-Purpose Stadium October 16, 2017

Update to the Stadium Advisory Group (SAG) for the CSU Multi-Purpose Stadium October 16, 2017 Tonights Agenda 5:30 pm - Meeting called to order Public Comment (up to 30 minutes) Debrief of Game Day 1 (Aug. 26) and Game Day 2

457 views • 43 slides
12/06/2018 1 1. Welcome to new attendees 2. Minutes of the last meeting 3. New stadium

12/06/2018 1 1. Welcome to new attendees 2. Minutes of the last meeting 3. New stadium

12/06/2018 1 1. Welcome to new attendees 2. Minutes of the last meeting 3. New stadium update 4. Focus Groups 5. Safe standing campaign 6. AOB New stadium update Recap on key events over the last few months Be Living Ltd

337 views • 13 slides
H-2. Spring Stadium Loop Harris County 54 Location 55 Request Add Spring Stadium Loop Road

H-2. Spring Stadium Loop Harris County 54 Location 55 Request Add Spring Stadium Loop Road

H-2. Spring Stadium Loop Harris County 54 Location 55 Request Add Spring Stadium Loop Road as a Minor Collector MTFP AMENDMENT REQUEST ADD REALIGN DELETE RECLASSIFY Street Class ROW Width No. Lanes Freeway Major Thoroughfare Major

251 views • 4 slides
Stanwood Athletics 2010-2011 Bob Larson Stadium Thank you to the community and

Stanwood Athletics 2010-2011 Bob Larson Stadium Thank you to the community and

Stanwood Athletics 2010-2011 Bob Larson Stadium Thank you to the community and board for the support and approval of the re-naming of the stadium. Upgrades: roof, press box SHS First Season Participation 90

186 views • 16 slides
Stadium & Event Security James A. De Meo M.S. Security Management Professional Paris

Stadium & Event Security James A. De Meo M.S. Security Management Professional Paris

Stadium & Event Security James A. De Meo M.S. Security Management Professional Paris Stadium Bombing Objectives: Student will gain knowledge about Security and Safety Issues facing the Sports and Entertainment Industry today.

594 views • 24 slides
COTTINGHAM STADIUM Redesign Presentation | November 6, 2019 COTTINGHAM STADIUM REDESIGN

COTTINGHAM STADIUM Redesign Presentation | November 6, 2019 COTTINGHAM STADIUM REDESIGN

COTTINGHAM STADIUM REDESIGN PRESENTATION 11/6/19 COTTINGHAM STADIUM Redesign Presentation | November 6, 2019 COTTINGHAM STADIUM REDESIGN PRESENTATION 11/6/19 DESIGN CONCEPT 1 The design concept for Cottingham Stadium is built around Easton

207 views • 20 slides
Steve Cohoon Director What is the capacity of the Ravens stadium? Ravens Stadium Seating

Steve Cohoon Director What is the capacity of the Ravens stadium? Ravens Stadium Seating

Steve Cohoon Director What is the capacity of the Ravens stadium? Ravens Stadium Seating Capacity 69,084 Queen Annes County Population 47,798 2010 U. S. Census QAC 2000 - 2010 Town Census # 2000 2010 %Chg Centreville

738 views • 24 slides
Las Vegas Stadium Authority Fiscal Year 2020 Budget Overview Four Budget Funds Fund 2960 Fund

Las Vegas Stadium Authority Fiscal Year 2020 Budget Overview Four Budget Funds Fund 2960 Fund

Las Vegas Stadium Authority Fiscal Year 2020 Budget Overview Four Budget Funds Fund 2960 Fund 2965 Stadium Authority Operating Stadium Authority Waterfall Residual Staffing, legal, accounting, fiscal agent, insurance Room tax revenue

253 views • 6 slides
Donald W. Reynolds Razorback Stadium North End Zone Addition and Stadium Updates JUNE 2016

Donald W. Reynolds Razorback Stadium North End Zone Addition and Stadium Updates JUNE 2016

Donald W. Reynolds Razorback Stadium North End Zone Addition and Stadium Updates JUNE 2016 Athletic Department current financial position: The Department of Athletics is in the strongest financial position in our history Athletic

159 views • 14 slides
PUBLIC MEETING On the Remediation of the proposed DC United Soccer Stadium Site Thursday, January

PUBLIC MEETING On the Remediation of the proposed DC United Soccer Stadium Site Thursday, January

DC United Soccer Stadium Project PUBLIC MEETING On the Remediation of the proposed DC United Soccer Stadium Site Thursday, January 21, 2016 Page 1 of 32 DC United Soccer Stadium Project AGENDA 1. Introduction 2. Project Background 3.

562 views • 33 slides
digital Stadium Delay Tolerant Networks in the Real World Overview Introduce the team and the

digital Stadium Delay Tolerant Networks in the Real World Overview Introduce the team and the

digital Stadium Delay Tolerant Networks in the Real World Overview Introduce the team and the project PROBLEM SPACE: Connectivity and services in stadia SOLUTION SPACE: Technology potential User/Fan and Stadium engagement

916 views • 53 slides
Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2

Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2

DRAFT | For Discussion Purposes Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2 State of Nevada Creates Stadium Authority via State Legislation $750 MM $750 MM Las Vegas How the Clark County

569 views • 32 slides

More recommend