<i>VISE</i>: Combining Intel SGX and Homomorphic Encryption for Cloud Industrial Control Systems

Coppolino, Luigi; D’Antonio, Salvatore; Formicola, Valerio; Mazzeo, Giovanni; Romano, Luigi

doi:10.1109/tc.2020.2995638

Cited by 25 publications

(7 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our choice was to use the library TFHE [15] since it provides a good compromise between performance penalty and functionalities. Moreover, since it is fully implemented in C, it was fully possible its porting in an SGX environment [16].…”

Section: Homomorphic Encryptionmentioning

confidence: 99%

Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

et al. 2021

Self Cite

View full text Add to dashboard Cite

The approach presented in this paper provides effective protection of critical business processes by applying advanced SIEM technology in a rigorous fashion, based on the results of accurate risk assessment. The proposed SIEM tool advances the State of The Art of the technology along two axes, specifically: privacy and integrity. The advancements are achieved via combined use of two of the most promising technologies for trusted computing, namely: Trusted Execution Environment (TTE) and Homomorphic Encryption (HE). The approach is validated with respect to a real use case of a Smart Hospital (i.e., one where IT is massively used), with challenging security requirements. The use case is contributed by one of the major public hospitals in Italy. Experiments demonstrate that, by relying on continuous monitoring of security relevant events and advanced correlation techniques, the SIEM solution proposed in this work effectively protects the critical workflows of the hospital business processes from cyber-attacks with high impact (specifically: serious harm to or even death of the patient).

show abstract

Section: Homomorphic Encryptionmentioning

confidence: 99%

Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…The purpose of SGX technology is to provide a secure container, called an enclave, for cloud-native applications. An SGX enclave is protected against access from privileged software (e.g., OS and hypervisor) to leak sensitive data or manipulate control flow, which can be potentially malicious due to the untrustworthy nature of the cloud environment [27][28][29]. Essentially, service providers who run their applications in the cloud platform cannot access or control hardware components and the underlying privileged software components.…”

Section: Intel Sgx Overviewmentioning

confidence: 99%

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Kim

2021

Applied Sciences

View full text Add to dashboard Cite

A recent innovation in the trusted execution environment (TEE) technologies enables the delegation of privacy-preserving computation to the cloud system. In particular, Intel SGX, an extension of x86 instruction set architecture (ISA), accelerates this trend by offering hardware-protected isolation with near-native performance. However, SGX inherently suffers from performance degradation depending on the workload characteristics due to the hardware restriction and design decisions that primarily concern the security guarantee. The system-level optimizations on SGX runtime and kernel module have been proposed to resolve this, but they cannot effectively reflect application-specific characteristics that largely impact the performance of legacy SGX applications. This work presents an optimization strategy to achieve application-level optimization by utilizing asynchronous switchless calls to reduce enclave transition, one of the dominant overheads of using SGX. Based on the systematic analysis, our methodology examines the performance benefit for each enclave transition wrapper and selectively applies switchless calls without modifying the legacy codebases. The evaluation shows that our optimization strategy successfully improves the end-to-end performance of our showcasing application, an SGX-enabled network middlebox.

show abstract

“…Unfortunately, up to now, industries seldom adopt such advanced cryptography technologies: the majority of cryptography technologies used by industries were developed in early 2000s [14]. Only recently, thanks to the ambitious project FENTEC (Functional ENcryption TEChnologies) 5 , there has been a tentative to propose FE solutions for privacy preserving in a wide range of sectors from clinical data 6 , to public transportation 7 . There are several types of schemes that can be assimilated to the FE, these are: attribute-based encryption (ABE) [10], [3], [13], identity-based encryption (IBE) [4], the ones that implement inner product functions [1], [2] and nonlinear (at most quadratic) polynomials.…”

Section: Fundamentals Of Functional Encryptionmentioning

confidence: 99%

“…Unfortunately, the exclusive use of HE is not doable since it is affected by a non-negligible execution time overhead, and by a large cipher text expansion. Moreover, a major problem of HE is the so-called unverifiable conditional issue, which forces a program running on a third-party host, and processing homomorphically encrypted data, to request that a client decrypts intermediate functional results to proceed further in the execution [7]. This introduces additional synchronization points and performance overhead, and increases the risk of information disclosure (e.g.…”

Section: Introductionmentioning

confidence: 99%

Privacy-preserving Credit Scoring via Functional Encryption

Andolfo,

Coppolino,

D'Antonio

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

The majority of financial organizations managing confidential data are aware of security threats and leverage widely accepted solutions (e.g., storage encryption, transport-level encryption, intrusion detection systems) to prevent or detect attacks. Yet these hardening measures do little to face even worse threats posed on data-in-use. Solutions such as Homomorphic Encryption (HE) and hardware-assisted Trusted Execution Environment (TEE) are nowadays among the preferred approaches for mitigating this type of threats. However, given the high-performance overhead of HE, financial institutions -whose processing rate requirements are stringentare more oriented towards TEE-based solutions. The X-Margin Inc. company, for example, offers secure financial computations by combining the Intel SGX TEE technology and HE-based Zero-Knowledge Proofs, which shield customers' data-in-use even against malicious insiders, i.e., users having privileged access to the system. Despite such a solution offers strong security guarantees, it is constrained by having to trust Intel and by the SGX hardware extension availability. In this paper, we evaluate a new frontier for X-Margin, i.e., performing privacy-preserving credit risk scoring via an emerging cryptographic scheme: Functional Encryption (FE), which allows a user to only learn a function of the encrypted data. We describe how the X-Margin application can benefit from this innovative approach and -most importantly-evaluate its performance impact.

show abstract

VISE: Combining Intel SGX and Homomorphic Encryption for Cloud Industrial Control Systems

Cited by 25 publications

References 34 publications

Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

Risk Assessment Driven Use of Advanced SIEM Technology for Cyber Protection of Critical e-Health Processes

An Optimization Methodology for Adapting Legacy SGX Applications to Use Switchless Calls

Privacy-preserving Credit Scoring via Functional Encryption

Contact Info

Product

Resources

About