Enforcing Private Data Usage Control with Blockchain and Attested Off-chain Contract Execution

The abundance of rich varieties of data is enabling many transformative applications of big data analytics that have profound societal impacts. However, there are also increasing concerns regarding the improper use of individual users' private data. Many argue that the technology that customizes our experience in the cyber domain is threatening the fundamental civil right to privacy. In this paper, we propose PrivacyGuard, a system that leverages smart contract in blockchain and trusted execution environment to enable individuals' control over other parties' access and use of their private data. In our design, smart contracts are used to specify data usage policy (i.e. who can use what data under which conditions along with how the data can be used), while the distributed ledger is used to keep an irreversible and non-repudiable record of data usage. To address the contract execution efficiency problem, as well as to prevent exposing user data on the publicly viewable blockchain, we construct a novel off-chain contract execution engine which realizes trustworthy contract execution off-chain in an trusted execution environment (TEE). By running the contract program inside a hardware-assisted TEE, the proposed off-chain trustworthy contract execution improves system efficiency significantly, as its correctness does not rely on distributed consensus which essentially requires the contract program be executed on all miner nodes. In order to leverage TEE in off-chain execution, PrivacyGuard has to several technical challenges such as synchronous function completion and scalability mitigation in blockchain platform. We build and deploy a prototype of PrivacyGuard using Ethereum and Intel SGX, and our experiments demonstrate the feasibility to support data-intensive applications using data from a large number of users.

[1]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[2]  Peter Druschel,et al.  Thoth: Comprehensive Policy Compliance in Data Retrieval Systems , 2016, USENIX Security Symposium.

[3]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[4]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[5]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[6]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[7]  Srinivas Devadas,et al.  Sanctum: Minimal Hardware Extensions for Strong Software Isolation , 2016, USENIX Security Symposium.

[8]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[9]  Sabrina De Capitani di Vimercati,et al.  Mix&Slice: Efficient Access Revocation in the Cloud , 2016, CCS.

[10]  Ning Zhang,et al.  PrivacyGuard: Enforcing Private Data Usage with Blockchain and Attested Execution , 2018, DPM/CBT@ESORICS.

[11]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.

[12]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[13]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[14]  Elisa Bertino,et al.  State-of-the-art in privacy preserving data mining , 2004, SGMD.

[15]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[16]  Alex Pentland,et al.  Enigma: Decentralized Computation Platform with Guaranteed Privacy , 2015, ArXiv.

[17]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[18]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[19]  Ranjit Kumaresan,et al.  LucidiTEE: Policy-based Fair Computing at Scale , 2019, IACR Cryptol. ePrint Arch..

[20]  Ning Zhang,et al.  CacheKit: Evading Memory Introspection Using Cache Incoherence , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[21]  Elaine Shi,et al.  On Scaling Decentralized Blockchains - (A Position Paper) , 2016, Financial Cryptography Workshops.

[22]  Lee Rainie,et al.  Privacy and information sharing , 2016 .

[23]  Ning Zhang,et al.  TruSense: Information Leakage from TrustZone , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[24]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[25]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[26]  A. Asuncion,et al.  UCI Machine Learning Repository, University of California, Irvine, School of Information and Computer Sciences , 2007 .

[27]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[28]  S. Matthew Weinberg,et al.  Arbitrum: Scalable, private smart contracts , 2018, USENIX Security Symposium.

[29]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[30]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[31]  Jie Wu,et al.  Hierarchical attribute-based encryption for fine-grained access control in cloud storage services , 2010, CCS '10.

[32]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[33]  Cong Wang,et al.  Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data , 2014 .

[34]  Matt Fredrikson,et al.  Use Privacy in Data-Driven Systems: Theory and Experiments with Machine Learnt Programs , 2017, CCS.

[35]  Bart Custers,et al.  Big Data and Data Reuse: A Taxonomy of Data Reuse for Balancing Big Data Benefits and Personal Data Protection , 2016 .

[36]  Elaine Shi,et al.  Formal Abstractions for Attested Execution Secure Processors , 2017, EUROCRYPT.

[37]  Rüdiger Kapitza,et al.  Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution , 2017, USENIX Security Symposium.

[38]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[39]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[40]  Matthew Deaves,et al.  General Data Protection Regulation (GDPR) , 2017 .

[41]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[42]  Dan Boneh,et al.  IRON: Functional Encryption using Intel SGX , 2017, CCS.

[43]  Andrew Lippman,et al.  MedRec: Using Blockchain for Medical Data Access and Permission Management , 2016, 2016 2nd International Conference on Open and Big Data (OBD).

[44]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[45]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[46]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[47]  Matthew Green,et al.  Giving State to the Stateless: Augmenting Trustworthy Computation with Ledgers , 2019, NDSS.

[48]  Per Larsen,et al.  SoK: Sanitizing for Security , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[49]  Ning Zhang,et al.  CaSE: Cache-Assisted Secure Execution on ARM Processors , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[50]  Mic Bowman,et al.  Private Data Objects: an Overview , 2018, ArXiv.

[51]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[52]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[53]  Srdjan Capkun,et al.  ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts , 2020, IACR Cryptol. ePrint Arch..

[54]  Andrew Y. Ng,et al.  CheXNet: Radiologist-Level Pneumonia Detection on Chest X-Rays with Deep Learning , 2017, ArXiv.

[55]  Jason Teutsch,et al.  A scalable verification solution for blockchains , 2019, ArXiv.

[56]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[57]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[58]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[59]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[60]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[61]  Vitaly Shmatikov,et al.  Chiron: Privacy-preserving Machine Learning as a Service , 2018, ArXiv.

[62]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[63]  Sushil Jajodia,et al.  Encryption policies for regulating access to outsourced data , 2010, TODS.

[64]  Saikat Guha,et al.  Bootstrapping Privacy Compliance in Big Data Systems , 2014, 2014 IEEE Symposium on Security and Privacy.

[65]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[66]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[67]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.