270 likes | 286 Views
P2-SAS is a centralized system that provides spectrum access while preserving user privacy through computing on encrypted data and secure computation processes.
E N D
Yanzhi Dou Kexiong Zeng He Li Yaling Yang Bo Gao Chaowen Guan Kui Ren Shaoqian Li P2-SAS: Privacy-Preserving Centralized Dynamic Spectrum Access System
Background • Dynamic Spectrum Access (DSA) is acrucial solution to mitigate the spectrum scarcityproblem. Source: [Akyildiz06]
Background • One key form of DSA: Federal-Commercialspectrum sharing [PCAST12] • Realize the full potential of government-held spectrum • Spectrum Access System (SAS) [PCAST12, FCC12] • A centralized system to govern the spectrum sharing
Motivation • New challenge: Privacy • IUs’ operation information is often classified data. • SUs’ operation information may also be commercial secret. • SAS is not necessarily trust-worthy. • SAS may be operated by some commercial third partiesto enhance its efficiency and scalability. [PCAST12, FCC12] Single point of vulnerability
Question: Provide SAS Service & Preserve User’s Privacy
P2-SAS Provide SAS Service & Preserve User’s Privacy
Computing on Encrypted Data P2-SAS Provide SAS Service & Preserve User’s Privacy Securing SAS Process Tuning & Acceleration PerformanceEvaluation
Homomorphic Encryption • Homomorphic encryption is an encryption scheme that allows computation on ciphertexts. • Consists of three functions.
Homomorphic Encryption • Homomorphic encryption is an encryption scheme that allows computation on ciphertexts. • Consists of three functions.
Homomorphic Encryption Paillier Cryptosystem
Computing on Encrypted Data Securing SAS Process P2-SAS Provide SAS Service & Preserve User’s Privacy Tuning & Acceleration PerformanceEvaluation
Key Distribution IU IU IU SAS Server Key Distributor SUb SUa
Group Paillierpk: pkG P2-SAS Design Overview Group Pailliersk: skG SU a’s Paillierpk: pka SU a’s Pailliersk: ska IU SU b’s Paillierpk: pkb SU b’s Pailliersk: skb Interference Calculation IU KeyConversionService IU SAS Server Key Distributor SUb SUa
Identifying Private Input Data • Interference Calculation • Longley-Rice Model, 13 input parameters [NTIA82, FCC12] • Private Input Data
Input Data Format • IU i’s input • SU b’s input • SAS Server maintains an interference map
Disintegrating SAS Process • 1. SAS Server creates an interference budget matrix
DisintegratingSAS Process • 2. SAS Server makes spectrum allocation decision based on SU operation data . • D • d (Deny access) (Approve access) Certificate
Secure Computation of SAS Process Integer Encoding Secure Integer Comparison • 1. SAS Server creates an interference budget matrix • 2. SAS Server makes spectrum allocation decision based on SU operation data • a. • b. • Certificate Key Conversion Service Secure Integer Comparison Radio operation’s observable nature + Digital signature’s integrity property Secure Digital Signature Generation
Computing on Encrypted Data P2-SAS Provide SAS Service & Preserve User’s Privacy Disintegrating SAS Process Tuning & Acceleration PerformanceEvaluation
Tuning of Quantization Granularity • Interference underestimation • Should be strictly forbidden • Interference overestimation • Underutilization of spectrum • Undesirable yet tolerable • Tradeoff between interference overestimation error and computation overhead.
Acceleration • Factoring • Precomputing • Ciphertext Packing • Parallelization
Computing on Encrypted Data P2-SAS Provide SAS Service & Preserve User’s Privacy Disintegrating SAS Process Tuning & Acceleration PerformanceEvaluation
Evaluation 112-bit security level • Implementation • Paillier Cryptosystem, n=2048 bits • 24 threads on 3 desktops, Intel i7-3770 CPU @ 3.40GHz and 12GB RAM • Evaluation Settings • Washington D.C., 154.82 km2
Evaluation • Accuracy • Error rates of the spectrum allocation decisions • Ground truth: traditional SAS implementation • False positives and false negatives False positive rate=0 False negative rate=2.72%
Evaluation • Efficiency • Comparison with Traditional SAS implementation • Per spectrum access request • 6.96 seconds vs. 0.13 seconds • 3.97 MB vs. 6.04 KB
Formal security definition & proof • Secure computation of the tricky parts • Mitigation of inference attack • Details of acceleration methods • Future work More in the paper