Differential Privacy

Transcription

1 CPSC 426/526 Differential Privacy Ennan Zhai Computer Science Department Yale University

2 Recall: Lec-11 In lec-11, we learned: - Cryptographic basics - Symmetric key cryptography - Public key cryptography - Hash functions - Case study: CryptDB

3 Lecture Roadmap Differential Privacy Case Study: DJoin Midterm Review

4 Much information is constantly accumulating in databases all around the world... Social networks Hospital records Airline reservation systems

5 Good Uses to this Data Recommendation system analysis Social networking analysis Illness analysis...

6 Good Uses to this Data Recommendation system analysis Social networking analysis However, Illness analysis in some cases, using this data... has potential privacy issue...

7 Example in Statistic DB Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

8 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

9 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Q: How many people have Malaria? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

10 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? A: 2 Q: How many people have Malaria? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

11 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Bob Cancer A: 2 Q: How many people have Malaria? Aha! That s Hank Doris Malaria Hank Greg Malaria HIV Statistical database only with COUNT query Adversary

12 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Bob Doris Hank Greg Cancer Malaria Malaria HIV A: 2 Statistical database only with COUNT query Q: How many people have Malaria? The adversary infers sensitive information of individual with basic queries... Adversary Aha! That s Hank

13 Differential Privacy Differential privacy can be used to address this type of problem

14 Differential Privacy [Dwork, ICALP 06] Differential privacy is a property of randomized function that take a dataset as input and return an aggregate result. Randomized function is differentially private if arbitrary changes to a single item result in only statistically insignificant changes in the function s output The presence or absence of any single item has a statistically negligible effect.

15 Differential Privacy [Dwork, ICALP 06] Differential privacy is a property of randomized function that take a dataset as input and return an aggregate result. Randomized function is differentially private if arbitrary adding carefully chosen noises to the output of queries. changes to a single item result in only statistically insignificant changes in the function s output Differential privacy does not make The presence or absence of any single item has a statistically any assumptions on adversary. negligible effect. In distributed system area, differential privacy is achieved by

16 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Q: How many people have Malaria? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

17 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Noise Q: How many people have Malaria? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

18 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Noise Q: How many people have Malaria? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query Adversary

19 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Noise Q: How many people have Malaria? Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query A: 2±1 Adversary

20 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Noise Q: How many people have Malaria? Hmm... Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query A: 2±1 Adversary

21 Differential Privacy Differential privacy is proposed for statistical databases which only support computation operations (e.g., COUNT). Differential privacy adds carefully chosen noises to the output of a query. Normally, we say a query is a differentially private query, which means the query satisfies differential privacy s property.

22 Differential Privacy Differential privacy is proposed for statistical databases which only support computation operations (e.g., COUNT). Differential privacy adds carefully chosen noises to the output of a query. Normally, we say a query is a differentially private query, which means the query satisfies differential privacy s property.

23 Differential Privacy Differential privacy is proposed for statistical databases which only support computation operations (e.g., COUNT). Differential privacy adds carefully chosen noises to the output of a query. More noises you add you will have higher level privacy but less accuracy of you result.

24 Differential Privacy Differential privacy adds carefully chosen noises to the output of a query. Query Response Normal user Query Response Adversary

25 Differential Privacy Differential privacy adds carefully chosen noises to the output of a query. Noise Query Noised response Query Noised response Normal user Adversary

26 Lecture Roadmap Differential Privacy Case Study: DJoin Midterm Review

27 Example in Statistic DB The adversary knows Doris has Malaria and Bob and Greg do not, but what about Hank? Noise Q: How many people have Malaria? Does differential privacy Hmm... Bob Doris Hank Greg Cancer Malaria Malaria HIV Statistical database only with COUNT query always work? A: 2±1 Adversary

28 Unfortunately, differential privacy-based approaches (e.g., PINQ) assume all the data is from a single database...

29 Distributed DB Scenario Airlines Doctors

30 Distributed DB Scenario Q: How many people went to Elbonia and had Malaria? Researcher Airlines Doctors

31 Distributed DB Scenario Q: How many people went to Elbonia and had Malaria? Researcher Airlines Doctors

32 Distributed DB Scenario Q: How many people went to Elbonia and had Malaria? Researcher Airlines Doctors

33 Distributed DB Scenario Q: How many people went to Elbonia and had Malaria? Researcher Airlines Doctors 2

34 Distributed DB Scenario Q: How many people went to Elbonia and had Malaria? Researcher Airlines Doctors 2 PRIVACY LEAKAGE

