Skip to main content
SpringerLink
Log in

Using Intel Software Guard Extensions for Efficient Two-Party Secure Function Evaluation

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9604))

Included in the following conference series:

Abstract

Recent developments have made two-party secure function evaluation (2P-SFE) vastly more efficient. However, because they make extensive use of cryptographic operations, these protocols remain too slow for practical use by most applications. The introduction of Intel’s Software Guard Extensions (SGX), which provide an environment for the isolated execution of code and handling of data, offers an opportunity to overcome such performance concerns. In this paper, we explore the challenges of using SGX to achieve security guarantees similar to those found in traditional 2P-SFE systems. After demonstrating a number of critical concerns, we develop two protocols for secure computation in the semi-honest model on this platform: one in which both parties are SGX-enabled and a second in which only one party has direct access to this hardware. We then show how these protocols can be made secure in the malicious model. We conclude that implementing 2P-SFE on SGX-enabled devices can render it practical for a wide range of applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (2013)

    Google Scholar 

  2. Arasu, A., Blanas, S., Eguro, K., Kaushik, R., Kossmann, D., Ramamurthy, R., Venkatesan, R.: Orthogonal security with cipherbase. In: CIDR (2013)

    Google Scholar 

  3. Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  4. Bajaj, S., Sion, R.: TrustedDB: a trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng. 26(3), 752–765 (2014)

    Article  Google Scholar 

  5. Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2014)

    Google Scholar 

  6. Bogdanov, D., Talviste, R., Willemson, J.: Deploying secure multi-party computation for financial data analysis. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 57–64. Springer, Heidelberg (2012)

    Google Scholar 

  7. Bogetoft, P., Christensen, D.L., Damgård, I., Geisler, M., Jakobsen, T., Krøigaard, M., Nielsen, J.D., Nielsen, J.B., Nielsen, K., Pagter, J., Schwartzbach, M., Toft, T.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Burkhart, M., Strasser, M., Many, D., Dimitropoulos, X.: SEPIA: privacy-preserving aggregation of multi-domain network events and statistics. In: Proceedings of the USENIX Security Symposium (2010)

    Google Scholar 

  9. Carter, H., Amrutkar, C., Dacosta, I., Traynor, P.: For your phone only: custom protocols for efficient secure function evaluation on mobile devices. J. Secur. Commun. Netw. (SCN) 7(7), 1165–1176 (2014)

    Article  Google Scholar 

  10. Carter, H., Lever, C., Traynor, P.: Whitewash: outsourcing garbled circuit generation for mobile devices. In: Proceedings of the Annual Computer Security Applications Conference (ACSAC) (2014)

    Google Scholar 

  11. Carter, H., Mood, B., Traynor, P., Butler, K.: Secure outsourced garbled circuit evaluation for mobile devices. In: Proceedings of the USENIX Security Symposium (SECURITY 2013) (2013)

    Google Scholar 

  12. Carter, H., Mood, B., Traynor, P., Butler, K.: Outsourcing secure two-party computation as a black box. In: Reiter, M., et al. (eds.) CANS 2015. LNCS, vol. 9476, pp. 214–222. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26823-1_15

    Chapter  Google Scholar 

  13. Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: attacks and defenses for the vulnerability of the decade. In: DARPA Information Survivability Conference and Exposition, vol. 2, pp. 119–129. IEEE (2000)

    Google Scholar 

  14. Di Crescenzo, G., Feigenbaum, J., Gupta, D., Panagos, E., Perry, J., Wright, R.N.: Practical and privacy-preserving policy compliance for outsourced data. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014 Workshops. LNCS, vol. 8438, pp. 181–194. Springer, Heidelberg (2014)

    Google Scholar 

  15. Criswell, J., Dautenhahn, N., Adve, V.: Virtual ghost: protecting applications from hostile operating systems. ACM SIGARCH Comput. Architect. News 42(1), 81–96 (2014)

    Google Scholar 

  16. Damgård, I., Geisler, M., Krøigaard, M., Nielsen, J.B.: Asynchronous multiparty computation: theory and implementation. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 160–179. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Erlingsson, Ăš., Abadi, M.: Operating system protection against side-channel attacks that exploit memory latency. Technical report, MSR-TR-2007-117, Microsoft Research (2007)

