1. bookVolume 2020 (2020): Issue 1 (January 2020)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Computation on Encrypted Data using Dataflow Authentication

Published Online: 07 Jan 2020
Page range: 5 - 25
Received: 31 May 2019
Accepted: 16 Sep 2019
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

Encrypting data before sending it to the cloud protects it against attackers, but requires the cloud to compute on encrypted data. Trusted modules, such as SGX enclaves, promise to provide a secure environment in which data can be decrypted and then processed. However, vulnerabilities in the executed program, which becomes part of the trusted code base (TCB), give attackers ample opportunity to execute arbitrary code inside the enclave. This code can modify the dataflow of the program and leak secrets via SGX side-channels. Since any larger code base is rife with vulnerabilities, it is not a good idea to outsource entire programs to SGX enclaves. A secure alternative relying solely on cryptography would be fully homomorphic encryption. However, due to its high computational complexity it is unlikely to be adopted in the near future. Researchers have made several proposals for transforming programs to perform encrypted computations on less powerful encryption schemes. Yet current approaches do not support programs making control-flow decisions based on encrypted data.

Keywords

[1] Ittai Anati, Shay Gueron, Simon P. Johnson, and Vincent R. Scarlata. Innovative Technology for CPU Based Attestation and Sealing. In Workshop on Hardware and Architectural Support for Security and Privacy, HASP, 2013.Search in Google Scholar

[2] Matthew Hoekstra, Reshma Lal, Pradeep Pappachan, Vinay Phegade, and Juan Del Cuvillo. Using Innovative Instructions to Create Trustworthy Software Solutions. In Workshop on Hardware and Architectural Support for Security and Privacy, HASP, 2013.Search in Google Scholar

[3] Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. Innovative Instructions and Software Model for Isolated Execution. In Workshop on Hardware and Architectural Support for Security and Privacy, HASP, 2013.Search in Google Scholar

[4] Jaehyuk Lee, Jinsoo Jang, Yeongjin Jang, Nohyun Kwak, Yeseul Choi, Chongho Choi, Taesoo Kim, Marcus Peinado, and Brent Byunghoon Kang. Hacking in darkness: Return-oriented programming against secure enclaves. In Proceedings of the 26th USENIX Security Symposium, USENIX Security, 2017.Search in Google Scholar

[5] Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. Software grand exposure: SGX cache attacks are practical. In Proceedings of the 11th USENIX Workshop on Offensive Technologies, WOOT, 2017.Search in Google Scholar

[6] Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In Proceedings of the 26th USENIX Security Symposium, USENIX Security, 2017.Search in Google Scholar

[7] Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. Malware guard extension: Using sgx to conceal cache attacks. In Proceedings of the 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA, 2017.Search in Google Scholar

[8] Chang Liu, Austin Harris, Martin Maas, Michael W. Hicks, Mohit Tiwari, and Elaine Shi. Ghostrider: A hardware-software system for memory trace oblivious computation. In Proceedings of the 20th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS, 2015.Search in Google Scholar

[9] David Molnar, Matt Piotrowski, David Schultz, and David A. Wagner. The program counter security model: Automatic detection and removal of control-flow side channel attacks. In Information Security and Cryptology - ICISC 2005, 8th International Conference, Seoul, Korea, December 1-2, 2005, Revised Selected Papers, ICISC, 2005.Search in Google Scholar

[10] Kartik Nayak, Christopher W. Fletcher, Ling Ren, Nishanth Chandran, Satya V. Lokam, Elaine Shi, and Vipal Goyal. HOP: hardware makes obfuscation practical. In 24th Annual Network and Distributed System Security Symposium, NDSS, 2017.Search in Google Scholar

[11] Ashay Rane, Calvin Lin, and Mohit Tiwari. Raccoon: Closing digital side-channels through obfuscated execution. In Proceedings of the 24th USENIX Security Symposium, USENIX Security, 2015.Search in Google Scholar

[12] Craig Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the Symposium on Theory of Computing, STOC, 2009.Search in Google Scholar

[13] Craig Gentry, Shai Halevi, and Nigel P. Smart. Homomorphic evaluation of the AES circuit. In Proceedings of the 32nd International Conference on Advances in Cryptology, CRYPTO, 2012.Search in Google Scholar

[14] Sai Tetali, Mohsen Lesani, Rupak Majumdar, and Todd Millstein. Mrcrypt: Static analysis for secure cloud computations. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA, 2013.Search in Google Scholar

[15] Yao Dong, Ana Milanova, and Julian Dolby. Jcrypt: Towards computation over encrypted data. In Proceedings of the 13th International Conference on Principles and Practices of Programming on the Java Platform, PPPJ, 2016.Search in Google Scholar

[16] Shruti Tople, Shweta Shinde, Zhaofeng Chen, and Prateek Saxena. Autocrypt: Enabling homomorphic computation on servers to protect sensitive web content. In Proceedings of the ACM International Conference on Computer & Communications Security, CCS, 2013.Search in Google Scholar

[17] Mihir Bellare and Phillip Rogaway. Code-based game-playing proofs and the security of triple encryption. In Proceedings of the 25th International Conference on Advances in Cryptology, EUROCRYPT, 2006.Search in Google Scholar

[18] Jonathan Katz and Yehuda Lindell. Introduction to Modern Cryptography, Second Edition. Chapman & Hall/CRC, 2nd edition, 2014.Search in Google Scholar

