ABSTRACT
This paper investigates secure ways to interact with tamper-resistant hardware leaking a strictly bounded amount of information. Architectural support for the interaction mechanisms is studied and performance implications are evaluated.
The interaction mechanisms are built on top of a recently-proposed secure processor Ascend[ascend-stc12]. Ascend is chosen because unlike other tamper-resistant hardware systems, Ascend completely obfuscates pin traffic through the use of Oblivious RAM (ORAM) and periodic ORAM accesses. However, the original Ascend proposal, with the exception of main memory, can only communicate with the outside world at the beginning or end of program execution; no intermediate information transfer is allowed.
Our system, Stream-Ascend, is an extension of Ascend that enables intermediate interaction with the outside world. Stream-Ascend significantly improves the generality and efficiency of Ascend in supporting many applications that fit into a streaming model, while maintaining the same security level.Simulation results show that with smart scheduling algorithms, the performance overhead of Stream-Ascend relative to an insecure and idealized baseline processor is only 24.5%, 0.7%, and 3.9% for a set of streaming benchmarks in a large dataset processing application. Stream-Ascend is able to achieve a very high security level with small overheads for a large class of applications.
- Wikimedia data dumps. http://meta.wikimedia.org/wiki/Database dump.Google Scholar
- A. Arasu, S. Blanas, K. Eguro, R. Kaushik, D. Kossmann, R. Ramamurthy, and R. Venkatesan. Orthogonal security with cipherbase. Proc. of the 6th CIDR, Asilomar, CA, 2013.Google Scholar
- W. Arbaugh, D. Farber, and J. Smith. A Secure and Reliable Bootstrap Architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 65--71, May 1997. Google ScholarDigital Library
- S. Bajaj and R. Sion. Trusteddb: a trusted hardware based database with privacy and data confidentiality. In Proceedings of the 2011 international conference on Management of data, pages 205--216. ACM, 2011. Google ScholarDigital Library
- J. Bethencourt, D. Song, and B. Waters. New constructions and practical applications for private stream searching (extended abstract). In Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 132--139, Washington, DC, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- J. Bethencourt, D. Song, and B. Waters. New techniques for private stream searching. Technical report, Carnegie Mellon University, March 2006.Google Scholar
- Y. C. Chang. Single database private information retrieval with logarithmic communication. In ACISP, 2004.Google ScholarCross Ref
- B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. In FOCS, pages 45--51, 1995. Google ScholarDigital Library
- O. Chum, J. Philbin, and A. Zisserman. Near duplicate image detection: min-hash and tf-idf weighting. In M. Everingham, C. Needham, and R. Fraille, editors, BMVC 2008: Proceedings at Cryptology ePrint Archive, Report 2012/76. of the 19th British Machine Vision Conference, volume 1, pages 493--502, London, UK, 2008. BMVA.Google Scholar
- L. Fei-Fei, R. Fergus, and P. Perona. Learning generative visual models from few training examples: an incremental bayesian approach tested on 101 object categories. In IEEE. CVPR 2004. Google ScholarDigital Library
- C. Fletcher, M. van Dijk, and S. Devadas. Secure Processor Architecture for Encrypted Computation on Untrusted Programs. In Proceedings of the 7th ACM CCS Workshop on Scalable Trusted Computing, pages 3--8, Oct. 2012. Google ScholarDigital Library
- M. J. Freedman, Y. Ishai, B. Pinkas, and O. Reingold. Keyword search and oblivious pseudorandom functions. In Theory of Cryptography, pages 303--324. Springer, 2005. Google ScholarDigital Library
- O. Goldreich. Towards a theory of software protection and simulation on oblivious rams. In STOC, 1987. Google ScholarDigital Library
- O. Goldreich and R. Ostrovsky. Software protection and simulation on oblivious rams. In J. ACM, 1996. Google ScholarDigital Library
- D. Grawrock. The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press, 2006.Google Scholar
- E. Kushilevitz and R. Ostrovsky. Replication is not needed: Single database, computationally-private information retrieval. In FOCS, pages 364--373, 1997. Google ScholarDigital Library
- D. Lie, J. Mitchell, C. Thekkath, and M. Horwitz. Specifying and verifying hardware for tamper-resistant software. In Proceedings of the IEEE Symposium on Security and Privacy, 2003. Google ScholarDigital Library
