One-Time Programs made Practical

A one-time program (OTP) works as follows: Alice provides Bob with the implementation of some function. Bob can have the function evaluated exclusively on a single input of his choosing. Once executed, the program will fail to evaluate on any other input. State-of-the-art one-time programs have remained theoretical, requiring custom hardware that is cost-ineffective/unavailable, or confined to adhoc/unrealistic assumptions. To bridge this gap, we explore how the Trusted Execution Environment (TEE) of modern CPUs can realize the OTP functionality. Specifically, we build two flavours of such a system: in the first, the TEE directly enforces the one-timeness of the program; in the second, the program is represented with a garbled circuit and the TEE ensures Bob's input can only be wired into the circuit once, equivalent to a smaller cryptographic primitive called one-time memory. These have different performance profiles: the first is best when Alice's input is small and Bob's is large, and the second for the converse.

[1]  Carl A. Gunter,et al.  Privacy and Security in the Genomic Era , 2014, CCS.

[2]  Yan Huang,et al.  Efficient Genome-Wide, Privacy-Preserving Similar Patient Query based on Private Edit Distance , 2015, CCS.

[3]  Jean-Pierre Hubaux,et al.  Privacy-Preserving Computation of Disease Risk by Using Genomic, Clinical, and Environmental Data , 2013, HealthTech.

[4]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[5]  Andreas Dewald,et al.  TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.

[6]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[7]  Sotiris Ioannidis,et al.  PixelVault: Using GPUs for Securing Cryptographic Operations , 2014, CCS.

[8]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions (Intel® SGX) Support for Dynamic Memory Management Inside an Enclave , 2016, HASP 2016.

[9]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[10]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[11]  Jingqiang Lin,et al.  Copker: Computing with Private Keys without RAM , 2014, NDSS.

[12]  Daniel Wichs,et al.  Adaptive Security of Yao's Garbled Circuits , 2016, TCC.

[13]  Murat Kantarcioglu,et al.  A Cryptographic Approach to Securely Share and Query Genomic Sequences , 2008, IEEE Transactions on Information Technology in Biomedicine.

[14]  Christof Paar,et al.  Reverse Engineering x86 Processor Microcode , 2019, USENIX Security Symposium.

[15]  Elisa Bertino,et al.  PUF ROKs: a hardware approach to read-once keys , 2011, ASIACCS '11.

[16]  Patrick Traynor,et al.  Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[17]  David C. Challener,et al.  Catching the Cuckoo: Verifying TPM Proximity Using a Quote Timing Side-Channel - (Short Paper) , 2011, TRUST.

[18]  Hyoung-Chun Kim,et al.  A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping , 2018, USENIX Security Symposium.

[19]  P. Bayer,et al.  openSNP–A Crowdsourced Web Resource for Personal Genomics , 2014, PloS one.

[20]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[21]  William S. Klug,et al.  Essentials of Genetics , 1993 .

[22]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[23]  Michael Hamburg,et al.  Meltdown , 2018, meltdownattack.com.

[24]  Christof Paar,et al.  An Exploratory Analysis of Microcode as a Building Block for System Defenses , 2018, CCS.

[25]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[26]  Mihir Bellare,et al.  Adaptively Secure Garbling with Applications to One-Time Programs and Secure Outsourcing , 2012, ASIACRYPT.

[27]  Helmut Veith,et al.  Secure two-party computations in ANSI C , 2012, CCS.

[28]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[29]  Carl A. Gunter,et al.  Controlled Functional Encryption , 2014, CCS.

[30]  T. Walsh,et al.  Detection of inherited mutations for breast and ovarian cancer using genomic capture and massively parallel sequencing , 2010, Proceedings of the National Academy of Sciences.

[31]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols , 2010, Information Security and Cryptography.

[32]  Gary Look,et al.  Alzheimer's Therapeutics Targeting Amyloid Beta 1–42 Oligomers II: Sigma-2/PGRMC1 Receptors Mediate Abeta 42 Oligomer Binding and Synaptotoxicity , 2014, PloS one.

[33]  Felipe Saint-Jean Java Implementation of a Single-Database Computationally Symmetric Private Information Retrieval (cSPIR) Protocol , 2005 .

[34]  Ahmad-Reza Sadeghi,et al.  Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs - (Full Version) , 2010, CHES.

[35]  Rafal Wojtczuk,et al.  Another Way to Circumvent Intel ® Trusted Execution Technology , 2009 .

[36]  Patrick Simmons,et al.  Security through amnesia: a software-based solution to the cold boot attack on disk encryption , 2011, ACSAC '11.

[37]  Martin Daniel,et al.  TrustZone Explained: Architectural Features and Use Cases , 2016 .

[38]  Abhi Shelat,et al.  PCF: A Portable Circuit Format for Scalable Two-Party Secure Computation , 2013, USENIX Security Symposium.

[39]  Michael Cariaso,et al.  SNPedia: a wiki supporting personal genome annotation, interpretation and analysis , 2011, Nucleic Acids Res..

[40]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.

[41]  Frank Piessens,et al.  Ariadne: A Minimal Approach to State Continuity , 2016, USENIX Security Symposium.

[42]  Timothy Vidas Volatile Memory Acquisition via Warm Boot Memory Survivability , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[43]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[44]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[45]  Takashi Nishide,et al.  One-time Programs with Cloud Storage and Its Application to Electronic Money , 2017, APKC '17.

[46]  Frank Piessens,et al.  ICE: a passive, high-speed, state-continuity scheme , 2014, ACSAC.

[47]  Vandana Gunupudi,et al.  Generalized Non-Interactive Oblivious Transfer Using Count-Limited Objects with Applications to Secure Mobile Agents , 2008, Financial Cryptography.

[48]  Emiliano De Cristofaro,et al.  Countering GATTACA: efficient and secure testing of fully-sequenced human genomes , 2011, CCS '11.

[49]  Ning Zhang,et al.  TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices , 2016, IACR Cryptol. ePrint Arch..

[50]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[51]  Abhi Shelat,et al.  Billion-Gate Secure Computation with Malicious Adversaries , 2012, USENIX Security Symposium.

[52]  Murat Kantarcioglu,et al.  Secure Management of Biomedical Data With Cryptographic Hardware , 2012, IEEE Transactions on Information Technology in Biomedicine.

[53]  Gus Gutoski,et al.  Quantum one-time programs , 2013, IACR Cryptol. ePrint Arch..

[54]  Michael K. Reiter,et al.  Reducing the trusted computing base for applications on commodity systems , 2009 .