Abstract
We show how to build a practical, private data oblivious genome variants search using Intel SGX. More precisely, we consider the problem posed in Track 2 of the iDash Privacy and Security Workshop 2017 competition, which was to search for variants with high \(\chi ^{2}\) statistic among certain genetic data over two populations. The winning solution of this iDash competition (developed by Carpov and Tortech) is extremely efficient, but not memory oblivious, which potentially made it vulnerable to a whole host of memory- and cache-based side channel attacks on SGX. In this paper, we adapt a framework in which we can exactly quantify this leakage. We provide a memory oblivious implementation with reasonable information leakage at the cost of some efficiency. Our solution is roughly an order of magnitude slower than the non-memory oblivious implementation, but still practical and much more efficient than naive memory-oblivious solutions–it solves the iDash problem in approximately 5 min. In order to do this, we develop novel definitions and models for oblivious dictionary merging, which may be of independent theoretical interest.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
\(\chi ^2\) distribution with degree of freedom d is defined as sum of square of d independent standard normal variables.
References
Aumasson, J.-P., Bernstein, D.J.: SipHash: a fast short-input PRF. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 489–508. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_28
Ajtai, M., Komlós, J., Szemerédi, E.: An \(O(n \log n)\) sorting network. In: 15th Annual ACM Symposium on Theory of Computing, pp. 1–9, Boston, MA, USA, 25–27 April 1983. ACM Press (1983)
Arnautov, S., et al.: SCONE: secure Linux containers with Intel SGX. OSDI 16, 689–703 (2016)
Batcher, K.E.: Sorting networks and their applications. In: Proceedings of the April 30-May 2, 1968, Spring Joint Computer Conference, pp. 307–314. ACM (1968)
Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.-R.: Software grand exposure: SGX cache attacks are practical. arXiv preprint arXiv:1702.07521, p. 33 (2017)
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 93: 1st Conference on Computer and Communications Security, pp. 62–73, Fairfax, Virginia, USA, 3–5 November 1993. ACM Press (1993)
Chan, T.H.H., Guo, Y., Lin, W.-K., Shi, E.: Cache-oblivious and data-oblivious sorting and applications. In: Proceedings of the Twenty-Ninth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 2201–2220. SIAM (2018)
Chern, F.: Writing a damn fast hash table with tiny memory footprints (2017). http://www.idryman.org/blog/2017/05/03/writing-a-damn-fast-hash-table-with-tiny-memory-footprints. Accessed 7 June 2018
Celis, P., Larson, P., Munro, J.I.: Robin Hood hashing (preliminary report). In: 26th Annual Symposium on Foundations of Computer Science, pp. 281–288, Portland, Oregon, 21–23 October 1985. IEEE Computer Society Press (1985)
Carpov, S., Tortech, T.: Secure top most significant genome variants search: iDASH 2017 competition. Cryptology ePrint Archive, Report 2018/314 (2018). https://eprint.iacr.org/2018/314
Eskandarian, S., Zaharia, M.: An oblivious general-purpose SQL database for the cloud. arXiv preprint arXiv:1710.00458 (2017)
Fisch, B., Vinayagamurthy, D., Boneh, D., Gorbunov, S.: IRON: functional encryption using intel SGX. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 17: 24th Conference on Computer and Communications Security, pp. 765–782, Dallas, TX, USA, 31 October–2 November 2017. ACM Press (2017)
Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on Intel SGX. In: Proceedings of the 10th European Workshop on Systems Security, EuroSec 2017, pp. 2:1–2:6. ACM, New York (2017)
Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: Aho, A. (ed.) 19th Annual ACM Symposium on Theory of Computing, pp. 182–194, 25–27 May 1987. ACM Press, New York City (1987)
Goodrich, M.T.: Zig-zag sort: a simple deterministic data-oblivious sorting algorithm running in \({O}(n \log n)\) time. In: Shmoys, D.B. (ed.) 46th Annual ACM Symposium on Theory of Computing, pp. 684–693, 31 May–3 June 2014. ACM Press, New York (2014)
IDASH privacy & security workshop (2017). http://www.humangenomeprivacy.org/2017/competition-tasks.html. Accessed 7 June 2018
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055858
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of power analysis attacks on smartcards. Smartcard 99, 151–161 (1999)
Nayak, K., et al.: HOP: hardware makes obfuscation practical. In: ISOC Network and Distributed System Security Symposium - NDSS 2017, San Diego, CA, USA. The Internet Society (2017)
Ohrimenko, O., Goodrich, M.T., Tamassia, R., Upfal, E.: The Melbourne Shuffle: improving oblivious storage in the cloud. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8573, pp. 556–567. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43951-7_47
Ohrimenko, O., et al.: Oblivious multi-party machine learning on trusted processors. In: USENIX Security Symposium, pp. 619–636 (2016)
Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Cryptology ePrint Archive, Report 2002/169 (2002). http://eprint.iacr.org/2002/169
Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy, pp. 38–54, San Jose, CA, USA, 17–21 May 2015. IEEE Computer Society Press (2015)
Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing page faults from telling your secrets. In: Chen, X., Wang, X., Huang, X. (eds.) ASIACCS 16: 11th ACM Symposium on Information, Computer and Communications Security, pp. 317–328, Xi’an, China, 20 May–3 June 2016. ACM Press (2016)
Seo, J., et al.: SGX-shield: enabling address space layout randomization for SGX programs. In: ISOC Network and Distributed System Security Symposium - NDSS 2017, San Diego, CA, USA. The Internet Society (2017)
Shih, M.-W., Lee, S., Kim, T., Peinado, M.: T-SGX: eradicating controlled-channel attacks against enclave programs. In: ISOC Network and Distributed System Security Symposium - NDSS 2017, San Diego, CA, USA. The Internet Society (2017)
Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 299–310. ACM (2013)
Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 13: 20th Conference on Computer and Communications Security, pp. 299–310, Berlin, Germany, 4–8 November 2013. ACM Press (2013)
De Capitani, S., Vimercati, D., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Shuffle index: efficient and private access to outsourced data. ACM Trans. Storage (TOS) 11(4), 19 (2015)
Weichbrodt, N., Kurmus, A., Pietzuch, P., Kapitza, R.: AsyncShock: exploiting synchronisation bugs in Intel SGX enclaves. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 440–457. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_22
Zhang, F., Cecchetti, E., Croman, K., Juels, A., Shi, E.: Town crier: an authenticated data feed for smart contracts. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 16: 23rd Conference on Computer and Communications Security, pp. 270–282, Vienna, Austria, 24–28 October 2016. ACM Press (2016)
Zheng, W., Dave, A., Beekman, J.G., Popa, R.A., Gonzalez, J.E., Stoica, I.: Opaque: an oblivious and encrypted distributed analytics platform. In: NSDI, pp. 283–298 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Mandal, A., Mitchell, J.C., Montgomery, H., Roy, A. (2018). Data Oblivious Genome Variants Search on Intel SGX. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Livraga, G., Rios, R. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2018 2018. Lecture Notes in Computer Science(), vol 11025. Springer, Cham. https://doi.org/10.1007/978-3-030-00305-0_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-00305-0_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00304-3
Online ISBN: 978-3-030-00305-0
eBook Packages: Computer ScienceComputer Science (R0)