-
BoostCom: Towards Efficient Universal Fully Homomorphic Encryption by Boosting the Word-wise Comparisons
Authors:
Ardhi Wiratama Baskara Yudha,
Jiaqi Xue,
Qian Lou,
Huiyang Zhou,
Yan Solihin
Abstract:
Fully Homomorphic Encryption (FHE) allows for the execution of computations on encrypted data without the need to decrypt it first, offering significant potential for privacy-preserving computational operations. Emerging arithmetic-based FHE schemes (ar-FHE), like BGV, demonstrate even better performance in word-wise comparison operations over non-arithmetic FHE (na-FHE) schemes, such as TFHE, esp…
▽ More
Fully Homomorphic Encryption (FHE) allows for the execution of computations on encrypted data without the need to decrypt it first, offering significant potential for privacy-preserving computational operations. Emerging arithmetic-based FHE schemes (ar-FHE), like BGV, demonstrate even better performance in word-wise comparison operations over non-arithmetic FHE (na-FHE) schemes, such as TFHE, especially for basic tasks like comparing values, finding maximums, and minimums. This shows the universality of ar-FHE in effectively handling both arithmetic and non-arithmetic operations without the expensive conversion between arithmetic and non-arithmetic FHEs. We refer to universal arithmetic Fully Homomorphic Encryption as uFHE. The arithmetic operations in uFHE remain consistent with those in the original arithmetic FHE, which have seen significant acceleration. However, its non-arithmetic comparison operations differ, are slow, and have not been as thoroughly studied or accelerated. In this paper, we introduce BoostCom, a scheme designed to speed up word-wise comparison operations, enhancing the efficiency of uFHE systems. BoostCom involves a multi-prong optimizations including infrastructure acceleration (Multi-level heterogeneous parallelization and GPU-related improvements), and algorithm-aware optimizations (slot compaction, non-blocking comparison semantic). Together, BoostCom achieves an end-to-end performance improvement of more than an order of magnitude (11.1x faster) compared to the state-of-the-art CPU-based uFHE systems, across various FHE parameters and tasks.
△ Less
Submitted 9 July, 2024;
originally announced July 2024.
-
Jailbreaking LLMs with Arabic Transliteration and Arabizi
Authors:
Mansour Al Ghanim,
Saleh Almohaimeed,
Mengxin Zheng,
Yan Solihin,
Qian Lou
Abstract:
This study identifies the potential vulnerabilities of Large Language Models (LLMs) to 'jailbreak' attacks, specifically focusing on the Arabic language and its various forms. While most research has concentrated on English-based prompt manipulation, our investigation broadens the scope to investigate the Arabic language. We initially tested the AdvBench benchmark in Standardized Arabic, finding t…
▽ More
This study identifies the potential vulnerabilities of Large Language Models (LLMs) to 'jailbreak' attacks, specifically focusing on the Arabic language and its various forms. While most research has concentrated on English-based prompt manipulation, our investigation broadens the scope to investigate the Arabic language. We initially tested the AdvBench benchmark in Standardized Arabic, finding that even with prompt manipulation techniques like prefix injection, it was insufficient to provoke LLMs into generating unsafe content. However, when using Arabic transliteration and chatspeak (or arabizi), we found that unsafe content could be produced on platforms like OpenAI GPT-4 and Anthropic Claude 3 Sonnet. Our findings suggest that using Arabic and its various forms could expose information that might remain hidden, potentially increasing the risk of jailbreak attacks. We hypothesize that this exposure could be due to the model's learned connection to specific words, highlighting the need for more comprehensive safety training across all language forms.
△ Less
Submitted 26 June, 2024;
originally announced June 2024.
