Subdomain and Access Pattern Privacy - Trading off Confidentiality and Performance

Johannes Schneider, Bin Lu, Thomas Locher, Yvonne-Anne Pignolet, Matus Harvan, Sebastian Obermeier

Abstract

Homomorphic encryption and secure multi-party computation enable computations on encrypted data. However, both techniques suffer from a large performance overhead. While advances in algorithms might reduce the overhead, we show that achieving perfect (or even computational) confidentiality is not possible without increasing the running time compared to computations on plaintext more than exponentially in some cases. In practice, however, perfect confidentiality is not always required. The paper discusses mechanisms to trade off confidentiality and performance for computing on ciphertexts. It introduces a fine-grained approach to define security levels for variables called (statistical) subdomain privacy. This concept differs substantially from prior work because it treats a variable as confidential or non-confidential depending on the actual value. We further propose privacy-preserving methods for memory access patterns. We apply our techniques to improve performance of control flow logic (loops, if-then-else logic) and arithmetic operations such as multiplications. The evaluation shows that the resulting speedup can be in the order of several magnitudes depending on the privacy needs.

References

  1. Beaver, D. (1992). Efficient multiparty protocols using circuit randomization. In Advances in Cryptology (CRYPTO), pages 420-432.
  2. Bindschaedler, V., Naveed, M., Pan, X., Wang, X., and Huang, Y. (2015). Practicing oblivious access on cloud storage: the gap, the fallacy, and the new way forward. In Proc. of the 22nd ACM SIGSAC Conf. on Computer and Communications Security, pages 837- 849.
  3. Bogdanov, D., Laud, P., and Randmets, J. (2014). DomainPolymorphic Programming of Privacy-Preserving Applications. In Proc. 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), pages 53-65.
  4. Clark, D., Hunt, S., and Malacaria, P. (2005). Quantitative Information Flow, Relations and Polymorphic Types. Journal of Logic and Computation, 18(2):181-199.
  5. Clarkson, M. R., Myers, A. C., and Schneider, F. B. (2009). Quantifying Information Flow with Beliefs. 17(5):655-701.
  6. Demmler, D., Schneider, T., and Zohner, M. (2015). ABY - A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In Proc. Network and Distributed System Security (NDSS).
  7. Goguen, J. and Meseguer, J. (1982). Security policies and security models. In Security and Privacy, 1982 IEEE Symposium on, pages 11-11.
  8. Goldreich, O., Micali, S., and Wigderson, A. (1987). How to play any mental game. In Proc. of 19th Symp. on Theory of computing, pages 218-229.
  9. Goldreich, O. and Ostrovsky, R. (1996). Software protection and simulation on oblivious rams. Journal of the ACM (JACM), 43(3):431-473.
  10. Hacigümüs¸, H., Hore, B., Iyer, B., and Mehrotra, S. (2007). Search on Encrypted Data. In Secure Data Management in Decentralized Systems, pages 383-425.
  11. Holzer, A., Franz, M., Katzenbeisser, S., and Veith, H. (2012). Secure two-party computations in ansi c. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 772-783. ACM.
  12. Kerschbaum, F., Schneider, T., and Schröpfer, A. (2014). Automatic Protocol Selection in Secure Two-Party Computations. In Applied Cryptography and Network Security, pages 566-584. Springer.
  13. Laud, P. and Randmets, J. (2015). A domain-specific language for low-level secure multiparty computation protocols. In Proc. of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pages 1492-1503.
  14. Paillier, P. (1999). Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Advances in Cryptology-EUROCRYPT'99, pages 223-238.
  15. Popa, R. A., Redfield, C., Zeldovich, N., and Balakrishnan, H. (2011). CryptDB Protecting Confidentiality with Encrypted Query Processing. In Proc. 23rd ACM Symposium on Operating Systems Principles (SOSP), pages 85-100.
  16. Rastogi, A., Hammer, M. A., and Hicks, M. (2014). Wysteria: A programming language for generic, mixedmode multiparty computations. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 655-670. IEEE.
  17. Sabelfeld, A. and Myers, A. C. (2003). Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19.
  18. Schneider, J. (2016). Lean and fast secure multi-party computation: Minimizing communication and local computation using a helper. 13th Int. Conf. on Security and Cryptography(SECRYPT).
  19. Stefanov, E., Van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., and Devadas, S. (2013). Path oram: An extremely simple oblivious ram protocol. In Proc. of the SIGSAC conference on Computer & communications security, pages 299-310.
  20. Tople, S., Shinde, S., Chen, Z., and Saxena, P. (2013). AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content. In Proc. 20th SIGSAC Conf. on Computer and Communications Security (CCS), pages 1297-1310.
  21. Zhang, Y., Steele, A., and Blanton, M. (2013). PICCO: A General-Purpose Compiler for Private Distributed Computation. In Proc. 20th SIGSAC Conf. on Computer and Communications Security (CCS), pages 813-826.
  22. Ziegeldorf, J. H., Metzke, J., Henze, M., and Wehrle, K. (2015). Choose Wisely: A Comparison of Secure Two-Party Computation Frameworks. In Proc. IEEE Symposium on Security and Privacy Workshops (SPW), pages 198-205.
Download


Paper Citation


in Harvard Style

Schneider J., Lu B., Locher T., Pignolet Y., Harvan M. and Obermeier S. (2016). Subdomain and Access Pattern Privacy - Trading off Confidentiality and Performance . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 49-60. DOI: 10.5220/0005954100490060


in Bibtex Style

@conference{secrypt16,
author={Johannes Schneider and Bin Lu and Thomas Locher and Yvonne-Anne Pignolet and Matus Harvan and Sebastian Obermeier},
title={Subdomain and Access Pattern Privacy - Trading off Confidentiality and Performance},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={49-60},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005954100490060},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Subdomain and Access Pattern Privacy - Trading off Confidentiality and Performance
SN - 978-989-758-196-0
AU - Schneider J.
AU - Lu B.
AU - Locher T.
AU - Pignolet Y.
AU - Harvan M.
AU - Obermeier S.
PY - 2016
SP - 49
EP - 60
DO - 10.5220/0005954100490060