Addressing Challenges in Utilizing GPUs for Accelerating Privacy-Preserving Computation

Yudha, Ardhi Wiratama Baskara

01 January 2024

Cloud computing increasingly handles confidential data, like private inference and query databases. Two strategies are used for secure computation: (1) employing CPU Trusted Execution Environments (TEEs) like AMD SEV, Intel SGX, or ARM TrustZone, and (2) utilizing emerging cryptographic methods like Fully Homomorphic Encryption (FHE) with libraries such as HElib, Microsoft SEAL, and PALISADE. To enhance computation, GPUs are often employed. However, using GPUs to accelerate secure computation introduces challenges addressed in three works. In the first work, we tackle GPU acceleration for secure computation with CPU TEEs. While TEEs perform computations on confidential data, extending their capabilities to GPUs is essential for leveraging their power. Existing approaches assume co-designed CPU-GPU setups, but we contend that co-designing CPU and GPU is difficult to achieve and requires early coordination between CPU and GPU manufacturers. To address this, we propose software-based memory encryption for CPU-GPU TEE co-design via the software layer. Yet, this introduces issues due to AES's 128-bit granularity. We present optimizations to mitigate these problems, resulting in execution time overheads of 1.1\% and 56\% for regular and irregular applications. In the second work, we focus on GPU acceleration for the CPU FHE library HElib, particularly for comparison operations on encrypted data. These operations are vital in Machine Learning, Image Processing, and Private Database Queries, yet their acceleration is often overlooked. We extend HElib to harness GPU acceleration for its resource-intensive components like BluesteinNTT, BluesteinFFT, and Element-wise Operations. Addressing memory separation, dynamic allocation, and parallelization challenges, we employ several optimizations to address these challenges. With all optimizations and hybrid CPU-GPU parallelism, we achieve a 11.1$\times$ average speedup over the state-of-the-art CPU FHE library. In our latest work, we concentrate on minimizing the ciphertext size by leveraging insights from algorithms, data access patterns, and application requirements to reduce the operational footprint of an FHE application, particularly targeting Neural Network inference tasks. Through the implementation of all three levels of ciphertext compression (precision reduction in comparisons, optimization of access patterns, and adjustments in data layout), we achieve a remarkable 5.6$\times$ speedup compared to the state-of-the-art GPU implementation in 100x\cite{100x}. Overcoming these challenges is crucial for achieving significant GPU-driven performance improvements. This dissertation provides solutions to these hurdles, aiming to facilitate GPU-based acceleration of confidential data computation.

GPU

Security

TEE

Homomorphic Encryption

Enclave

Encryption

Computer and Systems Architecture

A NEW TYPE OF SOFTWARE ORIENTED SECURE SYSTEM FOR WIRELESS COMMUNICATION

Wu, Hao, Zheng, Zhiping, Zhang, Naitong

10 1900

International Telemetering Conference Proceedings / October 25-28, 1999 / Riviera Hotel and Convention Center, Las Vegas, Nevada / Wireless information transmission is easy to be suffered from various threats in an open environment. In this paper, we proposed a new type of software oriented secure system for direct wireless information transmission. We first present the special functions and requirements, which have to be satisfied during introducing the secure system. Then, we divide the secure system into three stages: normal operating stage, key presetting stage, and key replanting stage. The security, reliability and the computing complexity of this system are analyzed in this paper. Finally, we carried out this secure system by software and proved the availability.

Wireless communication

encryption

software implement

Design and implementation of the crypto-assistant: an eclipse plugin for usable password-based column level encryption based on hiberate and jasypt

Garcia, Ricardo Rodriguez

01 March 2013

The lack of encryption of data at rest or in motion is one of the top 10 database vulnerabilities according to team SHATTER [72]. In the quest to improve the security landscape, we identify an opportunity area: two tools Hibernate and Jasypt that work together to provide password-based database encryption. The goal is to encourage developers to think about security and incorporate security related tasks early in the development process through the improvement of their programming system or integrated development environment (IDE). To this end, we modified the Hibernate Tools plugin for the popular Eclipse IDE, to integrate it with Hibernate and Jasypt with the purpose of mitigating the impact of the lack of security knowledge and training. We call this prototype the Crypto-Assistant. We designed an experiment to simulate a situation where the developers had to deal with time constraints, functional requirements, and lack of familiarity with the technology and the code they are modifying. We provide a report on the observations drawn from this preliminary evaluation. We anticipate that, in the near future, the prototype will be released to the public domain and encourage IDE developers to create more tools like Crypto-Assistant to help developers create more secure applications. / UOIT

Security

Usability

Software

Tool

Encryption

A survey on Traitor Tracing Schemes

Chen, Jason

January 2000

When intellectual properties are distributed over a broadcast network, the content is usually encrypted in a way such that only authorized users who have a certain set of keys, can decrypt the content. Some authorized users may be willing to disclose their keys in constructing a pirate decoder which allows illegitimate users to access the content. It is desirable to determine the source of the keys in a pirate decoder, once one is captured. Traitor tracing schemes were introduced to help solve this problem. A traitor tracing scheme usually consists of: a scheme to generate and distribute each user's personal key, a cryptosystem used to protect session keys that are used to encrypt/decrypt the actual content, and a tracing algorithm to determine one source of the keys in a pirate decoder. In this thesis, we survey the traitor tracing schemes that have been suggested. We group the schemes into two groups: <i>symmetric</i> in which the session key is encrypted and decrypted using the same key and <i>asymmetric</i> schemes in which the session key is encrypted and decrypted using different keys. We also explore the possibility of a truly public scheme in which the data supplier knows the encryption keys only. A uniform analysisis presented on the efficiency of these schemes using a set of performance parameters.