    Google Scholar 

  18. Ferguson, N.: AES-CBC+ elephant diffuser: A disk encryption algorithm for windows vista. Technical report, Microsoft (2006)

    Google Scholar 

  19. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious RAMs. J. ACM (JACM) 43(3), 431–473 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  20. Greene, J.: Intel trusted execution technology. Intel Technology White Paper (2012)

    Google Scholar 

  21. Group, T.C.: Trusted platform module main specification (tpm1.0) (2011). http://www.trustedcomputinggroup.org/resources/tpm_main_specification

  22. Group, T.C.: Trusted platform module library specification (tpm2.0) (2013). http://www.trustedcomputinggroup.org/resources/tpm_library_specification

  23. Gupta, D., Segal, A., Panda, A., Segev, G., Schapira, M., Feigenbaum, J., Rexford, J., Shenker, S.: A new approach to interdomain routing based on secure multi-party computation. In: Proceedings of the 11th ACM Workshop on Hot Topics in Networks, pp. 37–42. ACM (2012)

    Google Scholar 

  24. Henecka, W., Kogl, S., Sadeghi, A.R., Schneider, T., Wehrenberg, I.: Tasty: tool for automating secure two-party computations. In: Proceedings of the Conference on Computer and Communications Security. ACM (2010)

    Google Scholar 

  25. Hoekstra, M., Lal, R., Pappachan, P., Phegade, V., Del Cuvillo, J.: Using innovative instructions to create trustworthy software solutions. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, p. 11. ACM (2013)

    Google Scholar 

  26. Holzer, A., Franz, M., Katzenbeisser, S., Veith, H.: Secure two-party computations in ANSI C. In: Proceedings of the Conference on Computer and Communications Security. ACM (2012)

    Google Scholar 

  27. Kawahara, M.: Superdistribution: the concept and the architecture. IEICE TRANSACTIONS (1976–1990) 73(7), 1133–1146 (1990)

    Google Scholar 

  28. Kreuter, B., Mood, B., Shelat, A., Butler, K.: PCF: a portable circuit format for scalable two-party secure computation. In: Proceedings of the USENIX Security Symposium (2013)

    Google Scholar 

  29. Libicki, M., Tkacheva, O., Feng, C., Hemenway, B.: Ramifications of DARPA’s PROCEED Program. RAND, Santa Monica (2014)

    Google Scholar 

  30. Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software. ACM SIGPLAN Not. 35(11), 168–177 (2000)

    Article  Google Scholar 

  31. Lindell, Y., Riva, B.: Blazing fast 2PC in the offline/online setting with security for malicious adversaries. In: Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security. ACM (2015)

    Google Scholar 

  32. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay-a secure two-party computation system. In: Proceedings of the USENIX Security Symposium (SECURITY 2004) (2004)

    Google Scholar 

  33. Martin, R., Demme, J., Sethumadhavan, S.: Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In: Proceedings of the 39th Annual International Symposium on Computer Architecture ISCA 2012, pp. 118–129. IEEE Computer Society, Washington, DC (2012)

    Google Scholar 

  34. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for TCB minimization. ACM SIGOPS Oper. Syst. Rev. 42, 315–328 (2008)

    Article  Google Scholar 

  35. Mood, B., Gupta, D., Butler, K., Feigenbaum, J.: Reuse it or lose it: more efficient secure computation through reuse of encrypted values. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2014)

    Google Scholar 

  36. Mood, B., Gupta, D., Carter, H., Butler, K., Traynor, P.: Frigate: a validated, extensible, and efficient compiler and interpreter for secure computation. In: Proceedings of the 1st IEEE European Symposium on Security and Privacy (2016)

    Google Scholar 

  37. Mood, B., Letaw, L., Butler, K.: Memory-efficient garbled circuit generation for mobile devices. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 254–268. Springer, Heidelberg (2012)

    Google Scholar 

  38. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  39. Owusu, E., Guajardo, J., McCune, J., Newsome, J., Perrig, A., Vasudevan, A.: OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 13–24. ACM (2013)

