SGX-IR: Secure Information Retrieval with Trusted Processors

To preserve the security and the privacy of the data need for cloud applications, encrypting the data before outsourcing has emerged as an important tool. Furthermore, to enable efficient processing over the encrypted data stored in the cloud, utilizing efficient searchable symmetric encryption (SSE) schemes became popular. Usually, SSE schemes require an encrypted index to be built for efficient query processing. If the data owner has limited power, building this encrypted index before data is outsourced to the cloud could become a computational bottleneck. At the same time, secure outsourcing of encrypted index building using techniques such as homomorphic encryption is too costly for large data. Instead, in this work, we use a trusted processor, e.g, Intel Software Guard eXtension (SGX), to build a secure information retrieval system that provides better security guarantee and performance improvements. Unlike other related works, we focus on securely building the encrypted index in the cloud computing environment using the SGX, and show that the encrypted index could be used for executing keyword queries over text documents and face recognition detection in image documents. Finally, we show the effectiveness of our system via extensive empirical evaluation.

[1]  Matei Zaharia,et al.  ObliDB: Oblivious Query Processing using Hardware Enclaves , 2017 .

[2]  Hyeonjoon Moon,et al.  The FERET Evaluation Methodology for Face-Recognition Algorithms , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[3]  M. F. Porter,et al.  An algorithm for suffix stripping , 1997 .

[4]  G. Golub,et al.  Eigenvalue computation in the 20th century , 2000 .

[5]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[6]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[7]  Hinrich Schütze,et al.  Introduction to information retrieval , 2008 .

[8]  Elaine Shi,et al.  Formal Abstractions for Attested Execution Secure Processors , 2017, EUROCRYPT.

[9]  Yi Zhu,et al.  A Similarity Search Scheme over Encrypted Cloud Images based on Secure Transformation , 2013 .

[10]  Min Wu,et al.  Enabling search over encrypted multimedia databases , 2009, Electronic Imaging.

[11]  Murat Kantarcioglu,et al.  Efficient Similarity Search over Encrypted Data , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[12]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[13]  Andreas Peter,et al.  A Survey of Provably Secure Searchable Encryption , 2014, ACM Comput. Surv..

[14]  Cong Wang,et al.  Towards Efficient Privacy-preserving Image Feature Extraction in Cloud Computing , 2014, ACM Multimedia.

[15]  Attila A. Yavuz,et al.  Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset , 2018, IACR Cryptol. ePrint Arch..

[16]  Paul A. Viola,et al.  Rapid object detection using a boosted cascade of simple features , 2001, Proceedings of the 2001 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. CVPR 2001.

[17]  Murat Kantarcioglu,et al.  SGX-BigMatrix: A Practical Encrypted Data Analytic Framework With Trusted Processors , 2017, CCS.

[18]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[19]  Harry Wechsler,et al.  The FERET database and evaluation procedure for face-recognition algorithms , 1998, Image Vis. Comput..

[20]  M. Turk,et al.  Eigenfaces for Recognition , 1991, Journal of Cognitive Neuroscience.

[21]  Ashay Rane,et al.  Raccoon: Closing Digital Side-Channels through Obfuscated Execution , 2015, USENIX Security Symposium.

[22]  Murat Kantarcioglu,et al.  A Practical Framework for Executing Complex Queries over Encrypted Multimedia Data , 2016, DBSec.

[23]  Kapil Vaswani,et al.  EnclaveDB: A Secure Database Using SGX , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[24]  Ahmad-Reza Sadeghi,et al.  HardIDX: Practical and Secure Index with SGX , 2017, DBSec.

[25]  Yiming Yang,et al.  The Enron Corpus: A New Dataset for Email Classi(cid:12)cation Research , 2004 .

[26]  Kenneth E. Batcher,et al.  Sorting networks and their applications , 1968, AFIPS Spring Joint Computing Conference.

[27]  Zhe Chen,et al.  SSIR: Secure similarity image retrieval in IoT , 2019, Inf. Sci..

[28]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[29]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[30]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[31]  Rainer Lienhart,et al.  An extended set of Haar-like features for rapid object detection , 2002, Proceedings. International Conference on Image Processing.

[32]  Yiwei Thomas Hou,et al.  REARGUARD: Secure Keyword Search Using Trusted Hardware , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[33]  Alexey Gribov,et al.  StealthDB: a Scalable Encrypted Database with Full SQL Query Support , 2017, Proc. Priv. Enhancing Technol..

[34]  Rishabh Poddar,et al.  Oblix: An Efficient Oblivious Search Index , 2018, 2018 IEEE Symposium on Security and Privacy (SP).