Mathematics

crytography

encryption

broadcasting

tracing

A survey on Traitor Tracing Schemes

Chen, Jason

January 2000

When intellectual properties are distributed over a broadcast network, the content is usually encrypted in a way such that only authorized users who have a certain set of keys, can decrypt the content. Some authorized users may be willing to disclose their keys in constructing a pirate decoder which allows illegitimate users to access the content. It is desirable to determine the source of the keys in a pirate decoder, once one is captured. Traitor tracing schemes were introduced to help solve this problem. A traitor tracing scheme usually consists of: a scheme to generate and distribute each user's personal key, a cryptosystem used to protect session keys that are used to encrypt/decrypt the actual content, and a tracing algorithm to determine one source of the keys in a pirate decoder. In this thesis, we survey the traitor tracing schemes that have been suggested. We group the schemes into two groups: <i>symmetric</i> in which the session key is encrypted and decrypted using the same key and <i>asymmetric</i> schemes in which the session key is encrypted and decrypted using different keys. We also explore the possibility of a truly public scheme in which the data supplier knows the encryption keys only. A uniform analysisis presented on the efficiency of these schemes using a set of performance parameters.

Mathematics

crytography

encryption

broadcasting

tracing

Design and Implementation of the Security Mechanism for Electronic Documents

Lin, Yi-Cheng

10 September 2007

Information security has been becoming important. Not only play an important role in electronic commerce, but it is essential for communication of information at work or basic data transmission. It has been developed nearly ten years since the W3C announced the standard for XML which make up for HTML defects on data process. And cross-platform property is why it become the file layout standard that is used by variety platform of network to storage and exchange data. Furthermore, the W3C propose the XML Digital Signature and XML Encryption to enhance the security of XML. This study shows how to transform the traditional word format into XML format and apply it to network. Now, we implement a security transmission system of electronic documents from Java in support of Cryptography security and XML. Besides, we also adopt the typing biometrics features as identity authentication mechanisms to increase our system's reliability.

XML

XML Signature

XML Encryption

A distributed password scheme for network operating systems /

Roth, Christopher.

January 2002

Thesis (M.S.)--Naval Postgraduate School, 2002. / Thesis advisor(s): James B. Michael, Craig Rasmussen. Includes bibliographical references (p. 47-48). Also available online.

Cloud computing : security risk analysis and recommendations / Security risk analysis and recommendations

Sachdeva, Kapil

08 February 2012

Cloud computing is here to stay and is the natural progression in the evolution of our computing and collaboration needs. The easy availability of computing infrastructures is motivating a new breed of entrepreneurs to realize their ideas and deliver innovations to masses. These innovations, however, have some serious security weaknesses. If not taken into account, these weaknesses could prove fatal for an organization’s reputation and existence. This thesis explains the potential risks associated with various types of cloud computing technologies and recommends methods to mitigate them. / text

Cloud computing

Security

Risks

Encryption

High Speed Vlsi Implementation Of The Rijndael Encryption Algorithm

Sever, Refik

01 January 2003

This thesis study presents a high speed VLSI implementation of the Rijndael Encryption Algorithm, which is selected to be the new Advanced Encryption Standard (AES) Algorithm. Both the encryption and the decryption algorithms of Rijndael are implemented as a single ASIC. Although data size is fixed to 128 bits in the AES, our implementation supports all the data sizes of the original Rijndael Algorithm. The core is optimised for both area and speed. Using 149K gates in a 0.35-&micro / m standard CMOS process, 132 MHz worst-case clock speed is achieved yielding 2.41 Gbit/s non-pipelined throughput in both encryption and decryption. iii The design has a latency of 30 clock periods for key expansion that takes 228 ns for this implementation. A single encryption or decryption of a data block requires at most 44 clock periods. The area of the chip is 12.8 mm2 including the pads. 0.35-&micro / m Standard Cell Libraries of the AMI Semiconductor Company are used in the implementation. The literature survey revealed that this implementation is the fastest published non-pipelined implementation for both encryption and decryption algorithms.

Side channel attack resistant elliptic curves cryptosystem on multi-cores for power efficiency /

Yoo, Jaewon.

January 1900

Thesis (M.S.)--Oregon State University, 2009. / Printout. Includes bibliographical references (leaves 73-76). Also available on the World Wide Web.