1 / 29

AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content

AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content. Shruti Tople Shweta Shinde , Zhaofeng Chen, Prateek Saxena National University of Singapore. Problem. Cloud providers offer various services. Leak data . Cloud Server . Sensitive Data. Goal.

gil
Télécharger la présentation

AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content ShrutiTople ShwetaShinde, Zhaofeng Chen, PrateekSaxena National University of Singapore

  2. Problem • Cloud providers offer various services Leak data Cloud Server Sensitive Data

  3. Goal Client Request Encrypted Data Encrypted Output Output • Preserve confidentiality of user’s data • By encryption • Allow benign functionalities on encrypted data

  4. Main Insight: Computing on Encrypted Data • Partially Homomorphic Encryption Schemes • Trusted APIs • To switch between encryption schemes • Search • Elgamal • Paillier • +E • XE • ==E a = y +z ans = a xa

  5. Enabling Homomorphic Computation:An Example Unix Word Count (wc) ch = getc(file); if (ch == '\n') lines++; if (ch == '\r' || ch == '\f') { if (linepos > linelength) linelength = linepos; linepos = 0; words++;} if (ch == '\t') { linepos += 8 - (linepos % 8); words++;} } write_counts (lines, words); xE ==E +E RAM Sensitive Input

  6. Challenges How to automatically transform applications that work on encrypted content ? Can it be enabled on untrusted commodity cloud server? Is such a solution practical in the real world ? ❶ ❷ ❸

  7. Expressiveness • Efficient • Secure Contributions ‘C’ Program AutoCrypted Program ❶ AutoCrypt AutoCrypted Program Statically Verified APIs ❷ ❸

  8. Our Solution : AutoCrypt

  9. AutoCrypt Architecture crypted Input Encrypted Input Encrypted Input AutoCrypted Program ‘C’ Program F AutoCrypt APIs Source Annotations Encrypted Output

  10. How AutoCrypt works? LLVM Pass ‘C’ Program SSA Information Flow Analysis Untyped IR Annotated IR Autocrypted Code Well Typed IR Transformation Type Inference AutoCrypt

  11. AutoCrypt’s Type System ‘C’ Program Type checks ? Unsafe Conversion NO YES Unsupported Operation

  12. What are Unsafe Conversions ? Do +1, +2 and check v= ch+ 1; If (v==‘\n’){ .... } a = y +z ans = a xa Both need conversion between encryption schemes Safe Conversion Unsafe Conversion Is it safe to convert arbitrarily ? NO Only 6 fixed conversion APIs are allowed

  13. Security: Attackers knowledge set

  14. Security Goal Encrypted Input Attacker’s Knowledge Set ‘C’ Program F AutoCrypt AutoCrypted Program Source Annotations Encrypted Output Privacy Preserving Execution

  15. Leakage via Execution Path Unix Word Count (wc) ch = getc(file); if (ch == '\n') lines++; if (ch == '\r' || ch == '\f') { if (linepos > linelength) linelength = linepos; linepos = 0; words++;} if (ch == '\t') { linepos += 8 - (linepos % 8); words++;} write_counts(lines, words); xE ==E +E RAM Attackers Knowledge Set Search Constants Program Execution Path

  16. Security Theorem • Reduced Indistinquishability Modulo W • Adversary is bound to use only W keywords ∑ = 256 ch ∑ - W W ch == W yes no Cannot Distinguish Can Distinguish W = 12 / 256

  17. Application of AutoCrypt: Protecting Data on Web Servers

  18. Attacks on Web Server Web Server Server Misconfiguration Command Injection SQL Injection Memory Corruption File Type Confusion Bugs

  19. Client-Server Architecture : Setup Client AutoCrypted Program “A” Encrypted Data Untrusted VM Trusted Hypervisor Trusted APIs Hardware

  20. Serving Requests Client Request : “A” AutoCrypted Program “A” Encrypted Data Encrypted Output Plaintext data Response +E Untrusted VM Trusted Hypervisor Trusted APIs xE Hardware

  21. Evaluation

  22. Selecting Benchmarks Selection Criteria : Out of total 11 categories, 8 file-based categories 3 directory based Large scale GNU CoreUtils On real world applications Total 30 file-based programs Which are complex enough shred, truncate, sort, uniq, comm, od, wc, sum, cksum, fmt, old, pr , expand, unexpand, tr, cut, paste, join,base64, shuf, ptx, head, tail, split, csplit, cat, tac, nl,

  23. Additional Micro-benchmarks File Utility Determines the MIME type of a file 3 Custom Programs Used in Previous Work HFKV’12 HEKM’11 Hamming Distance Matrix Multiplication Euclidean Distance Square Face Recognition Image Transforms Face Recognition

  24. Expressiveness • Successfully Transform • 25CoreUtils • File Utility • 3 Custom Program • AutoCrypt’s Rejected Program ( 5 ) • Sort  Order Preserving • uniq & comm Deterministic Encryption • od & cat –show-non-printing Unsafe Conversion

  25. Reduction in Developer Effort • 1% instructions are modified ( Total : 500 - 3000) • 9-10 % variables are encrypted (Total: 300 - 2500) • 7-8% constants are encrypted (Total: 10 – 150 ) • AutoCrypt automates all of the above • which is otherwise difficult to identify manually

  26. Comparison to Previous Work • Native Execution • Fast but not secure • Circuit Encoding Schemes • Fully Homomorphic Encryption, Garbled Circuits • Secure but expensive for real applications • Not fair to compare with them

  27. Efficiency • Commercial solutions to protect data • “Download & Compute” 4.88 ms/KB Decrypt Download Compute 6ms/KB Out of 25 AutoCrypted programs 19 Execute Faster by factor of 2 - 100 6 Execute slower by factor of 2 - 6

  28. Conclusion • Enabling homomorphic computation on untrusted server is a promising direction • AutoCrypt automates this for the developer

  29. Thank You ! Email : shruti90@comp.nus.edu.sg

More Related