[19] Bowen Alpern, Mark N Wegman, and F Kenneth Zadeck. Detecting equality of variables in programs. In Proceedings of the 15th ACM Symposium on Principles of Programming Languages, POPL, 1988.Search in Google Scholar

[20] Geoffrey Smith. Principles of secure information flow analysis. In Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang, editors, Malware Detection, volume 27 of Advances in Information Security, pages 291–307. Springer, 2007.Search in Google Scholar

[21] Daniel Wasserrab, Denis Lohner, and Gregor Snelting. On pdg-based noninterference and its modular proof. In Proceedings of the 2009 Workshop on Programming Languages and Analysis for Security, PLAS, 2009.Search in Google Scholar

[22] Taher Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31(4), 1985.Search in Google Scholar

[23] Yin Hu, William Martin, and Berk Sunar. Enhanced flexibility for homomorphic encryption schemes via crt. In Proceedings (Industrial Track) of the 10th International Conference on Applied Cryptography and Network Security, ACNS, 2012.Search in Google Scholar

[24] Nigel Smart. Algorithms, key size and parameters report, 2014.Search in Google Scholar

[25] Patrick Lam, Eric Bodden, Ondrej Lhotak, and Laurie Hendren. The soot framework for java program analysis: a retrospective. In Cetus Users and Compiler Infastructure Workshop, CETUS, 2011.Search in Google Scholar

[26] D. Eastlake 3rd and T. Hansen. US Secure Hash Algorithms (SHA and HMAC-SHA). RFC 4634 (Informational), 2006.Search in Google Scholar

[27] Mpir: Multiple precision integers and rationals. http://mpir.org.Search in Google Scholar

[28] The sodium crypto library (libsodium). https://download.libsodium.org/doc/.Search in Google Scholar

[29] T. Kivinen and M. Kojo. More modular exponential (modp) diffie-hellman groups for internet key exchange (ike). RFC 3526 (Proposed Standard), 2003.Search in Google Scholar

[30] Daniel J. Bernstein. Curve25519: New diffie-hellman speed records. In Public Key Cryptography - PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, NY, USA, April 24-26, 2006, Proceedings.Search in Google Scholar

[31] At&t gloabl ip network - network averages. http://ipnetwork.bgtmo.ip.att.net/pws/averages.html.Search in Google Scholar

[32] Neuroph – java neural network framework. http://neuroph.sourceforge.net.Search in Google Scholar

[33] Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin E. Lauter, Michael Naehrig, and John Wernsing. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In Proceedings of the 33rd International Conference on Machine Learning, ICML, 2016.Search in Google Scholar

[34] Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. Oblivious multi-party machine learning on trusted processors. In Proceedings of the 25th USENIX Security Symposium, USENIX Security, 2016.Search in Google Scholar

[35] Mihir Bellare and Chanathip Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. Journal of Cryptology, 21(4), 2008.Search in Google Scholar

[36] Rosario Gennaro and Daniel Wichs. Fully homomorphic message authenticators. In Proceedings of the 19th International Conference on the Advances in Cryptology, ASIACRYPT, 2013.Search in Google Scholar

[37] Chihong Joo and Aaram Yun. Homomorphic authenticated encryption secure against chosen-ciphertext attack. In Proceedings of the 20th International Conference on the Advances in Cryptology, ASIACRYPT, 2014.Search in Google Scholar

[38] Manuel Barbosa, Dario Catalano, and Dario Fiore. Labeled homomorphic encryption - scalable and privacy-preserving processing of outsourced data. In Proceedings of the 22nd European Symposium on Research in Computer Security, ESORICS, 2017.Search in Google Scholar

[39] Dan Boneh, David Freeman, Jonathan Katz, and Brent Waters. Signing a linear subspace: Signature schemes for network coding. In Proceedings of the 12th International Workshop on Public Key Cryptography, PKC, 2009.Search in Google Scholar

[40] Dario Catalano, Antonio Marcedone, and Orazio Puglisi. Authenticating computation on groups: New homomorphic primitives and applications. In Proceedings of the 20th International Conference on the Advances in Cryptology, ASIACRYPT, 2014.Search in Google Scholar

[41] Pascal Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, EUROCRYPT, 1999.Search in Google Scholar

[42] Jonathan Katz and Yehuda Lindell. Aggregate message authentication codes. In Proceedings of the Cryptographers’ Track of the RSA Conference, CT-RSA, 2008.Search in Google Scholar

[43] Hakan Hacigümüş, Bala Iyer, Chen Li, and Sharad Mehrotra. Executing sql over encrypted data in the database-service-provider model. In Proceedings of the ACM International Conference on Management of Data, SIGMOD, 2002.Search in Google Scholar

[44] Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles, SOSP, 2011.Search in Google Scholar

[45] Rosario Gennaro, Craig Gentry, and Bryan Parno. Noninteractive verifiable computing: Outsourcing computation to untrusted workers. In Proceedings of the 30th International Conference on Advances in Cryptology, CRYPTO, 2011.Search in Google Scholar

[46] Dan Boneh, Amit Sahai, and Brent Waters. Functional encryption: Definitions and challenges. In Proceedings of the 8th Theory of Cryptography Conference, TCC, 2011.Search in Google Scholar

[47] Shafi Goldwasser, Yael Tauman Kalai, Raluca A. Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich. Reusable garbled circuits and succinct functional encryption. In Proceedings of the Symposium on Theory of Computing, STOC, 2013.Search in Google Scholar

[48] Dawn Xiaoding Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In Proceedings of the 2000 Symposium on Security and Privacy, S&P, 2000.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo