TY - GEN
T1 - SecNDP
T2 - 28th Annual IEEE International Symposium on High-Performance Computer Architecture, HPCA 2022
AU - Xiong, Wenjie
AU - Ke, Liu
AU - Jankov, Dimitrije
AU - Kounavis, Michael
AU - Wang, Xiaochen
AU - Northup, Eric
AU - Yang, Jie Amy
AU - Acun, Bilge
AU - Wu, Carole Jean
AU - Tang, Ping Tak Peter
AU - Edward Suh, G.
AU - Zhang, Xuan
AU - Lee, Hsien Hsin S.
N1 - Funding Information:
The authors would like to thank Muhammad Umar, Henry Wang, Shankaran Gnanashanmugam, Jihang Li, Yuchen Hao, and Haixin Liu for their help in evaluating recommendation system in Intel SGX, and thank Brian Knott, Hao Chen, Chuan Guo for their suggestions. The authors would also like to thank the anonymous reviewers for their insightful comments and suggestions. Liu Ke and Xuan Zhang were partially supported by NSF CCF-1942900.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Today's data-intensive applications increasingly suffer from significant performance bottlenecks due to the limited memory bandwidth of the classical von Neumann architecture. Near-Data Processing (NDP) has been proposed to perform computation near memory or data storage to reduce data movement for improving performance and energy consumption. However, the untrusted NDP processing units (PUs) bring in new threats to workloads that are private and sensitive, such as private database queries and private machine learning inferences. Meanwhile, most existing secure hardware designs do not consider off-chip components trustworthy. Once data leaving the processor, they must be protected, e.g., via block cipher encryption. Unfortunately, current encryption schemes do not support computation over encrypted data stored in memory or storage, hindering the adoption of NDP techniques for sensitive workloads.In this paper, we propose SecNDP, a lightweight encryption and verification scheme for untrusted NDP devices to perform computation over ciphertext and verify the correctness of linear operations. Our encryption scheme leverages arithmetic secret sharing in secure Multi-Party Computation (MPC) to support operations over ciphertext, and uses counter-mode encryption to reduce the decryption latency. The security of the encryption and verification algorithm is formally proven. Compared with a non-NDP baseline, secure computation with SecNDP significantly reduces the memory bandwidth usage while providing security guarantees. We evaluate SecNDP for two workloads of distinct memory access patterns. In the setting of eight NDP units, we show a speedup up to 7.46× and energy savings of 18% over an unprotected non-NDP baseline, approaching the performance gain attained by native NDP without protection. Furthermore, SecNDP does not require any security assumption on NDP to hold, thus, using the same threat model as existing secure processors. SecNDP can be implemented without changing the NDP protocols and their inherent hardware design.
AB - Today's data-intensive applications increasingly suffer from significant performance bottlenecks due to the limited memory bandwidth of the classical von Neumann architecture. Near-Data Processing (NDP) has been proposed to perform computation near memory or data storage to reduce data movement for improving performance and energy consumption. However, the untrusted NDP processing units (PUs) bring in new threats to workloads that are private and sensitive, such as private database queries and private machine learning inferences. Meanwhile, most existing secure hardware designs do not consider off-chip components trustworthy. Once data leaving the processor, they must be protected, e.g., via block cipher encryption. Unfortunately, current encryption schemes do not support computation over encrypted data stored in memory or storage, hindering the adoption of NDP techniques for sensitive workloads.In this paper, we propose SecNDP, a lightweight encryption and verification scheme for untrusted NDP devices to perform computation over ciphertext and verify the correctness of linear operations. Our encryption scheme leverages arithmetic secret sharing in secure Multi-Party Computation (MPC) to support operations over ciphertext, and uses counter-mode encryption to reduce the decryption latency. The security of the encryption and verification algorithm is formally proven. Compared with a non-NDP baseline, secure computation with SecNDP significantly reduces the memory bandwidth usage while providing security guarantees. We evaluate SecNDP for two workloads of distinct memory access patterns. In the setting of eight NDP units, we show a speedup up to 7.46× and energy savings of 18% over an unprotected non-NDP baseline, approaching the performance gain attained by native NDP without protection. Furthermore, SecNDP does not require any security assumption on NDP to hold, thus, using the same threat model as existing secure processors. SecNDP can be implemented without changing the NDP protocols and their inherent hardware design.
KW - Cryptography
KW - Near-Data Processing
KW - Privacy-Preserving Machine Learning
KW - Security and Privacy
UR - http://www.scopus.com/inward/record.url?scp=85130760150&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85130760150&partnerID=8YFLogxK
U2 - 10.1109/HPCA53966.2022.00026
DO - 10.1109/HPCA53966.2022.00026
M3 - Conference contribution
AN - SCOPUS:85130760150
T3 - Proceedings - International Symposium on High-Performance Computer Architecture
SP - 244
EP - 258
BT - Proceedings - 2022 IEEE International Symposium on High-Performance Computer Architecture, HPCA 2022
PB - IEEE Computer Society
Y2 - 2 April 2022 through 6 April 2022
ER -