Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Open access

Abstract

The ability to query and update over encrypted data is an essential feature to enable breach-resilient cyber-infrastructures. Statistical attacks on searchable encryption (SE) have demonstrated the importance of sealing information leaks in access patterns. In response to such attacks, the community has proposed the Oblivious Random Access Machine (ORAM). However, due to the logarithmic communication overhead of ORAM, the composition of ORAM and SE is known to be costly in the conventional client-server model, which poses a critical barrier toward its practical adaptations.

In this paper, we propose a novel hardware-supported privacy-enhancing platform called Practical Oblivious Search and Update Platform (POSUP), which enables oblivious keyword search and update operations on large datasets with high efficiency. We harness Intel SGX to realize efficient oblivious data structures for oblivious search/update purposes. We implemented POSUP and evaluated its performance on a Wikipedia dataset containing ≥229 keyword-file pairs. Our implementation is highly efficient, taking only 1 ms to access a 3 KB block with Circuit-ORAM. Our experiments have shown that POSUP offers up to 70× less end-to-end delay with 100× reduced network bandwidth consumption compared with the traditional ORAM-SE composition without secure hardware. POSUP is also at least 4.5× faster for up to 99.5% of keywords that can be searched compared with state-of-the-art Intel SGX-assisted search platforms.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] Always encrypted. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine/.

  • [2] Google encrypted big query. https://github.com/google/encrypted-bigquery-client/.

  • [3] A. Ahmad K. Kim M. I. Sarfaraz and B. Lee. Obliviate: A data oblivious file system for intel sgx. In Symposium on Network and Distributed System Security (NDSS) 2018.

  • [4] A. Arasu S. Blanas K. Eguro R. Kaushik D. Kossmann R. Ramamurthy and R. Venkatesan. Orthogonal security with cipherbase. In CIDR. Citeseer 2013.

  • [5] attardi. WikiExtractor. https://github.com/attardi/wikiextractor.

  • [6] M. Bellare A. Boldyreva and A. O’Neill. Deterministic and efficiently searchable encryption. In Annual International Cryptology Conference pages 535–552. Springer 2007.

  • [7] V. Bindschaedler M. Naveed X. Pan X. Wang and Y. Huang. Practicing oblivious access on cloud storage: the gap the fallacy and the new way forward. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pages 837–849. ACM 2015.

  • [8] A. Boldyreva N. Chenette Y. Lee and A. O’neill. Order-preserving symmetric encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques pages 224–241. Springer 2009.

  • [9] R. Bost B. Minaud and O. Ohrimenko. Forward and backward private searchable encryption from constrained cryptographic primitives. Technical report IACR Cryptology ePrint Archive 2017 2017.

  • [10] F. Brasser U. Müller A. Dmitrienko K. Kostiainen S. Capkun and A. Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. In Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT) Vancouver BC Canada Aug. 2017.

  • [11] J. V. Bulck N. Weichbrodt R. Kapitza F. Piessens and R. Strackx. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security 2017.

  • [12] N. Cao C. Wang M. Li K. Ren and W. Lou. Privacy-preserving multi-keyword ranked search over encrypted cloud data. IEEE Transactions on parallel and distributed systems 25(1):222–233 2014.

  • [13] D. Cash P. Grubbs J. Perry and T. Ristenpart. Leakage-abuse attacks against searchable encryption. In Proceedings of the 22nd ACM CCS pages 668–679. ACM 2015.

  • [14] D. Cash J. Jaeger S. Jarecki C. S. Jutla H. Krawczyk M.-C. Rosu and M. Steiner. Dynamic searchable encryption in very-large databases: Data structures and implementation. IACR Cryptology ePrint Archive 2014:853 2014.

  • [15] D. Cash S. Jarecki C. Jutla H. Krawczyk M.-C. Roşu and M. Steiner. Highly-scalable searchable symmetric encryption with support for boolean queries. In Advances in Cryptology–CRYPTO 2013 pages 353–373. Springer 2013.

  • [16] M. Chase and S. Kamara. Structured encryption and controlled disclosure. In Advances in Cryptology - ASIACRYPT 2010 volume 6477 of Lecture Notes in Computer Science pages 577–594 2010.

  • [17] V. Costan and S. Devadas. Intel SGX explained. Cryptology ePrint Archive Report 2016/086 2016. http://eprint.iacr.org/2016/086.pdf.

