304 research outputs found
Prochlo: Strong Privacy for Analytics in the Crowd
The large-scale monitoring of computer users' software activities has become
commonplace, e.g., for application telemetry, error reporting, or demographic
profiling. This paper describes a principled systems architecture---Encode,
Shuffle, Analyze (ESA)---for performing such monitoring with high utility while
also protecting user privacy. The ESA design, and its Prochlo implementation,
are informed by our practical experiences with an existing, large deployment of
privacy-preserving software monitoring.
(cont.; see the paper
Efficiently Hardening SGX Enclaves against Memory Access Pattern Attacks via Dynamic Program Partitioning
Intel SGX is known to be vulnerable to a class of practical attacks
exploiting memory access pattern side-channels, notably page-fault attacks and
cache timing attacks. A promising hardening scheme is to wrap applications in
hardware transactions, enabled by Intel TSX, that return control to the
software upon unexpected cache misses and interruptions so that the existing
side-channel attacks exploiting these micro-architectural events can be
detected and mitigated. However, existing hardening schemes scale only to
small-data computation, with a typical working set smaller than one or few
times (e.g., times) of a CPU data cache.
This work tackles the data scalability and performance efficiency of security
hardening schemes of Intel SGX enclaves against memory-access pattern side
channels. The key insight is that the size of TSX transactions in the target
computation is critical, both performance- and security-wise. Unlike the
existing designs, this work dynamically partitions target computations to
enlarge transactions while avoiding aborts, leading to lower performance
overhead and improved side-channel security. We materialize the dynamic
partitioning scheme and build a C++ library to monitor and model cache
utilization at runtime. We further build a data analytical system using the
library and implement various external oblivious algorithms. Performance
evaluation shows that our work can effectively increase transaction size and
reduce the execution time by up to two orders of magnitude compared with the
state-of-the-art solutions
What Storage Access Privacy is Achievable with Small Overhead?
Oblivious RAM (ORAM) and private information retrieval (PIR) are classic
cryptographic primitives used to hide the access pattern to data whose storage
has been outsourced to an untrusted server. Unfortunately, both primitives
require considerable overhead compared to plaintext access. For large-scale
storage infrastructure with highly frequent access requests, the degradation in
response time and the exorbitant increase in resource costs incurred by either
ORAM or PIR prevent their usage. In an ideal scenario, a privacy-preserving
storage protocols with small overhead would be implemented for these heavily
trafficked storage systems to avoid negatively impacting either performance
and/or costs. In this work, we study the problem of the best $\mathit{storage\
access\ privacy}\mathit{small\ overhead}\mathit{differential\ privacy\ access}\mathit{oblivious\ access}\epsilon = \Omega(\log n)\epsilon = \Theta(\log n)O(1)\epsilon = \Theta(\log n)O(\log\log n)$
overhead. This construction uses a new oblivious, two-choice hashing scheme
that may be of independent interest.Comment: To appear at PODS'1
H-ORAM: A Cacheable ORAM Interface for Efficient I/O Accesses
Oblivious RAM (ORAM) is an effective security primitive to prevent access pattern
leakage. By adding redundant memory accesses, ORAM prevents attackers from revealing the
patterns in the access sequences. However, ORAM tends to introduce a huge degradation on the
performance. With growing address space to be protected, ORAM has to store the majority of
data in the lower level storage, which further degrades the system performance.
In this paper, we propose Hybrid ORAM (H-ORAM), a novel ORAM primitive to address
large performance degradation when overflowing the user data to storage. H-ORAM consists of a
batch scheduling scheme for enhancing the memory bandwidth usage, and a novel ORAM
interface that returns data without waiting for the I/O access each time. We evaluate H-ORAM on
a real machine implementation. The experimental results show that that H-ORAM outperforms the
state-of-the-art Path ORAM by 19.8x for a small data set and 22.9x for a large data set
Secure Stable Matching at Scale
When a group of individuals and organizations wish to compute a stable matching---for example, when medical students are matched to medical residency programs---they often outsource the computation to a trusted arbiter in order to preserve the privacy of participants\u27 preferences. Secure multi-party computation offers the possibility of private matching processes that do not rely on any common trusted third party. However, stable matching algorithms have previously been considered infeasible for execution in a secure multi-party context on non-trivial inputs because they are computationally intensive and involve complex data-dependent memory access patterns.
We adapt the classic Gale-Shapley algorithm for use in such a context, and show experimentally that our modifications yield a lower asymptotic complexity and more than an order of magnitude in practical cost improvement over previous techniques. Our main improvements stem from designing new oblivious data structures that exploit the properties of
the matching algorithms. We apply a similar strategy to scale the Roth-Peranson instability chaining algorithm, currently in use by the National Resident Matching Program. The resulting protocol is efficient enough to be useful at the scale required for matching medical residents nationwide, taking just over 18 hours to complete an execution simulating the 2016 national resident match with more than 35,000 participants and 30,000 residency slots
- …