-
Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks
Authors:
Mnassar Alyami,
Abdulmajeed Alghamdi,
Mohammed Alkhowaiter,
Cliff Zou,
Yan Solihin
Abstract:
Despite encryption, the packet size is still visible, enabling observers to infer private information in the Internet of Things (IoT) environment (e.g., IoT device identification). Packet padding obfuscates packet-length characteristics with a high data overhead because it relies on adding noise to the data. This paper proposes a more data-efficient approach that randomizes packet sizes without ad…
▽ More
Despite encryption, the packet size is still visible, enabling observers to infer private information in the Internet of Things (IoT) environment (e.g., IoT device identification). Packet padding obfuscates packet-length characteristics with a high data overhead because it relies on adding noise to the data. This paper proposes a more data-efficient approach that randomizes packet sizes without adding noise. We achieve this by splitting large TCP segments into random-sized chunks; hence, the packet length distribution is obfuscated without adding noise data. Our client-server implementation using TCP sockets demonstrates the feasibility of our approach at the application level. We realize our packet size control by adjusting two local socket-programming parameters. First, we enable the TCP_NODELAY option to send out each packet with our specified length. Second, we downsize the sending buffer to prevent the sender from pushing out more data than can be received, which could disable our control of the packet sizes. We simulate our defense on a network trace of four IoT devices and show a reduction in device classification accuracy from 98% to 63%, close to random guessing. Meanwhile, the real-world data transmission experiments show that the added latency is reasonable, less than 21%, while the added packet header overhead is only about 5%.
△ Less
Submitted 11 September, 2023;
originally announced September 2023.
-
vFHE: Verifiable Fully Homomorphic Encryption with Blind Hash
Authors:
Qian Lou,
Muhammad Santriaji,
Ardhi Wiratama Baskara Yudha,
Jiaqi Xue,
Yan Solihin
Abstract:
Fully homomorphic encryption (FHE) is a powerful encryption technique that allows for computation to be performed on ciphertext without the need for decryption. FHE will thus enable privacy-preserving computation and a wide range of applications, such as secure cloud computing on sensitive medical and financial data, secure machine learning, etc. Prior research in FHE has largely concentrated on i…
▽ More
Fully homomorphic encryption (FHE) is a powerful encryption technique that allows for computation to be performed on ciphertext without the need for decryption. FHE will thus enable privacy-preserving computation and a wide range of applications, such as secure cloud computing on sensitive medical and financial data, secure machine learning, etc. Prior research in FHE has largely concentrated on improving its speed, and great stride has been made. However, there has been a scarcity of research on addressing a major challenge of FHE computation: client-side data owners cannot verify the integrity of the calculations performed by the service and computation providers, hence cannot be assured of the correctness of computation results. This is particularly concerning when the service or computation provider may act in an untrustworthy, unreliable, or malicious manner and tampers the computational results. Prior work on ensuring FHE computational integrity has been non-universal or incurring too much overhead. We propose vFHE to add computational integrity to FHE without losing universality and without incurring high performance overheads.
△ Less
Submitted 15 March, 2023;
originally announced March 2023.
-
Group-wise Reinforcement Feature Generation for Optimal and Explainable Representation Space Reconstruction
Authors:
Dongjie Wang,
Yanjie Fu,
Kunpeng Liu,
Xiaolin Li,
Yan Solihin
Abstract:
Representation (feature) space is an environment where data points are vectorized, distances are computed, patterns are characterized, and geometric structures are embedded. Extracting a good representation space is critical to address the curse of dimensionality, improve model generalization, overcome data sparsity, and increase the availability of classic models. Existing literature, such as fea…
▽ More
Representation (feature) space is an environment where data points are vectorized, distances are computed, patterns are characterized, and geometric structures are embedded. Extracting a good representation space is critical to address the curse of dimensionality, improve model generalization, overcome data sparsity, and increase the availability of classic models. Existing literature, such as feature engineering and representation learning, is limited in achieving full automation (e.g., over heavy reliance on intensive labor and empirical experiences), explainable explicitness (e.g., traceable reconstruction process and explainable new features), and flexible optimal (e.g., optimal feature space reconstruction is not embedded into downstream tasks). Can we simultaneously address the automation, explicitness, and optimal challenges in representation space reconstruction for a machine learning task? To answer this question, we propose a group-wise reinforcement generation perspective. We reformulate representation space reconstruction into an interactive process of nested feature generation and selection, where feature generation is to generate new meaningful and explicit features, and feature selection is to eliminate redundant features to control feature sizes. We develop a cascading reinforcement learning method that leverages three cascading Markov Decision Processes to learn optimal generation policies to automate the selection of features and operations and the feature crossing. We design a group-wise generation strategy to cross a feature group, an operation, and another feature group to generate new features and find the strategy that can enhance exploration efficiency and augment reward signals of cascading agents. Finally, we present extensive experiments to demonstrate the effectiveness, efficiency, traceability, and explicitness of our system.