  • [18] V. Costan I. Lebedev S. Devadas et al. Secure Processors Part II: Intel SGX security analysis and MIT Sanctum Architecture. Foundations and Trends® in Electronic Design Automation 11(3):249–361 2017.

  • [19] R. Curtmola J. Garay S. Kamara and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In Proceedings of the 13th ACM CCS pages 79–88. ACM 2006.

  • [20] S. Devadas M. van Dijk C. W. Fletcher L. Ren E. Shi and D. Wichs. Onion oram: A constant bandwidth blowup oblivious ram. In Theory of Cryptography Conference pages 145–174. Springer 2016.

  • [21] S. Eskandarian and M. Zaharia. An oblivious general-purpose SQL database for the cloud. CoRR abs/1710.00458 2017.

  • [22] M. Etemad A. Küpçü C. Papamanthou and D. Evans. Efficient dynamic searchable encryption with forward privacy. Proceedings on Privacy Enhancing Technologies 2018(1):5–20 2018.

  • [23] B. Fisch D. Vinayagamurthy D. Boneh and S. Gorbunov. Iron: functional encryption using intel sgx. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security pages 765–782. ACM 2017.

  • [24] C. W. Fletcher M. v. Dijk and S. Devadas. A secure processor architecture for encrypted computation on untrusted programs. In Proceedings of the seventh ACM workshop on Scalable trusted computing pages 3–8. ACM 2012.

  • [25] B. Fuhry R. Bahmani F. Brasser F. Hahn F. Kerschbaum and A.-R. Sadeghi. Hardidx: practical and secure index with sgx. In IFIP Annual Conference on Data and Applications Security and Privacy pages 386–408. Springer 2017.

  • [26] S. Garg P. Mohassel and C. Papamanthou. Tworam: Round-optimal oblivious ram with applications to searchable encryption. IACR Cryptology ePrint Archive 2015:1010 2015.

  • [27] C. Gentry. A fully homomorphic encryption scheme. PhD thesis Stanford University 2009.

  • [28] C. Gentry K. A. Goldman S. Halevi C. Julta M. Raykova and D. Wichs. Optimizing oram and using it efficiently for secure computation. In International Symposium on Privacy Enhancing Technologies Symposium pages 1–18. Springer 2013.

  • [29] O. Goldreich. Towards a theory of software protection and simulation by oblivious rams. In Proceedings of the nineteenth annual ACM symposium on Theory of computing pages 182–194. ACM 1987.

  • [30] J. Götzfried M. Eckert S. Schinzel and T. Müller. Cache Attacks on Intel SGX. In Proceedings of the 10th European Workshop on Systems Security (EuroSec) 2017.

  • [31] P. Grubbs T. Ristenpart and V. Shmatikov. Why your encrypted database is not secure. In Proceedings of the 16th Workshop on Hot Topics in Operating Systems pages 162–168. ACM 2017.

  • [32] M. Hähnel W. Cui and M. Peinado. High-Resolution Side Channels for Untrusted Operating Systems. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC) Santa Clara CA July 2017.

  • [33] W. He D. Akhawe S. Jain E. Shi and D. Song. Shadowcrypt: Encrypted web applications for everyone. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security pages 1028–1039. ACM 2014.

  • [34] T. Hoang C. D. Ozkaptan A. A. Yavuz J. Guajardo and T. Nguyen. S3oram: A computation-efficient and constant client bandwidth blowup oram with shamir secret sharing. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security pages 491–505. ACM 2017.

  • [35] T. Hoang A. Yavuz and J. Guajardo. Practical and secure dynamic searchable encryption via oblivious access on distributed data structure. In Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC). ACM 2016.

  • [36] T. Hunt Z. Zhu Y. Xu S. Peter and E. Witchel. Ryoan: A distributed sandbox for untrusted computation on secret data. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI) Savannah GA Nov. 2016.

  • [37] Intel Corporation. Intel Software Guard Extensions Programming Reference (rev1) Sept. 2013. 329298-001US.

  • [38] Intel Corporation. Intel Software Guard Extensions Programming Reference (rev2) Oct. 2014. 329298-002US.

  • [39] Intel Corporation. Intel Software Guard Extensions SDK for Linux OS (Developer Reference) 2016. https://download.01.org/intel-sgx/linux-1.7/docs/Intel_SGX_SDK_Developer_Reference_Linux_1.7_Open_Source.pdf.

  • [40] M. S. Islam M. Kuzu and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification attack and mitigation. In NDSS volume 20 page 12 2012.

