HardIDX: Practical and Secure Index with SGX

Fuhry, Benny; Bahmani, Raad; Brasser, Ferdinand; Hahn, Florian; Kerschbaum, Florian; Sadeghi, Ahmad‐Reza

doi:10.1007/978-3-319-61176-1_22

Cited by 72 publications

(43 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SGX was used to replace cryptographic primitives such as efficient two-party secure function evaluation [46], private membership test [47], and trustworthy remote entity [48]. SGX was also adopted for sensitive data analytics, processing, and search, e.g., VC3 [49], Opaque [50], SecureKeeper [51], PROCHLO [52], SafeBricks [53], Oblix [54], and HardIDX [55]. Different to the above scenarios, we leverage the secure remote computation mechanism of SGX enclaves to achieve data confidentiality and model accountability in collaborative training.…”

Section: Related Workmentioning

confidence: 99%

Reaching Data Confidentiality and Model Accountability on the CalTrain

Gu¹,

Jamjoom²,

Su³

et al. 2019

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

Distributed collaborative learning (DCL) paradigms enable building joint machine learning models from distrusting multi-party participants. Data confidentiality is guaranteed by retaining private training data on each participant's local infrastructure. However, this approach to achieving data confidentiality makes today's DCL designs fundamentally vulnerable to data poisoning and backdoor attacks. It also limits DCL's model accountability, which is key to backtracking the responsible "bad" training data instances/contributors. In this paper, we introduce CALTRAIN 1 , a Trusted Execution Environment (TEE) based centralized multi-party collaborative learning system that simultaneously achieves data confidentiality and model accountability. CALTRAIN enforces isolated computation on centrally aggregated training data to guarantee data confidentiality. To support building accountable learning models, we securely maintain the links between training instances and their corresponding contributors. Our evaluation shows that the models generated from CALTRAIN can achieve the same prediction accuracy when compared to the models trained in non-protected environments. We also demonstrate that when malicious training participants tend to implant backdoors during model training, CALTRAIN can accurately and precisely discover the poisoned and mislabeled training data that lead to the runtime mispredictions.

show abstract

Section: Related Workmentioning

confidence: 99%

Reaching Data Confidentiality and Model Accountability on the CalTrain

Gu¹,

Jamjoom²,

Su³

et al. 2019

2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

View full text Add to dashboard Cite

show abstract

“…After our conference submission [22], [26,34] proposed new schemes for private range queries. [34] has more leakage than our Constant-URC/BRC and it is also less efficient than all of our proposed schemes, since it has poly-logarithmic (O (loд 2 m)) amortized search time (while the worst case is O (n log 2 m) even in the static case).…”

Section: :6mentioning

confidence: 99%

“…[34] has more leakage than our Constant-URC/BRC and it is also less efficient than all of our proposed schemes, since it has poly-logarithmic (O (loд 2 m)) amortized search time (while the worst case is O (n log 2 m) even in the static case). Additionally, Fuhry et al [26] proposed a new scheme for private range queries using secure hardware (Intel SGX). In addition to the fact that this work is incomparable with ours (since it relies on the existence of secure hardware), this paper has more leakage than our schemes and is vulnerable to various side channel attacks.…”

Section: :6mentioning

confidence: 99%

Practical Private Range Search in Depth

Demertzis

Papadopoulos²,

Papapetrou

et al. 2018

ACM Trans. Database Syst.

