STYX: Stream Processing with Trustworthy Cloud-based Execution

Transcription

1 STYX: Stream Processing with Trustworthy Cloud-based Execution Julian Stephen, Savvas Savvides, Vinaitheerthan Sundaram, Masoud Saeida Ardekani, Patrick Eugster October 6, 2016 Purdue University

2 Table of contents 1. Overview 2. Ensuring confidentiality in the cloud 3. Challenges in encrypted stream processing 4. Architecture 5. STYX abstractions and key update 6. Evaluation 7. Related work and conclusion 2

3 Overview

4 Introduction Compute clouds Data analytics platforms Cost-efficiency, on-demand compute, low infrastructure setup cost IoT 26 billion smart devices connected to a network by 2020 Fine-grained user behavior tracking to capture, personalize and/or monetize user experience Stream processing Analytics on real-time streaming data (continuous queries) Many systems over the last few years - Apache Storm, Apache Spark, Apache Flink, Apache Samza, Amazon Kinesis 4

5 Vulnerabilities - 1 5

6 Vulnerabilities - 1 5

7 Vulnerabilities - 1 A 5

8 Vulnerabilities - 1 A f(a) 5

9 Vulnerabilities - 1 A f(a) 5

10 Vulnerabilities - 1 A f(a) A 5

11 Vulnerabilities - 2 Real problems 6

12 Ensuring confidentiality in the cloud

13 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data A f f(a) 8

14 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data A f f(a) 8

15 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data A f f(a) k E(A, k) 8

16 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data A f f(a) k E(A, k) f f (E(A, k)) 8

17 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data A f f(a) k D(f (E(A, k))) E(A, k) f f (E(A, k)) 8

18 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data Prohibitive overhead 8

19 Confidentiality in the cloud Fully homomorphic encryption (FHE) Allows arbitrary computation on encrypted data Prohibitive overhead Partially homomorphic encryption (PHE) Allows certain operations to be performed over encrypted text AHE: D(E(x1)ψE(x2)) = x1 + x2 AHE, MHE, OPE, DET Conjecture Many data analytics jobs can be performed securely using a combination of partially homomorphic encryption schemes 8

20 Vulnerabilities - 3 9

21 Vulnerabilities - 3 A E(A, k) 9

22 Vulnerabilities - 3 A E(A, k) f (E(A, k)) 9

23 Vulnerabilities - 3 A E(A, k) f (E(A, k)) 9

24 Vulnerabilities - 3 A E(A, k) f (E(A, k)) E(A, k) k A 9

25 Challenges in encrypted stream processing

26 Challenges in encrypted stream processing Programmer effort Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation if (Stream1.f1 < 100) return; else... sum = sum + Stream2.f3; 11

27 Challenges in encrypted stream processing Key change PHE requires all tuples in an aggregate function to be encrypted with same key A A B C D E F G A 11

28 Challenges in encrypted stream processing Deployment optimizations Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data 11

29 Challenges in encrypted stream processing Programmer effort Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation Key change PHE requires all tuples in an aggregate function to be encrypted with same key Deployment optimizations Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data 11

30 Challenges in encrypted stream processing Programmer effort Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation Key change PHE requires all tuples in an aggregate function to be encrypted with same key Deployment optimizations Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data Limitations of PHE PHE may not support a sequence of operations requiring trusted nodes to perform remaining computation 11

31 Challenges in encrypted stream processing Programmer effort Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation Key change PHE requires all tuples in an aggregate function to be encrypted with same key Deployment optimizations Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data Limitations of PHE PHE may not support a sequence of operations requiring trusted nodes to perform remaining computation Constants and initialization Variables must be initialized using the encrypted value of the initialization constant 11

32 Challenges in encrypted stream processing Programmer effort Need to identify encryption scheme for each input data stream, perform cryptographic equivalent of required operation Key change PHE requires all tuples in an aggregate function to be encrypted with same key Deployment optimizations Deployment parameters specified for plaintext data may not be optimal when computation happens on encrypted data Limitations of PHE PHE may not support a sequence of operations requiring trusted nodes to perform remaining computation Constants and initialization Variables must be initialized using the encrypted value of the initialization constant 11

33 Architecture

34 STYX architecture Analytical model identifies deployment profile execute the graph crypto systems required to identifies analysis Homomorphism User submits program written using system (STYX) API Execution flow Program (STYX API, Annotations) Homomorphism Analysis