  • [41] Y. Jang. Building Trust in the User I/O in Computer Systems. Georgia Institute of Technology Aug. 2017.

  • [42] Y. Jang J. Lee S. Lee and T. Kim. SGX-Bomb: Locking Down the Processor via Rowhammer Attack. In Proceedings of the 2nd Workshop on System Software for Trusted Execution (SysTEX) Shanghai China Oct. 2017.

  • [43] S. Kamara and T. Moataz. Boolean searchable symmetric encryption with worst-case sub-linear complexity. In Annual International Conference on the Theory and Applications of Cryptographic Techniques pages 94–124. Springer 2017.

  • [44] S. Kamara C. Papamanthou and T. Roeder. Dynamic searchable symmetric encryption. In Proceedings of the 2012 ACM Conference on Computer and Communications Security pages 965–976. ACM 2012.

  • [45] K. S. Kim M. Kim D. Lee J. H. Park and W.-H. Kim. Forward secure dynamic searchable symmetric encryption with efficient updates. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security pages 1449–1463. ACM 2017.

  • [46] K. Kurosawa and Y. Ohtaki. UC-secure searchable symmetric encryption. In Financial Cryptography and Data Security (FC) volume 7397 of Lecture Notes in Computer Science pages 285–298. Springer Berlin Heidelberg 2012.

  • [47] B. Lau S. P. Chung C. Song Y. Jang W. Lee and A. Boldyreva. Mimesis aegis: A mimicry privacy shield-a system’s approach to data privacy on public cloud. In USENIX Security Symposium pages 33–48 2014.

  • [48] J. Lee J. Jang Y. Jang N. Kwak Y. Choi C. Choi T. Kim M. Peinado and B. B. Kang. Hacking in darkness: Return-oriented programming against secure enclaves. In USENIX Security pages 523–539 2017.

  • [49] S. Lee M.-W. Shih P. Gera T. Kim H. Kim and M. Peinado. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security 2017.

  • [50] C. Liu L. Zhu M. Wang and Y.-a. Tan. Search pattern leakage in searchable encryption: Attacks and new construction. Information Sciences 265:176–188 2014.

  • [51] M. Maas E. Love E. Stefanov M. Tiwari E. Shi K. Asanovic J. Kubiatowicz and D. Song. Phantom: Practical oblivious computation in a secure processor. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security pages 311–324. ACM 2013.

  • [52] P. Mishra R. Poddar J. Chen A. Chiesa and R. A. Popa. Oblix: An efficient oblivious search index. In Security and Privacy (S&P) 2018 IEEE Symposium on. IEEE 2018.

  • [53] M. Naveed. The fallacy of composition of oblivious ram and searchable encryption. In Cryptology ePrint Archive Report 2015/668 2015.

  • [54] M. Naveed S. Kamara and C. V. Wright. Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pages 644–655. ACM 2015.

  • [55] M. Naveed M. Prabhakaran and C. A. Gunter. Dynamic searchable encryption via blind storage. In Security and Privacy (S&P) 2014 IEEE Symposium on pages 639–654. IEEE 2014.

  • [56] M. E. Newman. Power laws pareto distributions and zipf’s law. Contemporary physics 46(5):323–351 2005.

  • [57] O. Ohrimenko F. Schuster C. Fournet A. Mehta S. Nowozin K. Vaswani and M. Costa. Oblivious multi-party machine learning on trusted processors. In USENIX Security Symposium pages 619–636 2016.

  • [58] A. Papadimitriou R. Bhagwan N. Chandran R. Ramjee A. Haeberlen H. Singh A. Modi and S. Badrinarayanan. Big data analytics over encrypted datasets with seabed. In OSDI pages 587–602 2016.

  • [59] R. A. Popa C. Redfield N. Zeldovich and H. Balakrishnan. Cryptdb: protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles pages 85–100. ACM 2011.

  • [60] R. A. Popa E. Stark J. Helfer S. Valdez N. Zeldovich M. F. Kaashoek and H. Balakrishnan. Building web applications on top of encrypted data using mylar. In NSDI pages 157–172 2014.

  • [61] D. Pouliot and C. V. Wright. The shadow nemesis: Inference attacks on efficiently deployable efficiently searchable encryption. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security pages 1341–1352. ACM 2016.

  • [62] A. Rane C. Lin and M. Tiwari. Raccoon: Closing digital side-channels through obfuscated execution. In USENIX Security Symposium pages 431–446 2015.