- D. Lie, C. Thekkath, and M. Horowitz. Implementing an untrusted operating system on trusted hardware. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 178--192, 2003. Google ScholarDigital Library
- D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of the 9th Int'l Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pages 168--177, November 2000. Google ScholarDigital Library
- J. R. Lorch, J. W. Mickens, B. Parno, M. Raykova, and J. Schiffman. Toward practical private access to data centers via parallel oram. IACR Cryptology ePrint Archive, 2012:133, 2012. informal publication.Google Scholar
- D. G. Lowe. Distinctive image features from scale-invariant keypoints. Int. J. Comput. Vision, 60(2):91--110, Nov. 2004. Google ScholarDigital Library
- R. Ostrovsky. Efficient computation on oblivious rams. In STOC, 1990. Google ScholarDigital Library
- R. Ostrovsky and W. E. Skeith. Private searching on streaming data. In Advances in Cryptology 96 CRYPTO 2005, volume 3621 of LNCS, pages 223--240, 2005. Google ScholarDigital Library
- L. Ren, X. Yu, C. Fletcher, M. van Dijk, and S. Devadas. Design space exploration and optimization of path oblivious ram in secure processors. In Proceedings of the Int'l Symposium on Computer Architecture, June 2013. Available at Cryptology ePrint Archive, Report 2012/76. Google ScholarDigital Library
- J. Renau. Sesc: Superescalar simulator. Technical report, university of illinois urbana-champaign ECE department, 2002.Google Scholar
- L. F. G. Sarmenta, M. van Dijk, C. W. O'Donnell, J. Rhodes, and S. Devadas. Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS. In Proceedings of the 1st STC'06, Nov. 2006. Google ScholarDigital Library
- E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li. Oblivious ram with o((log n)3) worst-case cost. In Asiacrypt, pages 197--214, 2011. Google ScholarDigital Library
- J. Sivic and A. Zisserman. Video google: A text retrieval approach to object matching in videos. In Proceedings of theNinth IEEE International Conference on Computer Vision - Volume 2, ICCV '03, pages 1470--, Washington, DC, USA, 2003. IEEE Computer Society. Google ScholarDigital Library
- S. W. Smith, D. Safford, and D. S. Ord. Practical private information retrieval with secure coprocessors, 2000.Google Scholar
- E. Stefanov and E. Shi. Oblivistore: High performance oblivious cloud storage. In Proc. of IEEE Symposium on Security and Privacy, 2013. Google ScholarDigital Library
- E. Stefanov, E. Shi, and D. Song. Towards practical oblivious RAM. In NDSS, 2012.Google Scholar
- E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas. Path oram: An extremely simple oblivious ram protocol. In Proceedings of the ACM Computer and Communication Security Conference, 2013. Google ScholarDigital Library
- G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. aegis: Architecture for Tamper-Evident and Tamper-Resistant Processing. In Proceedings of the 17th ICS (MIT-CSAIL-CSG-Memo-474 is an updated version), New-York, June 2003. ACM. Google ScholarDigital Library
- G. E. Suh, C. W. O'Donnell, I. Sachdev, and S. Devadas. Design and Implementation of the aegis Single-Chip Secure Processor Using Physical Random Functions. In Proceedings of the 32nd ISCA'05, New-York, June 2005. ACM. Google ScholarDigital Library
- Trusted Computing Group. TCG Specification Architecture Overview Revision 1.2. http://www.trustedcomputinggroup.com/home, 2004.Google Scholar
- S. Wang, X. Ding, R. H. Deng, and F. Bao. Private information retrieval using trusted hardware. In ESORICS, pages 49--64, 2006. Google ScholarDigital Library
Index Terms
- Generalized external interaction with tamper-resistant hardware with bounded information leakage
Recommendations
Tamper-resistant pin-constrained digital microfluidic biochips
DAC '18: Proceedings of the 55th Annual Design Automation ConferenceDigital microfluidic biochips (DMFBs)---an emerging technology that implements bioassays through manipulation of discrete fluid droplets---are vulnerable to actuation tampering attacks, where a malicious adversary modifies control signals for the ...
Information leakage chaff: feeding red herrings to side channel attackers
DAC '15: Proceedings of the 52nd Annual Design Automation ConferenceA prominent threat to embedded systems security is represented by side-channel attacks: they have proven effective in breaching confidentiality, violating trust guarantees and IP protection schemes. State-of-the-art countermeasures reduce the leaked ...
Comments