TEE-Graph: efficient privacy and ownership protection for cloud-based graph spectral analysis

Introduction Big graphs like social network user interactions and customer rating matrices require significant computing resources to maintain. Data owners are now using public cloud resources for storage and computing elasticity. However, existing solutions do not fully address the privacy and ownership protection needs of the key involved parties: data contributors and the data owner who collects data from contributors. Methods We propose a Trusted Execution Environment (TEE) based solution: TEE-Graph for graph spectral analysis of outsourced graphs in the cloud. TEEs are new CPU features that can enable much more efficient confidential computing solutions than traditional software-based cryptographic ones. Our approach has several unique contributions compared to existing confidential graph analysis approaches. (1) It utilizes the unique TEE properties to ensure contributors' new privacy needs, e.g., the right of revocation for shared data. (2) It implements efficient access-pattern protection with a differentially private data encoding method. And (3) it implements TEE-based special analysis algorithms: the Lanczos method and the Nystrom method for efficiently handling big graphs and protecting confidentiality from compromised cloud providers. Results The TEE-Graph approach is much more efficient than software crypto approaches and also immune to access-pattern-based attacks. Compared with the best-known software crypto approach for graph spectral analysis, PrivateGraph, we have seen that TEE-Graph has 103−105 times lower computation, storage, and communication costs. Furthermore, the proposed access-pattern protection method incurs only about 10%-25% of the overall computation cost. Discussion Our experimentation showed that TEE-Graph performs significantly better and has lower costs than typical software approaches. It also addresses the unique ownership and access-pattern issues that other TEE-related graph analytics approaches have not sufficiently studied. The proposed approach can be extended to other graph analytics problems with strong ownership and access-pattern protection.

[1]  Sherman S. M. Chow,et al.  Shielding Graph for eXact Analytics With SGX , 2023, IEEE Transactions on Dependable and Secure Computing.

[2]  Keke Chen,et al.  Making Your Program Oblivious: A Comparative Study for Side-channel-Safe Confidential Computing , 2023, 2023 IEEE 16th International Conference on Cloud Computing (CLOUD).

[3]  Jiannong Cao,et al.  StrongBox: A GPU TEE on Arm Endpoints , 2022, CCS.

[4]  Ardhi Wiratama Baskara Yudha,et al.  LITE: a low-cost practical inter-operable GPU TEE , 2022, ICS.

[5]  Alex Ozdemir,et al.  CirC: Compiler infrastructure for proof systems, software verification, and more , 2022, 2022 IEEE Symposium on Security and Privacy (SP).

[6]  Sheng Wang,et al.  Building Enclave-Native Storage Engines for Practical Encrypted Databases , 2021, Proc. VLDB Endow..

[7]  Xiaofeng Meng,et al.  LF-GDPR: A Framework for Estimating Graph Metrics With Local Differential Privacy , 2020, IEEE Transactions on Knowledge and Data Engineering.

[8]  Keke Chen,et al.  SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications , 2020, Proc. Priv. Enhancing Technol..

[9]  Ken Eguro,et al.  Azure SQL Database Always Encrypted , 2020, SIGMOD Conference.

[10]  Berk Sunar,et al.  LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[11]  Nokhbeh ZaeemRazieh,et al.  The Effect of the GDPR on Privacy Policies , 2020, ACM Trans. Manag. Inf. Syst..

[12]  Florian Kerschbaum,et al.  Efficient oblivious database joins , 2020, Proc. VLDB Endow..

[13]  Anupam Chander,et al.  Catalyzing Privacy Law , 2019, SSRN Electronic Journal.

[14]  Amit P. Sheth,et al.  Knowledge Graphs and Knowledge Networks: The Story in Brief , 2019, IEEE Internet Computing.

[15]  Keke Chen,et al.  PrivateGraph: Privacy-Preserving Spectral Analysis of Encrypted Graphs in the Cloud , 2019, IEEE Transactions on Knowledge and Data Engineering.

[16]  Stefan Katzenbeisser,et al.  HyCC: Compilation of Hybrid Protocols for Practical Secure Computation , 2018, CCS.