View full text Add to dashboard Cite

We consider a data owner that outsources its dataset to an untrusted server. The owner wishes to enable the server to answer range queries on a single attribute, without compromising the privacy of the data and the queries. There are several schemes on "practical" private range search (mainly in databases venues) that attempt to strike a trade-off between efficiency and security. Nevertheless, these methods either lack provable security guarantees, or permit unacceptable privacy leakages. In this paper, we take an interdisciplinary approach, which combines the rigor of security formulations and proofs with efficient Data Management techniques. We construct a wide set of novel schemes with realistic security/performance trade-offs, adopting the notion of Searchable Symmetric Encryption (SSE) primarily proposed for keyword search. We reduce range search to multi-keyword search using range covering techniques with tree-like indexes, and formalize the problem as Range Searchable Symmetric Encryption (RSSE). We demonstrate that, given any secure SSE scheme, the challenge boils down to (i) formulating leakages that arise from the index structure, and (ii) minimizing false positives incurred by some schemes under heavy data skew. We also explain an important concept in the recent SSE bibliography, namely locality, and design generic and specialized ways to attribute locality to our RSSE schemes. Moreover, we are the first to devise secure schemes for answering range aggregate queries, such as range sums and range min/max. We analytically detail the superiority of our proposals over prior work and experimentally confirm their practicality. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. INTRODUCTIONWe focus on a setting with two parties; a data owner and a server. The owner outsources its dataset to the server, and gives the latter the authority to answer range queries on a single attribute. The server is untrusted, and the goal is to protect the privacy of the dataset and the queries. The owner encrypts its data prior to sending them to the server. The challenge lies in enabling the server to process the owner's queries directly on the encrypted data, while achieving performance and costs close to the non-private case. The benefits of data outsourcing and the importance of privacy have been stressed in numerous earlier works (e.g., [18,59,62,66]).Prior work. Privacy-preserving range queries can be solved with optimal security via powerful theoretical cryptographic tools, such as Oblivious ...

show abstract

“…State-of-the-art Hardware-Supported Oblivious Search Platforms. Existing systems [25,73] require secure hardware (e.g., Intel SGX) to process the entire outsourced data (e.g., encryption/decryption) for each search query to completely hide the access pattern. Unfortunately, this approach might also incur a high delay when dealing with a large amount of outsourced data since its cost grows linearly with the database size.…”

Section: Motivationmentioning

confidence: 99%

“…Our system design is inspired from ZeroTrace [65], where we synergize SGX-supported ORAM with Oblivious Data Structure (ODS) [78] to enable oblivious keyword search and update operations on encrypted data. This synergy (i) addresses the network bandwidth and communication hurdles of ORAM-SE composition in the client-server setting; (ii) eliminates the cost of processing the entire database inside Intel SGX as in [25,73]; and more importantly, (iii) allows for operation on a large outsourced database without being restricted by Intel SGX memory as in [3]. This composition also enables efficient oblivious keyword update capacity.…”

Section: Our Contributionsmentioning

confidence: 99%

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Hoang

Ozmen

Jang

et al. 2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

The ability to query and update over encrypted data is an essential feature to enable breach-resilient cyber-infrastructures. Statistical attacks on searchable encryption (SE) have demonstrated the importance of sealing information leaks in access patterns. In response to such attacks, the community has proposed the Oblivious Random Access Machine (ORAM). However, due to the logarithmic communication overhead of ORAM, the composition of ORAM and SE is known to be costly in the conventional client-server model, which poses a critical barrier toward its practical adaptations. In this paper, we propose a novel hardware-supported privacy-enhancing platform called Practical Oblivious Search and Update Platform (POSUP), which enables oblivious keyword search and update operations on large datasets with high efficiency. We harness Intel SGX to realize efficient oblivious data structures for oblivious search/update purposes. We implemented POSUP and evaluated its performance on a Wikipedia dataset containing ≥229 keyword-file pairs. Our implementation is highly efficient, taking only 1 ms to access a 3 KB block with Circuit-ORAM. Our experiments have shown that POSUP offers up to 70× less end-to-end delay with 100× reduced network bandwidth consumption compared with the traditional ORAM-SE composition without secure hardware. POSUP is also at least 4.5× faster for up to 99.5% of keywords that can be searched compared with state-of-the-art Intel SGX-assisted search platforms.

show abstract

HardIDX: Practical and Secure Index with SGX

Cited by 72 publications

References 49 publications

Reaching Data Confidentiality and Model Accountability on the CalTrain

Reaching Data Confidentiality and Model Accountability on the CalTrain

Practical Private Range Search in Depth

Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset

Contact Info

Product

Resources

About