△ Less
Submitted 28 May, 2022;
originally announced May 2022.
-
Persistent Memory Objects: Fast and Easy Crash Consistency for Persistent Memory
Authors:
Derrick Greenspan,
Naveed Ul Mustafa,
Zoran Kolega,
Mark Heinrich,
Yan Solihin
Abstract:
DIMM-compatible persistent memory unites memory and storage. Prior works utilize persistent memory either by combining the filesystem with direct access on memory mapped files or by managing it as a collection of objects while abolishing the POSIX abstraction. In contrast, we propose retaining the POSIX abstraction and extending it to provide support for persistent memory, using Persistent Memory…
▽ More
DIMM-compatible persistent memory unites memory and storage. Prior works utilize persistent memory either by combining the filesystem with direct access on memory mapped files or by managing it as a collection of objects while abolishing the POSIX abstraction. In contrast, we propose retaining the POSIX abstraction and extending it to provide support for persistent memory, using Persistent Memory Objects (PMOs). In this work, we design and implement PMOs, a crash-consistent abstraction for managing persistent memory. We introduce psync, a single system call, that a programmer can use to specify crash consistency points in their code, without needing to orchestrate durability explicitly. When rendering data crash consistent, our design incurs a overhead of $\approx 25\%$ and $\approx 21\%$ for parallel workloads and FileBench, respectively, compared to a system without crash consistency. Compared to NOVA-Fortis, our design provides a speedup of $\approx 1.67\times$ and $\approx 3\times$ for the two set of benchmarks, respectively.
△ Less
Submitted 7 April, 2022;
originally announced April 2022.
-
MILR: Mathematically Induced Layer Recovery for Plaintext Space Error Correction of CNNs
Authors:
Jonathan Ponader,
Sandip Kundu,
Yan Solihin
Abstract:
The increased use of Convolutional Neural Networks (CNN) in mission critical systems has increased the need for robust and resilient networks in the face of both naturally occurring faults as well as security attacks. The lack of robustness and resiliency can lead to unreliable inference results. Current methods that address CNN robustness require hardware modification, network modification, or ne…
▽ More
The increased use of Convolutional Neural Networks (CNN) in mission critical systems has increased the need for robust and resilient networks in the face of both naturally occurring faults as well as security attacks. The lack of robustness and resiliency can lead to unreliable inference results. Current methods that address CNN robustness require hardware modification, network modification, or network duplication. This paper proposes MILR a software based CNN error detection and error correction system that enables self-healing of the network from single and multi bit errors. The self-healing capabilities are based on mathematical relationships between the inputs,outputs, and parameters(weights) of a layers, exploiting these relationships allow the recovery of erroneous parameters (weights) throughout a layer and the network. MILR is suitable for plaintext-space error correction (PSEC) given its ability to correct whole-weight and even whole-layer errors in CNNs.
△ Less
Submitted 27 October, 2020;
originally announced October 2020.
