Fujitsu Laboratories of America Announces New Hardware-based Technology for Secure External Deployment of Machine Learning and Big Data Analytics
Acts as counter-measure to insider threat and side channel attacks on trusted execution environments
Fujitsu Laboratories of America Inc.,Fujitsu Laboratories of America, Inc.
Modern machine learning and big data analytics systems ingest huge amounts of personal, sensitive data, such as financial, health and IoT data, to produce valuable insight and business intelligence. However, recent data breaches have eroded confidence in outsourcing data to cloud providers. Additionally, data privacy laws require rigorous confidentiality guarantees for such data. The new technology enables analysis of the data while maintaining data confidentiality even at runtime by leveraging TEEs that are available in several commodity hardware systems. The novel technology also protects side-channel attacks based on memory access patterns. This ensures a cloud service running our solution does not have to be trusted to guarantee security. This is especially important as some side channel attacks, such as Spectre, Meltdown, Foreshadow, and Nemesis have resulted in significant threats to security.
“Recent high profile security breaches in the industry have necessitated the need for novel new approaches to secure hardware systems from security attacks”, said Kiyoshi Sakai, CEO of Fujitsu Laboratories of America. “Our new technology provides a level of assurance to our customers that their confidential data will be protected even if it is exported to third-party cloud providers”.
A TEE is a secure area of a main processor. In particular, a TEE attempts to simulate a ‘black box’ environment: users (even with physical access) of the main processor may only see the inputs to and outputs from the TEE, and learn nothing about the data or processes inside the TEE. This ‘black box’ premise potentially allows for private, secure distributed or cloud-based computations on data that previously were only known to be possible from very heavyweight, impractical cryptography. We leverage TEE platforms to perform computations on encrypted data, without exposing plaintext to the hosting cloud.
Unfortunately, there are many ways a potential adversary can learn about computations in the TEE–even if the TEE is ‘perfectly’ secure, as long as it has finite computational power, memory, and connections to other outside systems, there are ways for an adversary to gain knowledge about secret information. In the case of big data analytics, the TEE often does not have enough internal memory to store all of the data needed for a particular computation. In this case, it must store (encrypted) data in outside locations, including regular memory or hard disks. When this happens, an adversary can observe the memory access patterns of the program running inside the TEE and also potentially learn secret information. We give a medical research on patient data deployment example in Figure 1. In the figure, an adversary in the cloud first learns the location of data corresponding to individual users. Subsequently, when a cancer detection algorithm is being run on the data, by observing the memory location access order it can learn specific information about which patients have been diagnosed with cancer. This is in spite of not having access to the actual results of the algorithm execution.
Memory Oblivious Hash Tables
Hash tables are one of the most used data structures with numerous applications in machine learning and big data analytics. Fujitsu Laboratories has developed a technology which enables a central server to merge several hash tables in a TEE without compromising the privacy of individual tables. Individual tables are communicated to the server securely by leveraging TEEs on both sides and then merged using our technology. If this merging process is executed without caring about memory access visibility, then an attacker in the cloud can still infer confidential information about individuals, even though computations take place in a TEE and the data is kept encrypted outside TEEs. The solution provides strong privacy guarantee to an honest client even when all other clients and the server are malicious. In terms of efficiency, the solution is comparable to non-memory oblivious TEE based solutions.
Fujitsu exhibited a part of this technology at the IDASH Privacy and Security Workshop 2018, winning 3rd prize in a contest. This workshop  was conceived as many health research institutes are considering cloud computing services as a cost-effective alternative to scale up research. Privacy and security are major concerns for them when deploying cloud-based data analysis tools. The goal of the contest was to evaluate the performance of state-of-the-art methods that ensure rigorous data confidentiality during data analyses in a cloud environment. An academic paper has also been published and presented at the International Workshop on Data Privacy Management (DPM) 2018 .
|Figure 1. Deployment example: Memory side-channel attack on medical data for research. Our technology is a counter-measure for such attacks.
| IDASH competition: http://www.humangenomeprivacy.org/2018/about.html
| “Data Oblivious Genome Variants Search on Intel SGX”, by Avradip Mandal, John C. Mitchell, Hart Montgomery and Arnab Roy, in Proceedings of DPM 2018 and to be additionally presented at Genopri 2018. Public version: https://eprint.iacr.org/2018/732
Fujitsu is the leading Japanese information and communication technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 140,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.1 trillion yen (US $39 billion) for the fiscal year ended March 31, 2018. For more information, please see www.fujitsu.com.
About Fujitsu Laboratories of America
Fujitsu Laboratories of America, Inc. (FLA) is a wholly owned subsidiary of Fujitsu Laboratories Ltd. (Japan), focusing on research in AI, networking technologies, API management, and software development and solutions for several industries. Conducting research in an open environment, FLA contributes to the global research community and the IT industry. FLA is headquartered in Sunnyvale, CA. For more information, please see: www.fujitsu.com/us/about/businesspolicy/tech/rd/
Fujitsu, the Fujitsu logo and “shaping tomorrow with you” are trademarks or registered trademarks of Fujitsu Limited in the United States and other countries. Other company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.
Date: October 09, 2018
City: Santa Clara, CA
Fujitsu Laboratories of America, Inc.