35 STYX abstractions and key update

36 STYX abstraction Group sum in a sliding window 1 /** Track sum of values per group per time slot */ 2 public class SlotBasedSum <T > { public void updatesum ( T group, int slot, SecField val ) { 5 SecField [] sums = objgroupsum. get ( group ); 6 if ( sums == null ) { 7 sums = new SecField [ this. numslots ]; 8 init (sums, val ); 9 objgroupsum. put (obj, sums ); 10 } 11 sums [ slot ] = SecureOper 12. add ( sums [ slot ], val ); 13 } 14 } 15

37 STYX abstraction Group sum in a sliding window 1 /** Track sum of values per group per time slot */ 2 public class SlotBasedSum <T > { public void updatesum ( T group, int slot, SecField val ) { 5 SecField [] sums = objgroupsum. get ( group ); 6 if ( sums == null ) { 7 sums = new SecField [ this. numslots ]; 8 init (sums, val ); 9 objgroupsum. put (obj, sums ); 10 } 11 sums [ slot ] = SecureOper 12. add ( sums [ slot ], val ); 13 } 14 } 15

38 Without STYX abstractions Group sum in a sliding window (Storm) 1 public class SlotBasedSum <T > { 2 BigInteger publickey = readpubkey (); 3 public void updatesum ( T group, int slot, BigInteger value ) { 4 BigInteger [] sums = objgroupsum. get ( group ); 5 if ( sums == null ) { 6 sums = new BigInteger [ this. numslots ]; 7 init (sums, " AHE "); 8 objgroupsum. put ( group, sums ); 9 } 10 sums [ slot ] = sums [ slot ]. multiply ( value ) 11. mod ( publickey. multiply ( publickey )); 12 } 13 } 14 16

39 Without STYX abstractions Group sum in a sliding window (Storm) 1 public class SlotBasedSum <T > { 2 BigInteger publickey = readpubkey (); 3 public void updatesum ( T group, int slot, BigInteger value ) { 4 BigInteger [] sums = objgroupsum. get ( group ); 5 if ( sums == null ) { 6 sums = new BigInteger [ this. numslots ]; 7 init (sums, " AHE "); 8 objgroupsum. put ( group, sums ); 9 } 10 sums [ slot ] = sums [ slot ]. multiply ( value ) 11. mod ( publickey. multiply ( publickey )); 12 } 13 } 14 16

40 Without STYX abstractions Group sum in a sliding window (Storm) 1 public class SlotBasedSum <T > { 2 BigInteger publickey = readpubkey (); 3 public void updatesum ( T group, int slot, BigInteger value ) { 4 BigInteger [] sums = objgroupsum. get ( group ); 5 if ( sums == null ) { 6 sums = new BigInteger [ this. numslots ]; 7 init (sums, " AHE "); 8 objgroupsum. put ( group, sums ); 9 } 10 sums [ slot ] = sums [ slot ]. multiply ( value ) 11. mod ( publickey. multiply ( publickey )); 12 } 13 } 14 16

41 Key change Challenges Functions that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Problem A A B C D E F G A 17

42 Key change Challenges Functions that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Problem A A B C D E F G A 17

43 Key change Challenges Functions that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Problem A A B C D E F G A 17

44 Key change Challenges Functions that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Problem A A B C D E F G A 17

45 Key change Challenges Continuous queries that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Solution A A B C D E D E F G A 18

46 Key change Challenges Continuous queries that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Solution A A B C D E D E F G A 18

47 Key change Challenges Continuous queries that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Solution A A B C D E D E F G A 18

48 Key change Challenges Continuous queries that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Solution A A B C D E D E F G A 18

49 Key change Challenges Continuous queries that aggregates data over a sliding window makes it impossible to change the encryption key without disrupting output Solution A A B C D E D E F G A 18

50 Evaluation

51 Evaluation - 1 IoT Bench Smart meter data over a 24 hour time period at the rate of 1 reading per minute from 443 unique homes, totaling records 4 ec2 m3.large node Each tuple comprises of timestamp, meter id and meter reading Throughput (#tuples/sec) STYX Storm Q1 Q2 Q3 Q4 Q5 Q6 20

52 Evaluation - 2 Performance when keys change New york taxi route data (10G) Application finds the top 10 most frequent routes during the last 30 minutes of taxi servicing 9 ec2 m3.large node Response Time (ms) Time (s) 21

53 Related work and conclusion

54 Related work Prior work on encrypted computaion [Popa et al.; SOSP 11]; [Gentry.; STOC 09]; [Stephen et al.; VLDB 13]; Other approaches Using secure processors (e.g., Intel SGX) 23

55 Conclusion Conclusion Confidentiality breaches pose a serious threat to adoption and utilization of cloud resources PHE has proven to be effective for various batch workloads STYX leverage PHE for stream data analytics in the cloud Makes it easier for programmers to use PHE Automatically translates the program and optimizes deployment parameters 24

56 Questions 25