-
SeMPE: Secure Multi Path Execution Architecture for Removing Conditional Branch Side Channels
Authors:
Andrea Mondelli,
Paul Gazzillo,
Yan Solihin
Abstract:
One of the most prevalent source of side channel vulnerabilities is the secret-dependent behavior of conditional branches (SDBCB). The state-of-the-art solution relies on Constant-Time Expressions, which require high programming effort and incur high performance overheads. In this paper, we propose SeMPE, an approach that relies on architecture support to eliminate SDBCB without requiring much pro…
▽ More
One of the most prevalent source of side channel vulnerabilities is the secret-dependent behavior of conditional branches (SDBCB). The state-of-the-art solution relies on Constant-Time Expressions, which require high programming effort and incur high performance overheads. In this paper, we propose SeMPE, an approach that relies on architecture support to eliminate SDBCB without requiring much programming effort while incurring low performance overheads. The key idea is that when a secret-dependent branch is encountered, the SeMPE microarchitecture fetches, executes, and commits both paths of the branch, preventing the adversary from inferring secret values from the branching behavior of the program. To enable that, SeMPE relies on an architecture that is capable of safely executing both branch paths sequentially. Through microbenchmarks and an evaluation of a real-world library, we show that SeMPE incurs near ideal execution time overheads, which is the sum of the execution time of all branch paths of secret-dependent branches. SeMPE outperforms code generated by FaCT, a constant-time expression language, by up to a factor of 18x.
△ Less
Submitted 29 July, 2020; v1 submitted 29 June, 2020;
originally announced June 2020.
-
Streamlining Integrity Tree Updates for Secure Persistent Non-Volatile Memory
Authors:
Alexander Freij,
Shougang Yuan,
Huiyang Zhou,
Yan Solihin
Abstract:
Emerging non-volatile main memory (NVMM) is rapidly being integrated into computer systems. However, NVMM is vulnerable to potential data remanence and replay attacks.
Established security models including split counter mode encryption and Bonsai Merkle tree (BMT) authentication have been introduced against such data integrity attacks. However, these security methods are not readily compatible w…
▽ More
Emerging non-volatile main memory (NVMM) is rapidly being integrated into computer systems. However, NVMM is vulnerable to potential data remanence and replay attacks.
Established security models including split counter mode encryption and Bonsai Merkle tree (BMT) authentication have been introduced against such data integrity attacks. However, these security methods are not readily compatible with NVMM. Recent works on secure NVMM pointed out the need for data and its metadata, including the counter, the message authentication code (MAC), and the BMT to be persisted atomically. However, memory persistency models have been overlooked for secure NVMM, which is essential for crash recoverability.
In this work, we analyze the invariants that need to be ensured in order to support crash recovery for secure NVMM. We highlight that prior research has substantially under-estimated the cost of BMT persistence and propose several optimization techniques to reduce the overhead of atomically persisting updates to BMTs. The optimizations proposed explore the use of pipelining, out-of-order writes, and update coalescing while conforming to strict or epoch persistency models respectively. We evaluate our work and show that our proposed optimizations significantly reduce the performance overhead of secure NVMM with crash recoverability.
△ Less
Submitted 10 March, 2020;
originally announced March 2020.
-
Exploring Memory Persistency Models for GPUs
Authors:
Zhen Lin,
Mohammad Alshboul,
Yan Solihin,
Huiyang Zhou
Abstract:
Given its high integration density, high speed, byte addressability, and low standby power, non-volatile or persistent memory is expected to supplement/replace DRAM as main memory. Through persistency programming models (which define durability ordering of stores) and durable transaction constructs, the programmer can provide recoverable data structure (RDS) which allows programs to recover to a c…
▽ More
Given its high integration density, high speed, byte addressability, and low standby power, non-volatile or persistent memory is expected to supplement/replace DRAM as main memory. Through persistency programming models (which define durability ordering of stores) and durable transaction constructs, the programmer can provide recoverable data structure (RDS) which allows programs to recover to a consistent state after a failure. While persistency models have been well studied for CPUs, they have been neglected for graphics processing units (GPUs). Considering the importance of GPUs as a dominant accelerator for high performance computing, we investigate persistency models for GPUs.
GPU applications exhibit substantial differences with CPUs applications, hence in this paper we adapt, re-architect, and optimize CPU persistency models for GPUs. We design a pragma-based compiler scheme to express persistency models for GPUs. We identify that the thread hierarchy in GPUs offers intuitive scopes to form epochs and durable transactions. We find that undo logging produces significant performance overheads. We propose to use idempotency analysis to reduce both logging frequency and the size of logs. Through both real-system and simulation evaluations, we show low overheads of our proposed architecture support.
△ Less
Submitted 24 April, 2019;
originally announced April 2019.