    Google Scholar 

  40. Perry, J., Gupta, D., Feigenbaum, J., Wright, R.N.: Systematizing secure computation for research and decision support. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 380–397. Springer, Heidelberg (2014)

    Google Scholar 

  41. Santos, N., Raj, H., Saroiu, S., Wolman, A.: Using arm trustzone to build a trusted language runtime for mobile applications. ACM SIGARCH Comput. Archit. News 42, 67–80 (2014)

    Google Scholar 

  42. Schuster, F., Costa, M., Fournet, C., Gkantsidis, C., Peinado, M., Mainar-Ruiz, G., Russinovich, M.: Vc 3: trustworthy data analytics in the cloud using SGX. In: 36th IEEE Symposium on Security and Privacy - S & P 2015. IEEE, New York (2015)

    Google Scholar 

  43. Shelat, A., Shen, C.: Two-output secure computation with malicious adversaries. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 386–405. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  44. Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Comput. Netw. 31(8), 831–860 (1999)

    Article  Google Scholar 

  45. Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: Efficient implementation of Rijndael encryption in reconfigurable hardware: improvements and design tradeoffs. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 334–350. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  46. Stefanov, E., Van Dijk, M., Shi, E., Fletcher, C., Ren, L., Yu, X., Devadas, S.: Path oram: an extremely simple oblivious RAM protocol. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 299–310. ACM (2013)

    Google Scholar 

  47. Suh, G.E., Clarke, D., Gassend, B., Van Dijk, M., Devadas, S.: Aegis: architecture for tamper-evident and tamper-resistant processing. In: Proceedings of the 17th Annual International Conference on Supercomputing, pp. 160–171. ACM (2003)

    Google Scholar 

  48. Vipindeep, V., Jalote, P.: List of common bugs and programming practices to avoid them (2005)

    Google Scholar 

  49. Winter, J.: Trusted computing building blocks for embedded Linux-based arm trustzone platforms. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 21–30. ACM (2008)

    Google Scholar 

  50. Yao, A.C.: Protocols for secure computations. In: Proceedings of the IEEE Symposium on Foundations of Computer Science (FOCS 1982) (1982)

    Google Scholar 

Download references

Acknowledgements

The first author was supported in part by DARPA contract FA8750-13-2-0058. The second and fourth authors were supported in part by NSF grants CNS-1540217 and CNS-1540218. The third author was supported in part by NSF grants CNS-1407454 and CNS-1409599. The fifth author was supported in part by NSF grants CNS-1464087 and CNS-1464088. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA, NSF, or the U.S. Government.

Author information

Authors and Affiliations

  1. Yale University, New Haven, CT, 06520, USA

    Debayan Gupta & Joan Feigenbaum

  2. University of Florida, Gainesville, FL, 32611, USA

    Benjamin Mood, Kevin Butler & Patrick Traynor

Authors
  1. Debayan Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin Mood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joan Feigenbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kevin Butler
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Patrick Traynor
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joan Feigenbaum .

Editor information

Editors and Affiliations

  1. Concordia University, Montreal, Québec, Canada

    Jeremy Clark

  2. University College London, London, United Kingdom

    Sarah Meiklejohn

  3. Université du Luxembourg, Luxembourg, Luxembourg

    Peter Y.A. Ryan

  4. Rice University, Houston, Texas, USA

    Dan Wallach

  5. Leibniz Universität Hannover, Hannover, Germany

    Michael Brenner

  6. New Jersey Institute of Technology, Newark, New Jersey, USA

    Kurt Rohloff

Rights and permissions

Reprints and permissions

Copyright information

© 2016 International Financial Cryptography Association

About this paper

Cite this paper

Gupta, D., Mood, B., Feigenbaum, J., Butler, K., Traynor, P. (2016). Using Intel Software Guard Extensions for Efficient Two-Party Secure Function Evaluation. In: Clark, J., Meiklejohn, S., Ryan, P., Wallach, D., Brenner, M., Rohloff, K. (eds) Financial Cryptography and Data Security. FC 2016. Lecture Notes in Computer Science(), vol 9604. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-53357-4_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-53357-4_20

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-53356-7

  • Online ISBN: 978-3-662-53357-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation