ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments

Sajin Sasy 1  and Ian Goldberg 2
  • 1 Cheriton School of Computer Science, University of Waterloo
  • 2 Cheriton School of Computer Science, University of Waterloo

Abstract

Anonymous communications networks enable individuals to maintain their privacy online. The most popular such network is Tor, with about two million daily users; however, Tor is reaching limits of its scalability. One of the main scalability bottlenecks of Tor and similar network designs originates from the requirement of distributing a global view of the servers in the network to all network clients. This requirement is in place to avoid epistemic attacks, in which adversaries who know which parts of the network certain clients do and do not know about can rule in or out those clients from being responsible for particular network traffic.

In this work, we introduce a novel solution to this scalability problem by leveraging oblivious RAM constructions and trusted execution environments in order to enable clients to fetch only the parts of the network view they require, without the directory servers learning which parts are being fetched. We compare the performance of our design with the current Tor mechanism and other related works to show one to two orders of magnitude better performance from an end-to-end perspective. We analyse the requirements to actually deploy such a scheme today and conclude that it would only require a small fraction (<2.5%) of the relays to have the required hardware support; moreover, these relays can perform their roles with minimal network bandwidth requirements.

If the inline PDF is not rendering correctly, you can download the PDF file here.

  • [1] C. Aguilar-Melchor, J. Barrier, L. Fousse, and M.-O. Killijian. XPIR: Private Information Retrieval for Everyone. Proceedings on Privacy Enhancing Technologies, 2016.

  • [2] A. Ahmad, K. Kim, M. I. Sarfaraz, and B. Lee. OBLIVIATE: A Data Oblivious Filesystem for Intel SGX. In 25th Network and Distributed System Security Symposium (NDSS), 2018.

  • [3] I. Anati, S. Gueron, S. Johnson, and V. Scarlata. Innovative Technology for CPU Based Attestation and Sealing, 2013. https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing.

  • [4] S. Angel, H. Chen, K. Laine, and S. Setty. PIR with compressed queries and amortized query processing. In 39th IEEE Symposium on Security and Privacy (S&P). IEEE, 2018.

  • [5] ARM. ARM Security Technology: Building a Secure System using TrustZone Technology, 2015. http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf.

  • [6] R. Barbulescu and S. Duquesne. Updating Key Size Estimations for Pairings. Cryptology ePrint Archive, Report 2017/334, 2017.

  • [7] J. Bi, M. Liu, and X. Wang. Cryptanalysis of a homomorphic encryption scheme from ISIT 2008. In IEEE International Symposium on Information Theory (ISIT), 2012.

  • [8] D. Bleichenbacher, A. Kiayias, and M. Yung. Decoding of Interleaved Reed Solomon Codes over Noisy Data. In International Colloquium on Automata, Languages, and Programming. Springer, 2003.

  • [9] D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 2003.

  • [10] D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 2001.

  • [11] Z. Brakerski and V. Vaikuntanathan. Efficient Fully Homomorphic Encryption from (Standard) LWE. SIAM Journal on Computing, 2014.

  • [12] F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A. Sadeghi. Software Grand Exposure: SGX Cache Attacks Are Practical. In 11th USENIX Workshop on O˙ensive Technologies (WOOT), 2017.

  • [13] Brave. Brave Private Tabs with Tor. https://brave.com/tor-tabs-beta, Accessed September 2018.

  • [14] J. V. Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium, 2018.

  • [15] B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private Information Retrieval. In IEEE Foundations of Computer Science (FOCS), 1995.

  • [16] D. Coppersmith and M. Sudan. Reconstructing Curves in Three (and Higher) Dimensional Space from Noisy Data. In 35th ACM Symposium on Theory of Computing (STOC), 2003.

  • [17] F. Dall, G. De Micheli, T. Eisenbarth, D. Genkin, N. Heninger, A. Moghimi, and Y. Yarom. Cachequote: Efficiently Recovering Long-Term Secrets of SGX EPID via Cache Attacks. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018.

  • [18] G. Danezis and R. Clayton. Route Fingerprinting in Anonymous Communications. In 6th IEEE International Conference on Peer-to-Peer Computing. IEEE, 2006.

  • [19] G. Danezis and P. Syverson. Bridging and Fingerprinting: Epistemic Attacks on Route Selection. In 8th Privacy Enhancing Technologies Symposium (PETS). Springer, 2008.

  • [20] S. Devadas, M. van Dijk, C. W. Fletcher, L. Ren, E. Shi, and D. Wichs. Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM. In Theory of Cryptography Conference (TCC). Springer, 2016.

  • [21] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The Second-Generation Onion Router. In 13th USENIX Security Symposium, 2004.

  • [22] J. R. Douceur. The Sybil attack. In International Workshop on Peer-to-Peer Systems. Springer, 2002.

  • [23] T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the Guards: A Framework for Understanding and Improving Entry Guard Selection in Tor. In 11th ACM Workshop on Privacy in the Electronic Society (WPES). ACM, 2012.

  • [24] C. Fletcher, M. Naveed, L. Ren, E. Shi, and E. Stefanov. Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM. Cryptology ePrint Archive, Report 2015/1065, 2015.