  • [63] L. Ren X. Yu C. W. Fletcher M. Van Dijk and S. Devadas. Design space exploration and optimization of path oblivious ram in secure processors. ACM SIGARCH Computer Architecture News 41(3):571–582 2013.

  • [64] A. W. Richa M. Mitzenmacher and R. Sitaraman. The power of two random choices: A survey of techniques and results. Combinatorial Optimization 9:255–304 2001.

  • [65] S. Sasy S. Gorbunov and C. Fletcher. Zerotrace: Oblivious memory primitives from intel sgx. In Symposium on Network and Distributed System Security (NDSS) 2018.

  • [66] E. Shi T.-H. H. Chan E. Stefanov and M. Li. Oblivious ram with o ((logn) 3) worst-case cost. In Advances in Cryptology–ASIACRYPT 2011 pages 197–214. Springer 2011.

  • [67] D. X. Song D. Wagner and A. Perrig. Practical techniques for searches on encrypted data. In Proceedings of the 2000 IEEE Symposium on Security and Privacy pages 44–55. IEEE Computer Society 2000.

  • [68] E. Stefanov C. Papamanthou and E. Shi. Practical dynamic searchable encryption with small leakage. In Annual Network and Distributed System Security Symposium – NDSS volume 14 pages 23–26 2014.

  • [69] E. Stefanov and E. Shi. Multi-cloud oblivious storage. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security pages 247–258. ACM 2013.

  • [70] E. Stefanov and E. Shi. Oblivistore: High performance oblivious cloud storage. In Security and Privacy (SP) 2013 IEEE Symposium on pages 253–267. IEEE 2013.

  • [71] E. Stefanov M. Van Dijk E. Shi C. Fletcher L. Ren X. Yu and S. Devadas. Path oram: an extremely simple oblivious ram protocol. In Proceedings of the 2013 ACM SIGSAC conference on Computer and Communications security pages 299–310. ACM 2013.

  • [72] W. Sun B. Wang N. Cao M. Li W. Lou Y. T. Hou and H. Li. Privacy-preserving multi-keyword text search in the cloud supporting similarity-based ranking. In ACM SIGSAC AsiaCCS pages 71–82. ACM 2013.

  • [73] W. Sun R. Zhang W. Lou and Y. T. Hou. Rearguard: Secure keyword search using trusted hardware. In IEEE INFOCOM 2018.

  • [74] B. Wang S. Yu W. Lou and Y. T. Hou. Privacy-preserving multi-keyword fuzzy search over encrypted data in the cloud. In INFOCOM 2014 Proceedings IEEE pages 2112–2120. IEEE 2014.

  • [75] C. Wang N. Cao J. Li K. Ren and W. Lou. Secure ranked keyword search over encrypted cloud data. In IEEE 30th International Conference on Distributed Computing Systems pages 253–262. IEEE 2010.

  • [76] X. Wang H. Chan and E. Shi. Circuit oram: On tightness of the goldreich-ostrovsky lower bound. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pages 850–861. ACM 2015.

  • [77] X. S. Wang Y. Huang T. H. Chan A. Shelat and E. Shi. Scoram: oblivious ram for secure computation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security pages 191–202. ACM 2014.

  • [78] X. S. Wang K. Nayak C. Liu T. Chan E. Shi E. Stefanov and Y. Huang. Oblivious data structures. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security pages 215–226. ACM 2014.

  • [79] A. Waterman Y. Lee D. A. Patterson and K. Asanovic. The RISC-V Instruction Set Manual Volume I: Base User-level ISA. EECS Department UC Berkeley Tech. Rep. UCB/EECS-2011-62 2011.

  • [80] N. Weichbrodt A. Kurmus P. Pietzuch and R. Kapitza. AsyncShock: Exploiting synchronisation bugs in Intel SGX enclaves. In Proceedings of the 21th European Symposium on Research in Computer Security (ESORICS) Crete Greece Sept. 2016.

  • [81] Y. Xu W. Cui and M. Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland) San Jose CA May 2015.

  • [82] Y. Zhang J. Katz and C. Papamanthou. All your queries are belong to us: The power of file-injection attacks on searchable encryption. In 25th USENIX Security Symposium (USENIX Security 16) pages 707–720 2016.

Search
Journal information
Metrics
All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 1457 428 13
PDF Downloads 341 277 14