Self-Expiring Data Capsule using Trusted Execution Environment

Data privacy is unarguably of extreme importance. Nonetheless, there exist various daunting challenges to safe-guarding data privacy. These challenges stem from the fact that data owners have little control over their data once it has transgressed their local storage and been managed by third parties whose trustworthiness is questionable at times. Our work seeks to enhance data privacy by constructing a self-expiring data capsule. Sensitive data is encapsulated into a capsule which is associated with an access policy an expiring condition. The former indicates eligibility of functions that can access the data, and the latter dictates when the data should become inaccessible to anyone, including the previously eligible functions. Access to the data capsule, as well as its dismantling once the expiring condition is met, are governed by a committee of independent and mutually distrusting nodes. The pivotal contribution of our work is an integration of hardware primitive, state machine replication and threshold secret sharing in the design of the self-expiring data encapsulation framework. We implement the proposed framework in a system called TEEKAP. Our empirical experiments conducted on a realistic deployment setting with the access control committee spanning across four geographical regions reveal that TEEKAP can process access requests at scale with sub-second latency.

[1]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[2]  John K. Ousterhout,et al.  In Search of an Understandable Consensus Algorithm , 2014, USENIX ATC.

[3]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[4]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[5]  Hung Dang,et al.  Autonomous Membership Service for Enclave Applications , 2019, ArXiv.

[6]  Timothy Fraser,et al.  Hardening COTS software with generic software wrappers , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[8]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[9]  Chao Li,et al.  Timed-Release of Self-Emerging Data Using Distributed Hash Tables , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[10]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[11]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[12]  Dawn Song,et al.  Keystone: An Open Framework for Architecting TEEs , 2019 .

[13]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[14]  Beng Chin Ooi,et al.  Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute , 2017, Proc. Priv. Enhancing Technol..

[15]  Dawn Song,et al.  Keystone: an open framework for architecting trusted execution environments , 2020, EuroSys.

[16]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .

[17]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[18]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[19]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[20]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[21]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[22]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[23]  Mina J. Hanna,et al.  User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection , 2018, Computer.

[24]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[25]  Rüdiger Kapitza,et al.  Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[26]  Srinivas Devadas,et al.  A Formal Foundation for Secure Remote Execution of Enclaves , 2017, IACR Cryptol. ePrint Arch..

[27]  Zohar Manna,et al.  A Deductive Approach to Program Synthesis , 1979, TOPL.

[28]  Jean-Jacques Quisquater,et al.  Efficient and Non-interactive Timed-Release Encryption , 2005, ICICS.

[29]  Martin R. Stytz Considering defense in depth for software applications , 2004, IEEE Security & Privacy Magazine.

[30]  Dawn Xiaodong Song,et al.  CHURP: Dynamic-Committee Proactive Secret Sharing , 2019, IACR Cryptol. ePrint Arch..

[31]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[32]  Christof Fetzer,et al.  Varys: Protecting SGX Enclaves from Practical Side-Channel Attacks , 2018, USENIX ATC.

[33]  Hung Dang,et al.  Keeping Time-Release Secrets through Smart Contracts , 2018, IACR Cryptol. ePrint Arch..

[34]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[35]  Brent Waters,et al.  Functional encryption: a new vision for public-key cryptography , 2012, CACM.

[36]  Patrick Traynor,et al.  Mitigating Risk while Complying with Data Retention Laws , 2018, CCS.

[37]  Ee-Chien Chang,et al.  Towards Scaling Blockchain Systems via Sharding , 2018, SIGMOD Conference.

[38]  Dale Skeen,et al.  Nonblocking commit protocols , 1981, SIGMOD '81.

[39]  Johannes Behl,et al.  Hybrids on Steroids: SGX-Based High Performance BFT , 2017, EuroSys.

[40]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[41]  Jianfeng Ma,et al.  A full lifecycle privacy protection scheme for sensitive data in cloud computing , 2014, Peer-to-Peer Networking and Applications.

[42]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[43]  Dan Feng,et al.  SafeVanish: An Improved Data Self-Destruction for Protecting Data Privacy , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[44]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.

[45]  David R. Karger,et al.  Koorde: A Simple Degree-Optimal Distributed Hash Table , 2003, IPTPS.