Practical Data-in-Use Protection Using Binary Decision Diagrams

Protection of data-in-use, contrary to the protection of data-at-rest or data-in-transit, remains a challenge. Cryptography advances such as Fully Homomorphic Encryption (FHE) provide theoretical, albeit impractical, solutions to functionally-complete computation over encrypted operands, necessary for general-purpose computation. In this work, we propose a practical data-in-use protection mechanism that, contrary to application-specific homomorphic encryption approaches, focuses on arbitrary computation native to established programming languages, such as C++. Therefore, our work provides a more efficient alternative to FHE schemes that can be used for general-purpose computation. Specifically, we use Binary Decision Diagrams (BDD) to transform high-level programming operations to their equivalents working on protected data. To automate this, we develop a framework that allows automatic conversion of program expressions over encrypted operands into efficient circuits that are reduced using BDDs and can simulate corresponding composed operations. Our experimental results show that our methodology is orders of magnitude faster than state-of-the-art FHE schemes and enables execution of real C++ applications with practical overheads. Our framework is complemented with security analysis proving resistance to different attack methods.

[1]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[2]  Ivan Damgård,et al.  A generalization of Paillier’s public-key system with applications to electronic voting , 2010, International Journal of Information Security.

[3]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[4]  Michail Maniatakos,et al.  Trust No One: Thwarting "heartbleed" Attacks Using Privacy-Preserving Computation , 2014, 2014 IEEE Computer Society Annual Symposium on VLSI.

[5]  Jarkko Kari,et al.  Post-surjectivity and balancedness of cellular automata over groups , 2017, Discret. Math. Theor. Comput. Sci..

[6]  Jeyavijayan Rajendran,et al.  Provably-Secure Logic Locking: From Theory To Practice , 2017, CCS.

[7]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[8]  Nektarios Georgios Tsoutsos,et al.  TERMinator Suite: Benchmarking Privacy-Preserving Architectures , 2018, IEEE Computer Architecture Letters.

[9]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[10]  Somesh Jha,et al.  Secure function evaluation with ordered binary decision diagrams , 2006, CCS '06.

[11]  U. S. Army Decision Procedures for Surjectivity and Injectivity of Parallel Maps for Tessellation Structures , 2007 .

[12]  Leyla Bilge,et al.  Before we knew it: an empirical study of zero-day attacks in the real world , 2012, CCS.

[13]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[14]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[15]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[16]  Shai Halevi,et al.  Bootstrapping for HElib , 2015, EUROCRYPT.

[17]  Otto Carlos Muniz Bandeira Duarte,et al.  Somewhat homomorphic encryption scheme for arithmetic operations on large integers , 2012, 2012 Global Information Infrastructure and Networking Symposium (GIIS).

[18]  Fabio Somenzi,et al.  CUDD: CU Decision Diagram Package Release 2.2.0 , 1998 .

[19]  Mauro Conti,et al.  A Survey on Homomorphic Encryption Schemes , 2017, ACM Comput. Surv..

[20]  Saburo Muroga,et al.  Binary Decision Diagrams , 2000, The VLSI Handbook.

[21]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[22]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[23]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[24]  David Lyon,et al.  Surveillance, Snowden, and Big Data: Capacities, consequences, critique , 2014, Big Data Soc..

[25]  Meng Li,et al.  Provably secure camouflaging strategy for IC protection , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[26]  Michael Naehrig,et al.  A Comparison of the Homomorphic Encryption Schemes FV and YASHE , 2014, AFRICACRYPT.

[27]  Yang Yang,et al.  HEtest: A Homomorphic Encryption Testing Framework , 2015, Financial Cryptography Workshops.

[28]  Louis Goubin,et al.  How to reveal the secrets of an obscure white-box implementation , 2019, Journal of Cryptographic Engineering.

[29]  Seokhie Hong,et al.  Binary decision diagram to design balanced secure logic styles , 2016, 2016 IEEE 22nd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[30]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[31]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[32]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[33]  Sayak Ray,et al.  Evaluating the security of logic encryption algorithms , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[34]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[35]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[36]  Siddharth Garg,et al.  Integrated Circuit (IC) Decamouflaging: Reverse Engineering Camouflaged ICs within Minutes , 2015, NDSS.

[37]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[38]  Mohamad El Hajj,et al.  Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing , 2018, IACR Cryptol. ePrint Arch..

[39]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.