35 Distributed DB Scenario Q: How many people went to Elbonia and had Malaria? Researcher A Join query across multiple databases... Airlines Doctors There is no differentially private query 2 PRIVACY which can handle this case... LEAKAGE

36 Target Problem Can we provide differentially private Join queries for distributed databases?

37 Solution 1 Researcher Airlines Doctors Trusted party

38 Solution 1 Researcher Airlines Doctors We do not have such trusted party in practice Trusted party

39 Solution 2 Researcher Airlines Doctors SMPC

40 Solution 2 Researcher Airlines SMPC works but it will Doctors take years... SMPC

41 DJoin DJoin is a system supporting differentially private JOIN queries across distributed DBs Q: How many people went to Elbonia and had Malaria? DJoin s Differentially Private Query Processor

42 DJoin DJoin is a system supporting differentially private JOIN queries across distributed DBs Q: How many people went to Elbonia and had Malaria? About 302 DJoin s Differentially Private Query Processor

43 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria Step 1 Who went to Elbonia? Who had Malaria?

44 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria Who went to Elbonia? Who had Malaria? Step 2

45 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria Who went to Elbonia? Who had Malaria? Step 2 = 2

46 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria Who went to Elbonia? Who had Malaria? Step 2 = 2±1

47 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE The main challenge is how to do set intersection WHERE Destination= Elbonia AND Diagnosis= Malaria cardinality while preserving differential privacy Who went to Elbonia? Who had Malaria? Step 2 = 2±1

48 Solution: BN-PSI-CA PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common.

49 Solution: BN-PSI-CA PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common. BN-PSI-CA adds noise to the set intersection cardinality

50 PSI-CA [EuroCrypt 04] PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common.

51 PSI-CA [EuroCrypt 04] PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common

52 PSI-CA [EuroCrypt 04] PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common PSI-CA

53 PSI-CA [EuroCrypt 04] PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common PSI-CA

54 PSI-CA [EuroCrypt 04] PSI-CA is a protocol named private set-intersection cardinality. PSI-CA allows a group of k parties with multisets S1...Sk to privately compute Si, i.e., the exact number of elements they have in common Result is: Result is: 1 PSI-CA Result is: 1

55 PSI-CA [EuroCrypt 04] Set A Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

56 Set A PSI-CA [EuroCrypt 04] P = (X-12)(X-5)(X-4) = x 3-21x X Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

57 Set A PSI-CA [EuroCrypt 04] P = (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

58 Set A PSI-CA [EuroCrypt 04] P = (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

59 PSI-CA [EuroCrypt 04] P = (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} 13 4 Set A {E(152), E(0), E(6612), E(152)} 2 6 Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

60 PSI-CA [EuroCrypt 04] P = (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} 13 4 Set A {E(152), E(0), E(6612), E(152)} 2 6 Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

61 PSI-CA [EuroCrypt 04] (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} 13 4 Set A {E(152), E(0), E(6612), E(152)} 2 6 Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

62 PSI-CA [EuroCrypt 04] (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} 13 4 Set A {E(152), E(0), E(6612), E(152)} 2 6 Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

63 PSI-CA [EuroCrypt 04] (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} 13 4 Set A = {152, 0, 6612, 152} {E(152), E(0), E(6612), E(152)} 2 6 Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

64 PSI-CA [EuroCrypt 04] Result is: 1 (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} 13 4 Set A = {152, 0, 6612, 152} {E(152), E(0), E(6612), E(152)} 2 6 Set B The airline and hospital has set A and B respectively and airline wants to jointly compute A B. The airline makes a polynomial P whose roots are the elements of A. The airline encrypts the coefficients of P and sends them to the doctor. Note that the airline sends homomorphic encryptions of the coefficients to the doctor. The doctor evaluates P(Bi) for each element in B. The doctor returns the encrypted evaluations to the airline. The airline decrypts it and counts the number of zeroes.

65 PSI-CA is not differentially private (X-12)(X-5)(X-4) = x 3-21x X-240 {E(1), E(-21), E(128), E(-240)} = {152, 0, 6612, 152} {E(152), E(0), E(6612), E(152)} This protocol is not differentially private since: The first party can learn the exact size of the intersection. Both parties can learn the exact size of the other database.

66 PSI-CA is not differentially private (X-12)(X-5)(X-4) = x 3-21x X-240 {Enc(1), Enc(-21), Enc(128), Enc(-240)} BN-PSI-CA is built by extending PSI-CA to make it = {152, 0, 6612, 152} differentially private... {Enc(152), Enc(0), Enc(6612), Enc(152)} This protocol is not differentially private since: The first party can learn the exact size of the intersection. Both parties can learn the exact size of the other database.

