ConsenSGX: Scaling Anonymous Communications Networks with Trusted Execution Environments

Abstract Anonymous communications networks enable individuals to maintain their privacy online. The most popular such network is Tor, with about two million daily users; however, Tor is reaching limits of its scalability. One of the main scalability bottlenecks of Tor and similar network designs originates from the requirement of distributing a global view of the servers in the network to all network clients. This requirement is in place to avoid epistemic attacks, in which adversaries who know which parts of the network certain clients do and do not know about can rule in or out those clients from being responsible for particular network traffic. In this work, we introduce a novel solution to this scalability problem by leveraging oblivious RAM constructions and trusted execution environments in order to enable clients to fetch only the parts of the network view they require, without the directory servers learning which parts are being fetched. We compare the performance of our design with the current Tor mechanism and other related works to show one to two orders of magnitude better performance from an end-to-end perspective. We analyse the requirements to actually deploy such a scheme today and conclude that it would only require a small fraction (<2.5%) of the relays to have the required hardware support; moreover, these relays can perform their roles with minimal network bandwidth requirements.

[1]  Micah Adler,et al.  Defending anonymous communications against passive logging attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[3]  Shweta Shinde,et al.  Preventing Page Faults from Telling Your Secrets , 2016, AsiaCCS.

[4]  Ian Goldberg,et al.  Improving the Robustness of Private Information Retrieval , 2007 .

[5]  Elaine Shi,et al.  Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM , 2015, IACR Cryptol. ePrint Arch..

[6]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[7]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[8]  Xiaoyun Wang,et al.  Cryptanalysis of a homomorphic encryption scheme from ISIT 2008 , 2012, 2012 IEEE International Symposium on Information Theory Proceedings.

[9]  Aggelos Kiayias,et al.  Decoding of Interleaved Reed Solomon Codes over Noisy Data , 2003, ICALP.

[10]  Ian Goldberg,et al.  Sublinear Scaling for Multi-Client Private Information Retrieval , 2015, Financial Cryptography.

[11]  Marc-Olivier Killijian,et al.  XPIR : Private Information Retrieval for Everyone , 2016, Proc. Priv. Enhancing Technol..

[12]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[13]  Nikita Borisov,et al.  Improving Security and Performance in the Tor Network through Tunable Path Selection , 2011, IEEE Transactions on Dependable and Secure Computing.

[14]  Philippe Gaborit,et al.  A fast private information retrieval protocol , 2008, 2008 IEEE International Symposium on Information Theory.

[15]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[16]  Elaine Shi,et al.  Towards Practical Oblivious RAM , 2011, NDSS.

[17]  Matthew K. Wright,et al.  Salsa: a structured approach to large-scale anonymity , 2006, CCS '06.

[18]  Prateek Mittal,et al.  Information leaks in structured peer-to-peer anonymous communication systems , 2008, CCS.

[19]  Elaine Shi,et al.  Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM , 2016, TCC.

[20]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[21]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[22]  Jon Crowcroft,et al.  A survey and comparison of peer-to-peer overlay network schemes , 2005, IEEE Communications Surveys & Tutorials.

[23]  Christopher W. Fletcher,et al.  ZeroTrace : Oblivious Memory Primitives from Intel SGX , 2018, NDSS.

[24]  Srinath T. V. Setty,et al.  PIR with Compressed Queries and Amortized Query Processing , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[25]  Stefan Richter,et al.  NISAN: network information service for anonymization networks , 2009, CCS.

[26]  Elaine Shi,et al.  Circuit ORAM: On Tightness of the Goldreich-Ostrovsky Lower Bound , 2015, IACR Cryptol. ePrint Arch..

[27]  Razvan Barbulescu,et al.  Updating Key Size Estimations for Pairings , 2018, Journal of Cryptology.

[28]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[29]  Elaine Shi,et al.  Constants Count: Practical Improvements to Oblivious RAM , 2015, USENIX Security Symposium.

[30]  Thomas Eisenbarth,et al.  CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[31]  Ramzi A. Haraty,et al.  I2P Data Communication System , 2011, ICON 2011.

[32]  Nicholas Hopper,et al.  Scalable onion routing with torsk , 2009, CCS.

[33]  Madhu Sudan,et al.  Reconstructing curves in three (and higher) dimensional space from noisy data , 2003, STOC '03.

[34]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[35]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[36]  Sarvar Patel,et al.  Private Stateful Information Retrieval , 2018, CCS.

[37]  George Danezis,et al.  Bridging and Fingerprinting: Epistemic Attacks on Route Selection , 2008, Privacy Enhancing Technologies.

[38]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[39]  Apu Kapadia,et al.  Halo: High-Assurance Locate for Distributed Hash Tables , 2008, NDSS.

[40]  Prateek Mittal,et al.  In search of an anonymous and secure lookup: attacks on structured peer-to-peer anonymous communication systems , 2010, CCS '10.

[41]  Carmela Troncoso,et al.  PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval , 2011, USENIX Security Symposium.

[42]  Dan S. Wallach,et al.  A Survey of Peer-to-Peer Security Issues , 2002, ISSS.

[43]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[44]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[45]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[46]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[47]  Kyungtae Kim,et al.  OBLIVIATE: A Data Oblivious Filesystem for Intel SGX , 2018, NDSS.

[48]  George Danezis,et al.  Route Fingerprinting in Anonymous Communications , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[49]  Nikita Borisov,et al.  Breaking the Collusion Detection Mechanism of MorphMix , 2006, Privacy Enhancing Technologies.

[50]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[51]  Nicholas Hopper,et al.  Balancing the shadows , 2010, WPES '10.

[52]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[53]  Prateek Mittal,et al.  ShadowWalker: peer-to-peer anonymous communication using redundant structured topologies , 2009, CCS.

[54]  Mehdi Tibouchi,et al.  Cryptanalysis of a (Somewhat) Additively Homomorphic Encryption Scheme Used in PIR , 2015, IACR Cryptol. ePrint Arch..

[55]  Micah Sherr,et al.  An Empirical Evaluation of Relay Selection in Tor , 2013, NDSS.

[56]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[57]  Bernhard Plattner,et al.  Introducing MorphMix: peer-to-peer based anonymous Internet usage with collusion detection , 2002, WPES '02.

[58]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[59]  Ian Goldberg,et al.  Changing of the guards: a framework for understanding and improving entry guard selection in tor , 2012, WPES '12.

[60]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[61]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[62]  Razvan Barbulescu,et al.  Extended Tower Number Field Sieve: A New Complexity for the Medium Prime Case , 2016, CRYPTO.

[63]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[64]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[65]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.