autocrypt : enabling homomorphic computation on servers to protect sensitive web content
DESCRIPTION
AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content. Shruti Tople Shweta Shinde , Zhaofeng Chen, Prateek Saxena National University of Singapore. Problem. Cloud providers offer various services. Leak data . Cloud Server . Sensitive Data. Goal. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/1.jpg)
1
AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect
Sensitive Web Content
Shruti Tople Shweta Shinde, Zhaofeng Chen, Prateek
SaxenaNational University of Singapore
![Page 2: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/2.jpg)
2
Problem
• Cloud providers offer various services
Sensitive Data
Leak data
CloudServer
![Page 3: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/3.jpg)
3
EncryptedData
Goal
Request
Output
Client
• Preserve confidentiality of user’s data• By encryption
• Allow benign functionalities on encrypted data
EncryptedOutput
![Page 4: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/4.jpg)
4
Main Insight: Computing on Encrypted Data
• Partially Homomorphic Encryption Schemes
• Trusted APIs– To switch between encryption schemes
Search ElgamalPaillier
a = y + z
ans = a x a
==E+E XE
![Page 5: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/5.jpg)
5
ch = getc(file);if (ch == '\n')lines++;if (ch == '\r' || ch == '\f') {if (linepos > linelength)linelength = linepos;linepos = 0;words++;}if (ch == '\t') {linepos += 8 - (linepos % 8);words++;}} write_counts (lines, words);
xE
+E
==E
Enabling Homomorphic Computation:An Example
Unix Word Count (wc)
RAM
Sensitive Input
![Page 6: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/6.jpg)
6
Challenges
How to automatically transform applications that work on encrypted content ?
Can it be enabled on untrusted commodity cloud server?
Is such a solution practical in the real world ?
❶
❷
❸
![Page 7: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/7.jpg)
7
Contributions
AutoCrypt‘C’ Program
AutoCryptedProgram
APIsAutoCryptedProgram
Statically Verified
Expressiveness Efficient Secure❸
❶
❷
![Page 8: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/8.jpg)
8
Our Solution : AutoCrypt
![Page 9: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/9.jpg)
9
AutoCrypt Architecture
‘C’Program F
AutoCryptedProgram
Source Annotations Encrypted
Output
AutoCrypt
cryptedInput
EncryptedInputEncrypted
Input
APIs
![Page 10: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/10.jpg)
How AutoCrypt works?
‘C’ Program
Autocrypted Code
SSA
Transformation Type Inference
Information Flow Analysis
Untyped
IRAnnotated IR
Well Typed
IR
LLVM Pass
10
AutoCrypt
![Page 11: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/11.jpg)
11
AutoCrypt’s Type System
Type checks ?
‘C’Program
YES NO
UnsafeConversion
Unsupported Operation
![Page 12: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/12.jpg)
12
What are Unsafe Conversions ?
v = ch + 1;
If (v == ‘\n’){.... }
Unsafe Conversion
a = y + z
ans = a x a
Both need conversion between encryption schemes
Is it safe to convert arbitrarily ?
NO
Safe Conversion
Only 6 fixed conversion APIs are allowed
Do +1, +2and check
![Page 13: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/13.jpg)
13
Security:Attackers knowledge set
![Page 14: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/14.jpg)
14
Security Goal
‘C’Program F
AutoCryptedProgram
Source Annotations Encrypted
Output
AutoCrypt
EncryptedInput
Attacker’s Knowledge Set
Privacy Preserving Execution
![Page 15: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/15.jpg)
15
ch = getc(file);if (ch == '\n')lines++;if (ch == '\r' || ch == '\f') {if (linepos > linelength)linelength = linepos;linepos = 0;words++;}if (ch == '\t') {linepos += 8 - (linepos % 8);words++;}write_counts (lines, words);
Unix Word Count (wc)
RAM
xE
+E
==E
Attackers Knowledge Set
Search Constants
Program Execution
Path
Leakage via Execution Path
![Page 16: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/16.jpg)
16
Security Theorem
• Reduced Indistinquishability Modulo W
• Adversary is bound to use only W keywords
W = 12 / 256
W
Cannot Distinguish
Can Distinguish
∑ = 256
∑ - Wch == W
yes no
ch
![Page 17: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/17.jpg)
17
Application of AutoCrypt:Protecting Data on Web Servers
![Page 18: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/18.jpg)
Attacks on Web Server
SQL Injection
Memory Corruption
Command Injection
Server Misconfiguration
File Type Confusion Bugs
Web Server
![Page 19: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/19.jpg)
19
Client-Server Architecture : Setup
Hardware
Trusted Hypervisor
Trusted APIs
Untrusted VM
Client
AutoCryptedProgram
“A”Encrypted
Data
![Page 20: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/20.jpg)
20
Encrypted Output
Serving Requests
Hardware
Trusted Hypervisor
Trusted APIs
Untrusted VM
Client
EncryptedData
AutoCryptedProgram
“A”
Request : “A”
ResponsePlaintext
data +E
xE
![Page 21: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/21.jpg)
21
Evaluation
![Page 22: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/22.jpg)
22
Selecting Benchmarks
Selection Criteria :
Large scale
On real world applications
Which are complex enough
GNU CoreUtils
shred, truncate, sort, uniq, comm, od, wc, sum, cksum, fmt, old, pr , expand, unexpand, tr, cut, paste, join, base64, shuf, ptx, head, tail, split, csplit, cat, tac, nl,
Total 30 file-based programs
Out of total 11 categories, 8 file-based categories3 directory based
![Page 23: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/23.jpg)
23
Additional Micro-benchmarks
File Utility
3 Custom Programs
Determines the MIME type of a file
Matrix Multiplication
EuclideanDistanceSquare
HammingDistance
Used in Previous Work
Image Transforms Face
Recognition
FaceRecognition
HFKV’12 HEKM’11
![Page 24: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/24.jpg)
24
Expressiveness
• Successfully Transform – 25 CoreUtils– File Utility– 3 Custom Program
• AutoCrypt’s Rejected Program ( 5 )– Sort Order Preserving– uniq & comm Deterministic Encryption– od & cat –show-non-printing Unsafe Conversion
![Page 25: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/25.jpg)
25
Reduction in Developer Effort
• 1% instructions are modified ( Total : 500 - 3000)
• 9-10 % variables are encrypted (Total: 300 - 2500)
• 7-8% constants are encrypted (Total: 10 – 150 )
• AutoCrypt automates all of the above– which is otherwise difficult to identify manually
![Page 26: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/26.jpg)
26
Comparison to Previous Work
• Native Execution – Fast but not secure
• Circuit Encoding Schemes– Fully Homomorphic Encryption, Garbled Circuits– Secure but expensive for real applications
• Not fair to compare with them
![Page 27: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/27.jpg)
27
Efficiency
• Commercial solutions to protect data
• “Download & Compute”
19 Execute Fasterby factor of 2 - 100 6 Execute slower by
factor of 2 - 6Out of 25
AutoCrypted programs
4.88 ms/KB
6 ms/KB
DownloadDecrypt
Compute
![Page 28: AUTOCRYPT : Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content](https://reader036.vdocuments.mx/reader036/viewer/2022070421/56816271550346895dd2e092/html5/thumbnails/28.jpg)
28
Conclusion
• Enabling homomorphic computation on untrusted server is a promising direction
• AutoCrypt automates this for the developer
Expressiveness
• GNU CoreUtils• Custom Programs• File Utility
Efficiency
• Vs Download & Compute
Secure
• New Reduced Indistinquishability