  • [25] I. Goldberg. Improving the Robustness of Private Information Retrieval. In 28th IEEE Symposium on Security and Privacy (S&P), 2007.

  • [26] O. Goldreich and R. Ostrovsky. Software Protection and Simulation on Oblivious RAMs. Journal of the ACM (JACM), 1996.

  • [27] S. Gueron. Intel® Advanced Encryption Standard (AES) New Instructions Set, 2010. https://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf.

  • [28] Intel. SGX Virtualization. https://01.org/intel-software-guard-extensions/sgx-virtualization. Accessed February 2018.

  • [29] Intel. Intel Trusted Execution Technology, 2007. http://www.intel.com/technology/security/. Accessed September 2018.

  • [30] Intel. Software Guard Extensions (Intel® SGX) Data Center Attestation Primitives: ECDSA Quote Library API, 2018. https://download.01.org/intel-sgx/dcap-1.0/docs/SGX_ECDSA_QuoteGenReference_DCAP_API_Linux_1.0.pdf.

  • [31] A. Kapadia and N. Triandopoulos. Halo: High-Assurance Locate for Distributed Hash Tables. In 16th Network and Distributed System Security Symposium (NDSS), 2008.

  • [32] D. Kaplan, J. Powell, and T. Woller. AMD Memory Encryption, 2016. https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf.

  • [33] S. Karandikar, S. Devadas, A. Ou, K. Asanovic, I. Lebedev, D. Song, and D. Lee. Keystone Open-source Secure Hardware Enclave, 2018. https://keystone-enclave.org/. Accessed September 2018.

  • [34] T. Kim and R. Barbulescu. Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case. In CRYPTO. Springer, 2016.

  • [35] P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P), 2019.

  • [36] S. Lee, M.-W. Shih, P. Gera, T. Kim, H. Kim, and M. Peinado. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium, 2017.

  • [37] T. Lepoint and M. Tibouchi. Cryptanalysis of a (Somewhat) Additively Homomorphic Encryption Scheme Used in PIR. In 3rd Workshop on Applied Homomorphic Cryptography and Encrypted Computing (WAHC), 2015.

  • [38] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium, 2018.

  • [39] E. K. Lua, J. Crowcroft, M. Pias, R. Sharma, and S. Lim. A Survey and Comparison of Peer-to-Peer Overlay Network Schemes. IEEE Communications Surveys & Tutorials, 2005.

  • [40] W. Lueks and I. Goldberg. Sublinear Scaling for Multi-Client Private Information Retrieval. In International Conference on Financial Cryptography and Data Security (FC). Springer, 2015.

  • [41] N. Mathewson. Proposal 300: Walking Onions: Scaling and Saving Bandwidth. https://gitweb.torproject.org/torspec.git/tree/proposals/300-walking-onions.txt, 2019. Accessed February 2019.

  • [42] P. Maymounkov and D. Mazieres. Kademlia: A Peer-to-Peer Information System Based on the XOR Metric. In International Workshop on Peer-to-Peer Systems. Springer, 2002.

  • [43] J. McLachlan, A. Tran, N. Hopper, and Y. Kim. Scalable Onion Routing with Torsk. In 16th ACM Conference on Computer and Communications Security (CCS), 2009.

  • [44] C. A. Melchor and P. Gaborit. A Fast Private Information Retrieval Protocol. In IEEE International Symposium on Information Theory (ISIT), 2008.

  • [45] P. Mishra, R. Poddar, J. Chen, A. Chiesa, and R. A. Popa. Oblix: An Efficient Oblivious Search Index. In 39th IEEE Symposium on Security and Privacy (S&P). IEEE, 2018.

  • [46] P. Mittal and N. Borisov. ShadowWalker: Peer-to-peer Anonymous Communication using Redundant Structured Topologies. In 16th ACM Conference on Computer and Communications Security (CCS), pages 161–172. ACM, 2009.

  • [47] P. Mittal and N. Borisov. Information Leaks in Structured Peer-to-Peer Anonymous Communication Systems. ACM Transactions on Information and System Security (TISSEC), 2012.

  • [48] P. Mittal, F. Olumofin, C. Troncoso, N. Borisov, and I. Goldberg. PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval. In 20th USENIX Security Symposium, 2011.

  • [49] Mozilla. Fusion: Firefox USIng Onions, 2018. https://wiki.mozilla.org/Security/Fusion. Accessed September 2018.

  • [50] A. Nambiar and M. Wright. Salsa: A Structured Approach to Large-Scale Anonymity. In 13th ACM Conference on Computer and Communications Security (CCS), 2006.

  • [51] O. Ohrimenko, F. Schuster, C. Fournet, A. Mehta, S. Nowozin, K. Vaswani, and M. Costa. Oblivious multi-party machine learning on trusted processors. In 25th USENIX Security Symposium, 2016.

  • [52] L. Øverlier and P. Syverson. Locating Hidden Servers. In IEEE Symposium on Security and Privacy (S&P), 2006.

