290 likes | 455 Views
AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content. Shruti Tople Shweta Shinde , Zhaofeng Chen, Prateek Saxena National University of Singapore. Problem. Cloud providers offer various services. Leak data . Cloud Server . Sensitive Data. Goal.
E N D
AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content ShrutiTople ShwetaShinde, Zhaofeng Chen, PrateekSaxena National University of Singapore
Problem • Cloud providers offer various services Leak data Cloud Server Sensitive Data
Goal Client Request Encrypted Data Encrypted Output Output • Preserve confidentiality of user’s data • By encryption • Allow benign functionalities on encrypted data
Main Insight: Computing on Encrypted Data • Partially Homomorphic Encryption Schemes • Trusted APIs • To switch between encryption schemes • Search • Elgamal • Paillier • +E • XE • ==E a = y +z ans = a xa
Enabling Homomorphic Computation:An Example Unix Word Count (wc) ch = getc(file); if (ch == '\n') lines++; if (ch == '\r' || ch == '\f') { if (linepos > linelength) linelength = linepos; linepos = 0; words++;} if (ch == '\t') { linepos += 8 - (linepos % 8); words++;} } write_counts (lines, words); xE ==E +E RAM Sensitive Input
Challenges How to automatically transform applications that work on encrypted content ? Can it be enabled on untrusted commodity cloud server? Is such a solution practical in the real world ? ❶ ❷ ❸
Expressiveness • Efficient • Secure Contributions ‘C’ Program AutoCrypted Program ❶ AutoCrypt AutoCrypted Program Statically Verified APIs ❷ ❸
AutoCrypt Architecture crypted Input Encrypted Input Encrypted Input AutoCrypted Program ‘C’ Program F AutoCrypt APIs Source Annotations Encrypted Output
How AutoCrypt works? LLVM Pass ‘C’ Program SSA Information Flow Analysis Untyped IR Annotated IR Autocrypted Code Well Typed IR Transformation Type Inference AutoCrypt
AutoCrypt’s Type System ‘C’ Program Type checks ? Unsafe Conversion NO YES Unsupported Operation
What are Unsafe Conversions ? Do +1, +2 and check v= ch+ 1; If (v==‘\n’){ .... } a = y +z ans = a xa Both need conversion between encryption schemes Safe Conversion Unsafe Conversion Is it safe to convert arbitrarily ? NO Only 6 fixed conversion APIs are allowed
Security: Attackers knowledge set
Security Goal Encrypted Input Attacker’s Knowledge Set ‘C’ Program F AutoCrypt AutoCrypted Program Source Annotations Encrypted Output Privacy Preserving Execution
Leakage via Execution Path Unix Word Count (wc) ch = getc(file); if (ch == '\n') lines++; if (ch == '\r' || ch == '\f') { if (linepos > linelength) linelength = linepos; linepos = 0; words++;} if (ch == '\t') { linepos += 8 - (linepos % 8); words++;} write_counts(lines, words); xE ==E +E RAM Attackers Knowledge Set Search Constants Program Execution Path
Security Theorem • Reduced Indistinquishability Modulo W • Adversary is bound to use only W keywords ∑ = 256 ch ∑ - W W ch == W yes no Cannot Distinguish Can Distinguish W = 12 / 256
Application of AutoCrypt: Protecting Data on Web Servers
Attacks on Web Server Web Server Server Misconfiguration Command Injection SQL Injection Memory Corruption File Type Confusion Bugs
Client-Server Architecture : Setup Client AutoCrypted Program “A” Encrypted Data Untrusted VM Trusted Hypervisor Trusted APIs Hardware
Serving Requests Client Request : “A” AutoCrypted Program “A” Encrypted Data Encrypted Output Plaintext data Response +E Untrusted VM Trusted Hypervisor Trusted APIs xE Hardware
Selecting Benchmarks Selection Criteria : Out of total 11 categories, 8 file-based categories 3 directory based Large scale GNU CoreUtils On real world applications Total 30 file-based programs Which are complex enough shred, truncate, sort, uniq, comm, od, wc, sum, cksum, fmt, old, pr , expand, unexpand, tr, cut, paste, join,base64, shuf, ptx, head, tail, split, csplit, cat, tac, nl,
Additional Micro-benchmarks File Utility Determines the MIME type of a file 3 Custom Programs Used in Previous Work HFKV’12 HEKM’11 Hamming Distance Matrix Multiplication Euclidean Distance Square Face Recognition Image Transforms Face Recognition
Expressiveness • Successfully Transform • 25CoreUtils • File Utility • 3 Custom Program • AutoCrypt’s Rejected Program ( 5 ) • Sort Order Preserving • uniq & comm Deterministic Encryption • od & cat –show-non-printing Unsafe Conversion
Reduction in Developer Effort • 1% instructions are modified ( Total : 500 - 3000) • 9-10 % variables are encrypted (Total: 300 - 2500) • 7-8% constants are encrypted (Total: 10 – 150 ) • AutoCrypt automates all of the above • which is otherwise difficult to identify manually
Comparison to Previous Work • Native Execution • Fast but not secure • Circuit Encoding Schemes • Fully Homomorphic Encryption, Garbled Circuits • Secure but expensive for real applications • Not fair to compare with them
Efficiency • Commercial solutions to protect data • “Download & Compute” 4.88 ms/KB Decrypt Download Compute 6ms/KB Out of 25 AutoCrypted programs 19 Execute Faster by factor of 2 - 100 6 Execute slower by factor of 2 - 6
Conclusion • Enabling homomorphic computation on untrusted server is a promising direction • AutoCrypt automates this for the developer
Thank You ! Email : shruti90@comp.nus.edu.sg