nach oben

Erschienen in:

2021 | OriginalPaper | Buchkapitel

Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves

verfasst von : Viet Vo, Shangqi Lai, Xingliang Yuan, Surya Nepal, Joseph K. Liu

Erschienen in: Applied Cryptography and Network Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Dynamic searchable symmetric encryption (DSSE) can enable a cloud server to search and update over the encrypted data. Recently, forward and backward privacy in DSSE receive wide attention due to the rise in a number of emerging attacks exploiting the leakage in data update operations. Forward privacy ensures newly added data is not related to queries issued in the past, whilst backward privacy ensures previously deleted data is not revealed in the queries. Unfortunately, achieving strong forward and backward privacy, i.e., only revealing insertion timestamps of search results, requires the adoption of oblivious data structures, which incur heavy computation and communication overhead at both the client and server-side. In this paper, we resort to secure enclaves, aka Intel SGX, to tackle the above problem. Specifically, we propose Maiden, the first strong backward-private DSSE scheme without relying on ORAM. Our key idea is to keep track of the states of updates and the deletion information inside the secure enclave to prevent the leakage from the server. To speed up, we further leverage a compressed data structure to maintain a sketch of addition operations in the enclave to facilitate the fast generation of search tokens of non-deleted data. We conduct formal security analysis and perform comprehensive evaluations on both synthetic and real-world datasets. Our results confirm that Maiden outperforms the prior work.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Analysis of Client-Side Security for Long-Term Time-Stamping Services

Nächstes Kapitel CECMLP: New Cipher-Based Evaluating Collaborative Multi-layer Perceptron Scheme in Federated Learning

Source code: https://github.com/MonashCybersecurityLab/SGXSSE.

Enron email dataset: https://www.cs.cmu.edu/~./enron/.

Amjad, G., Kamara, S., Moataz, T.: Forward and backward private searchable encryption with SGX. In: EuroSec 2019 (2019)

Biondo, A., Conti, M., Davi, L., Frassetto, T., Sadeghi, A.R.: The guard’s dilemma: efficient code-reuse attacks against intel SGX. In: USENIX Security 2018 (2018)

Borges, G., Domingos, H., Ferreira, B., Leitão, J., Oliveira, T., Portela, B.: BISEN: efficient boolean searchable symmetric encryption with verifiability and minimal leakage. In: IEEE SRDS 2019 (2019)

Bost, R.: \(\Sigma o\varphi \)o\(\varsigma \) - forward secure searchable encryption. In: ACM CCS 2016 (2016)

Bost, R., Fouque, P.A.: Thwarting leakage abuse attacks against searchable encryption - a formal approach and applications to database padding. Cryptology ePrint Archive, Report 2017/1060 (2017). https://eprint.iacr.org/2017/1060

Bost, R., Minaud, B., Ohrimenko, O.: Forward and backward private searchable encryption from constrained cryptographic primitives. In: ACM CCS 2017 (2017)

Brasser, F., Capkun, S., Dmitrienko, A., Frassetto, T., Kostiainen, K., Sadeghi, A.R.: DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization. In: ACSAC 2019 (2019)

Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: WOOT 2017 (2017)

Cash, D., Grubbs, P., Perry, J., Ristenpart, T.: Leakage-abuse attacks against searchable encryption. In: ACM CCS 2015 (2015)

10.

Cash, D., Jaeger, J., Jarecki, S., Jutla, C.: Dynamic searchable encryption in very large databases: data structures and implementation. In: NDSS 2014 (2014)

11.

Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: CRYPTO 2013 (2013)

12.

Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: Sgxpectre: stealing intel secrets from SGX enclaves via speculative execution. In: Euro S&P 2019 (2019)

13.

Chen, S., Zhang, X., Reiter, M.K., Zhang, Y.: Detecting privileged side-channel attacks in shielded execution with déjà vu. In: ASIA CCS 2017 (2017)

14.

Christian, P., Kapil, V., Manuel, C.: EnclaveDB: a secure database using SGX. In: IEEE S&P 2018 (2018)

15.

Cloosters, T., Rodler, M., Davi, L.: TeeRex: discovery and exploitation of memory corruption vulnerabilities in SGX enclaves. In: USENIX Security 2020, pp. 841–858 (2020)

16.

Costan, V., Devadas, S.: Intel SGX explained. In: IACR Cryptol. ePrint Arch. (2016)

17.

Curtmola, R., Garay, J., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: improved definitions and efficient constructions. In: ACM CCS 2006 (2016)

18.

Cutress, I.: Analyzing core i9–9900K performance with spectre and meltdown hardware mitigations. Intel Corp (2018). https://www.anandtech.com/show/13659/analyzing-core-i9-9900k-performance-with-spectre-and-meltdown-hardware-mitigations

19.

Demertzis, I., Chamani, J.G., Papadopoulos, D., Papamanthou, C.: Dynamic searchable encryption with small client storage. In: NDSS 2020 (2020)

20.

Eskandarian, S., Zaharia, M.: Oblidb: oblivious query processing for secure databases. In: Proceedings of the VLDB Endow. (2019)

21.

Etemad, M., Küpçü, A., Papamanthou, C., Evans, D.: Efficient dynamic searchable encryption with forward privacy. In: PET 2018 (2018)

22.