[17]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[18]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[19]  Harsha Ganegoda,et al.  Power Analysis Based Side Channel Attack , 2018, ArXiv.

[20]  Murat Kantarcioglu,et al.  SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors , 2017, CCS.

[21]  Yin Yang,et al.  Generating Synthetic Decentralized Social Graphs with Local Differential Privacy , 2017, CCS.

[22]  Matei Zaharia,et al.  ObliDB: Oblivious Query Processing using Hardware Enclaves , 2017 .

[23]  Ninghui Li,et al.  Locally Differentially Private Protocols for Frequency Estimation , 2017, USENIX Security Symposium.

[24]  Payman Mohassel,et al.  SecureML: A System for Scalable Privacy-Preserving Machine Learning , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[25]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[26]  Latifur Khan,et al.  SGX-Log: Securing System Logs With SGX , 2017, AsiaCCS.

[27]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[28]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[29]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[30]  Shweta Shinde,et al.  Preventing Page Faults from Telling Your Secrets , 2016, AsiaCCS.

[31]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[32]  George Kollios,et al.  GRECS: Graph Encryption for Approximate Shortest Distance Queries , 2015, IACR Cryptol. ePrint Arch..

[33]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[34]  Beng Chin Ooi,et al.  M2R: Enabling Stronger Privacy in MapReduce Computation , 2015, USENIX Security Symposium.

[35]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[36]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[37]  Elaine Shi,et al.  GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation , 2015, ASPLOS.

[38]  Michael S. Bernstein,et al.  ImageNet Large Scale Visual Recognition Challenge , 2014, International Journal of Computer Vision.

[39]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[40]  Michael I. Jordan,et al.  Local Privacy and Statistical Minimax Rates , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[41]  Mark E. J. Newman,et al.  Spectral methods for network community detection and graph partitioning , 2013, Physical review. E, Statistical, nonlinear, and soft matter physics.

[42]  Leting Wu,et al.  Differential Privacy Preserving Spectral Graph Analysis , 2013, PAKDD.

[43]  Sofya Raskhodnikova,et al.  Analyzing Graphs with Node Differential Privacy , 2013, TCC.

[44]  Zvika Brakerski,et al.  Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP , 2012, CRYPTO.

[45]  Frederik Vercauteren,et al.  Fully homomorphic SIMD operations , 2012, Designs, Codes and Cryptography.

[46]  Steven J. Plimpton,et al.  MapReduce in MPI for Large-scale graph algorithms , 2011, Parallel Comput..

[47]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[48]  Jonathan Katz,et al.  Faster Secure Two-Party Computation Using Garbled Circuits , 2011, USENIX Security Symposium.

[49]  P. Pardalos,et al.  Clustering challenges in biological networks , 2009 .

[50]  Jian Pei,et al.  A brief survey on anonymization techniques for privacy preserving publishing of social network data , 2008, SKDD.

[51]  Jon M. Kleinberg,et al.  Group formation in large social networks: membership, growth, and evolution , 2006, KDD '06.

[52]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[53]  Christos Faloutsos,et al.  Graph mining: Laws, generators, and algorithms , 2006, CSUR.

[54]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[55]  Pavel Berkhin,et al.  A Survey on PageRank Computing , 2005, Internet Math..

[56]  Michael I. Jordan,et al.  On Spectral Clustering: Analysis and an algorithm , 2001, NIPS.

[57]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[58]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[59]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[60]  Zhipeng Jia,et al.  Telekine: Secure Computing with Cloud GPUs , 2020, NSDI.

[61]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[62]  S. Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[63]  Jitendra Malik,et al.  Spectral grouping using the Nystrom method , 2004, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[64]  Ian T. Jolliffe,et al.  Principal Component Analysis , 1986, Springer Series in Statistics.

[65]  J. Cullum,et al.  Lanczos Algorithms for Large Symmetric Eigenvalue Computations Vol. I Theory , 1984 .

[66]  Sagar Sharma,et al.  Confidential Boosting with Random Linear Classifiers for Outsourced User-generated Data , 2022 .