67 BN-PSI-CA

68 BN-PSI-CA (X-12)(X-5)(X-4)(X-9125)(X-7255) = x 5-36x x x x

69 BN-PSI-CA (X-12)(X-5)(X-4)(X-9125)(X-7255) = x 5-36x x x x {E(1), E(36), E(497), E(3294), E(10512), E(-12960)}

70 BN-PSI-CA (X-12)(X-5)(X-4)(X-9125)(X-7255) = x 5-36x x x x {E(1), E(36), E(497), E(3294), E(10512), E(-12960)}

71 BN-PSI-CA (X-12)(X-5)(X-4)(X-9125)(X-7255) = x 5-36x x x x {E(1), E(36), E(497), E(3294), E(10512), E(-12960)} {E(6752), E(0), E(4612), E(7452), E(0), E(0), E(242), E(125), E(525)} C=5, N=

72 BN-PSI-CA (X-12)(X-5)(X-4)(X-9125)(X-7255) = x 5-36x x x x {E(1), E(36), E(497), E(3294), E(10512), E(-12960)} = {6752, 0, 4612, 7452, 0, 0, 242, 125, 525} {E(6752), E(0), E(4612), E(7452), E(0), E(0), E(242), E(125), E(525)} C=5, N=

73 BN-PSI-CA Blinded result is: 3 (X-12)(X-5)(X-4)(X-9125)(X-7255) = x 5-36x x x x {E(1), E(36), E(497), E(3294), E(10512), E(-12960)} = {6752, 0, 4612, 7452, 0, 0, 242, 125, 525} {E(6752), E(0), E(4612), E(7452), E(0), E(0), E(242), E(125), E(525)} C=5, N=

74 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria Who went to Elbonia? Who had Malaria? Step 2 = 2

75 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria Who went to Elbonia? Who had Malaria? Step 2 = 2±1

76 SELECT COUNT(X) FROM HOSPITAL JOIN AIRLINE WHERE Destination= Elbonia AND Diagnosis= Malaria BN-PSI-CA is sufficient to answer queries that require only one Who went to Elbonia? intersection operation Who had Malaria? Step 2 = 2±1

77 Some queries need more than one BN-PSI-CA, e.g.,

78 Some queries need more than one BN-PSI-CA, e.g.,

79 Some queries need more than one BN-PSI-CA, e.g.,

80 Some queries need more than one BN-PSI-CA, e.g., Denoise-Combine-Renoise

81 Some queries need more than one BN-PSI-CA, e.g., Denoise-Combine-Renoise

82 A Case Study

83

84

85

86

87

88

89 Lecture Roadmap Differential Privacy Case Study: DJoin Midterm Review

90 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

91 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

92 UseNet and Gossip Understanding basic UseNet format (RFC 1036) Gossip protocol - Rumor-mongering - Anti-entropy - Security problem - How to create unique ID and why?

93 UseNet Format If Alice reads a message locally on her machine containing the above headers, what can you infer is the name of Alice s machine?

94 UseNet Format If Alice reads a message locally on her machine containing the above headers, what can you infer is the name of Alice s machine? cbosgd

95 UseNet Format Alice sends a private message to Jerry s UseNet post, but Jerry did not receive it. After several days, Alice sees some new posts from Jerry with a Path: header line of cbosgd!mhuxj!ucbvax!eagle!jerry What do you expect happened to Alice s original message to Jerry?

96 UseNet Format Alice sends a private message to Jerry s UseNet post, but Jerry did not receive it. After several days, Alice sees some new posts from Jerry with a Path: header line of cbosgd!mhuxj!ucbvax!eagle!jerry What do you expect happened to Alice s original message to Jerry?

97 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

98 Flooding protocol Random walk Unstructured Search

99 DHT and Chord Understand how Chord works The complexity of Chord (e.g., space complexity) Potential practical issues of Chord

100 DHT and Chord Understand how Chord works The complexity of Chord (e.g., space complexity) Potential practical issues of Chord

101 DHT and Chord Understand how Chord works The complexity of Chord (e.g., space complexity) Potential practical issues of Chord Why I only need at most 160 steps to find an object in Chord?