  • [53] A. Panchenko, S. Richter, and A. Rache. NISAN: Network Information Service for Anonymization Networks. In 16th ACM Conference on Computer and Communications Security (CCS), 2009.

  • [54] S. Patel, G. Persiano, and K. Yeo. Private Stateful Information Retrieval. In 25th ACM Conference on Computer and Communications Security (CCS), 2018.

  • [55] A. M. Piotrowska, J. Hayes, T. Elahi, S. Meiser, and G. Danezis. The Loopix Anonymity System. In 26th USENIX Security Symposium, 2017.

  • [56] A. Rane, C. Lin, and M. Tiwari. Raccoon: Closing Digital Side-channels Through Obfuscated Execution. In 24th USENIX Security Symposium, 2015.

  • [57] O. Regev. On Lattices, Learning With Errors, Random Linear Codes, and Cryptography. Journal of the ACM (JACM), 2009.

  • [58] L. Ren, C. Fletcher, A. Kwon, E. Stefanov, E. Shi, M. van Dijk, and S. Devadas. Constants Count: Practical Improvements to Oblivious RAM. In 24th USENIX Security Symposium, 2015.

  • [59] M. Rennhard and B. Plattner. Introducing MorphMix: Peer-to-Peer Based Anonymous Internet Usage with Collusion Detection. In 1st ACM Workshop on Privacy in the Electronic Society (WPES), 2002.

  • [60] S. Sasy, S. Gorbunov, and C. W. Fletcher. ZeroTrace: Oblivious Memory Primitives from Intel SGX. In 25th Network and Distributed System Security Symposium (NDSS), 2018.

  • [61] M. Schuchard, A. W. Dean, V. Heorhiadi, N. Hopper, and Y. Kim. Balancing the Shadows. In 9th ACM Workshop on Privacy in the Electronic Society (WPES), 2010.

  • [62] M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2017.

  • [63] S. Shinde, Z. L. Chua, V. Narayanan, and P. Saxena. Preventing Page Faults from Telling Your Secrets. In 11th ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2016.

  • [64] R. Snader and N. Borisov. Improving Security and Performance in the Tor Network through Tunable Path Selection. IEEE Transactions on Dependable and Secure Computing, 2011.

  • [65] E. Stefanov, E. Shi, and D. Song. Towards Practical Oblivious RAM. In 19th Network and Distributed System Security Symposium (NDSS), 2012.

  • [66] E. Stefanov, M. Van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path ORAM: An Extremely Simple Oblivious RAM Protocol. In 20th ACM Conference on Computer and Communications Security (CCS), 2013.

  • [67] I. Stoica, R. Morris, D. Karger, M. F. Kaashoek, and H. Balakrishnan. Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications. ACM SIGCOMM Computer Communication Review, 2001.

  • [68] P. Tabriz and N. Borisov. Breaking the collusion detection mechanism of MorphMix. In 6th International Workshop on Privacy Enhancing Technologies (PET), pages 368–383. Springer, 2006.

  • [69] The Tor Project. Tor Directory Services v3. https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt. Accessed September 2018.

  • [70] The Tor Project. Tor Metrics. https://metrics.torproject.org/. Accessed September 2018.

  • [71] The Tor Project. Who Uses Tor? https://www.torproject.org/about/torusers.html.en. Accessed September 2018.

  • [72] United Nations. Universal Declaration of Human Rights (Article 12), 1948. http://www.un.org/en/universal-declaration-human-rights/. Accessed September 2018.

  • [73] C. Wacek, H. Tan, K. S. Bauer, and M. Sherr. An Empirical Evaluation of Relay Selection in Tor. In 20th Network and Distributed System Security Symposium (NDSS), 2013.

  • [74] D. S. Wallach. A Survey of Peer-to-Peer Security Issues. In 2002 Mext-NSF-JSPS International Conference on Software Security: Theories and Systems (ISSS). Springer, 2003.

  • [75] P. Wang and Y. Kim. Myrmic: Secure and Robust DHT Routing, 2006.

  • [76] Q. Wang, P. Mittal, and N. Borisov. In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems. In 17th ACM Conference on Computer and Communications Security (CCS), pages 308–318. ACM, 2010.

  • [77] X. Wang, H. Chan, and E. Shi. Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound. In 22nd ACM Conference on Computer and Communications Security (CCS), 2015.

  • [78] R. Wojtczuk and J. Rutkowska. Attacking Intel Trusted Execution Technology. Invisible Things Lab, 2009.

  • [79] R. Wojtczuk and J. Rutkowska. Attacking SMM Memory via Intel CPU Cache Poisoning. Invisible Things Lab, 2009.

  • [80] M. Wright, M. Adler, B. N. Levine, and C. Shields. Defending Anonymous Communications Against Passive Logging Attacks. In 24th IEEE Symposium on Security and Privacy (S&P). IEEE, 2003.

  • [81] Y. Xu, W. Cui, and M. Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 36th IEEE Symposium on Security and Privacy (S&P), 2015.

  • [82] B. Zantout and R. Haraty. I2P Data Communication System. In 10th International Conference on Networks (ICN), 2011.

OPEN ACCESS

Journal + Issues

Search