Fu, Y., Bauman, E., Quinonez, R., Lin, Z.: SGX-LAPD: thwarting controlled side channel attacks via enclave verifiable page faults. In: RAID (2017)

23.

Fuhry, B., Bahmani, R., Brasser, F., Hahn, F., Kerschbaum, F., Sadeghi, A.: HardIDX: practical and Secure Index with SGX. In: DBSec 2017 (2017)

24.

Ghareh Chamani, J., Papadopoulos, D., Papamanthou, C., Jalili, R.: New constructions for forward and backward private symmetric searchable encryption. In: ACM CCS 2018, pp. 1038–1055 (2018)

25.

Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on intel SGX. In: EuroSec 2017 (2017)

26.

Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., Mangard, S.: KASLR is dead: long live KASLR. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds.) ESSoS 2017. LNCS, vol. 10379, pp. 161–176. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-62105-0_11CrossRef

27.

Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security 2017, pp. 217–233 (2017)

28.

Hoang, T., Ozmen, M.O., Jang, Y., Yavuz, A.A.: Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. In: PET 2019 (2019)

29.

Intel: Intel processors voltage settings modification advisory (2020). https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html

30.

Kamara, S., Papamanthou, C., Roeder, T.: Dynamic searchable symmetric encryption. In: ACM CCS 2012, pp. 965–976 (2012)

31.

Kuvaiskii, D., et al.: SGXBOUNDS: memory safety for shielded execution. In: EuroSys 2017, pp. 205–221 (2017)

32.

Lai, S., et al.: Result pattern hiding searchable encryption for conjunctive queries. In: ACM CCS 2018, pp. 745–762 (2018)

33.

Lee, J., et al.: Hacking in darkness: return-oriented programming against secure enclaves. In: USENIX Security 2017, pp. 523–539 (2017)

34.

Marshall, A., Howard, M., Bugher, G., Harden, B.: Security best practices for developing windows azure applications. Microsoft Corp 42, 12–15 (2010)

35.

McKeen, F., et al.: Intel® software guard extensions (intel® SGX) support for dynamic memory management inside an enclave. In: HASP 2016 (2016)

36.

Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: an efficient oblivious search index. In: IEEE S&P 2018 (2018)

37.

Murdock, K., et al.: Plundervolt: software-based fault injection attacks against intel SGX. In: IEEE S&P 2020 (2020)

38.

Ohrimenko, O., et al.: Oblivious multi-party machine learning on trusted processors. In: USENIX Security 2016 (2016)

39.

Oleksenko, O., et al.: Varys: Protecting SGX enclaves from practical side-channel attacks. In: USENIX ATC 2018 (2018)

40.

Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Topics in Cryptology - CT-RSA 2006 (2006)

41.

Rane, A., Lin, C., Tiwari, M.: Raccoon: closing digital side-channels through obfuscated execution. In: USENIX Security 2015 (2015)

42.

Sasy, S., Gorbunov, S., Fletcher, C.W.: Zerotrace: oblivious memory primitives from intel SGX. In: NDSS 2018 (2018)

43.

Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_1CrossRef

44.

Seo, J., et al.: SGX-shield: enabling address space layout randomization for SGX programs. In: NDSS (2017)

45.

Shih, M.W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: NDSS (2017)

46.

Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: ACM AsiaCCS 2016 (2016)

47.

Sinha, R., Rajamani, S., Seshia, S.A.: A compiler and verifier for page access oblivious computation. In: ESEC/FSE 2017 (2017)

48.

Song, D., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE S&P 2000, pp. 44–55 (2000)

49.

Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable symmetric encryption with small leakage. In: NDSS 2014 (2014)

50.

Sun, S.F., et al.: Practical backward-secure searchable encryption from symmetric puncturable encryption. In: ACM CCS 2018 (2018)

51.

Van Bulck, J., et al.: Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: USENIX Security 2018 (2018)

52.

Vinayagamurthy, D., Gribov, A., Gorbunov, S.: Stealthdb: A scalable encrypted database with full SQL query support. In: PET 2019 (2019)

53.

Vo, V., Lai, S., Yuan, X., Sun, S.F., Nepal, S., Liu, J.K.: Accelerating forward and backward private searchable encryption using trusted execution. In: ACNS 2020 (2020)

54.

Wang, W., et al.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: CCS 2017 (2017)

55.

Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: IEEE S&P 2015 (2015)

56.

Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security 2014 (2014)

57.

Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: The power of file-injection attacks on searchable encryption. In: USENIX Security 2016 (2016)

58.

Zhao, W., Lu, K., Qi, Y., Qi, S.: Mptee: bringing flexible and efficient memory protection to intel SGX. In: EuroSys 2020 (2020)

59.

Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: USENIX NSDI 2017 (2017)

Titel: Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves
verfasst von: Viet Vo
Shangqi Lai
Xingliang Yuan
Surya Nepal
Joseph K. Liu
Verlag: Springer International Publishing
Buch: Applied Cryptography and Network Security
Print ISBN: 978-3-030-78371-6

Electronic ISBN: 978-3-030-78372-3

Copyright-Jahr: 2021
DOI: https://doi.org/10.1007/978-3-030-78372-3_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"