102 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

103 Content Sharing and Reputation Global trust model: PageRank Personalized reputation model - Peer-based reputation systems, e.g., EigenTrust - Object-based reputation systems, e.g., Credence We will provide equation for reputation computation

104 Content Sharing and Reputation B: +1 C: -1 D: +1 File1 A: +1 B: +1 C: -1 File2 A: -1 B: -1 File3 A: -1 C: +1 D: -1 File4 A C: +1 D: -1 File5 A: +1 D: -1 File6 C: +1 G: -1 File7

105 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

106 Attacks and Defenses We do not test DSybil Understand sybil attacks and defense - How to launch sybil attacks to out-vote reputation system - How to use SybilGuard to detect sybil identities

107 Attacks and Defenses We do not test DSybil Understand sybil attacks and defense - How to launch sybil attacks to out-vote reputation system - How to use SybilGuard to detect sybil identities Verifier Suspect same intersection honest nodes sybil nodes

108 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

109 Firewalls Which machine is my internal machine? Why? set block src-ip [ip-address] dst-ip [ip-address] protocol [name] - I do not want to receive ICMP packet from set block src-ip dst-ip protocol icmp

110 Firewalls Which machine is my internal machine? Why? set block src-ip [ip-address] dst-ip [ip-address] protocol [name] - I do not want to receive ICMP packet from set block src-ip dst-ip protocol icmp

111 Firewalls Which machine is my internal machine? Why? set block src-ip [ip-address] dst-ip [ip-address] protocol [name] - I do not want to receive ICMP packet from set block src-ip dst-ip protocol icmp

112 NATs NATs have four different categories: - Full cone NAT - A restricted cone NAT - A port restricted cone NAT - A symmetric NAT

113 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777

114 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777

115 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :10100 D= :7777

116 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :10100 D= :7777 S= :4321 D= :10100

117 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :10100 D= :7777 S= :4321 D= :10100

118 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :10100 D= :7777 S= :4321 D= :10100 S= :1234 D= :10100

119 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :10100 D= :7777 S= :4321 D= :10100 S= :1234 D= :10100

120 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :10100 D= :7777 S= :4321 D= :10100 S= :1234 D= :10100

121 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :4445 D= :7777 S= :10100 D= :7777 S= :4321 D= :10100 S= :1234 D= :10100

122 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :4445 D= :7777 S= :10100 D= :7777 S= :4321 D= :10100 S= :1234 D= :10100

123 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :10100 D= :7777 S= :4321 S= :4321 D= :4445 D= :10100 S= :4445 S= :10100 D= :7777 D= :7777 S= :1234 D= :10100

124 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :4445 D= :7777 S= :10100 D= :7777 S= :4321 D= :10100 S= :10100 D= :7777 S= :1234 D= :10100 S= :4321 D= :10100

125 Mapping: : :10100 Policy: Allow to :10100 Allow to :10100 Restricted Cone Restricted cone Host A NAT Host B Host C S= :4445 D= :7777 S= :4321 D= :4445 S= :4445 D= :7777 S= :4321 D= :4445 S= :10100 D= :7777 S= :4321 D= :10100 S= :10100 D= :7777 S= :1234 D= :10100 S= :4321 D= :10100

126 1. Allow to me 2. Allow to me Server Host A: Public ( :1900) Private ( :4321) 2. Host B: Public ( :7777) Private ( :9999) NAT NAT Allow to me 2. Allow to me Host A Host B

127 Midterm Exam Location: WTS A51 (the same room as our class) Time: 1-2:15pm Oct 16 Closed-book Lec Lec 2: UseNet and Gossip - Lec 3 and 4: P2P and Chord - Lec 5: Content sharing and reputation - Lec 6: Attacks and Defenses - Lec 7: Firewalls and NATs - Lec 8 and 9: GFS, MapReduce and BigTable

128 GFS, MapReduce and BigTable Understanding file system basics How does MapReduce work - Map and Reduce programs if a target is given - The input/output of each phase I do not want to test BigTable :)

129 File Systems Suppose we have a HDFS. For simplicity, we use a fixed 8KB block size for each block. For each file f, we use a blocklist metafile (used to find each block), which is a 8KB file containing hash values as the identifier of each block of f. Assume the size of a hash value is 32 byte. What is the maximum size of a file in this HDFS?

130 File Systems Suppose we have a HDFS. For simplicity, we use a fixed 8KB block size for each block. For each file f, we use a blocklist metafile (used to find each block), which is a 8KB file containing hash values as the identifier of each block of f. Assume the size of a hash value is 32 byte. What is the maximum size of a file in this HDFS? (8KB/32)*8KB = 2MB

131 What are Map and Reducer programs? MP: 75 CG: 72 OR: 72

132 Good luck!