research-article

Exploring the use of Intel SGX for Secure Many-Party Applications

Authors:

Kubilay Ahmet Küçük,

Andrew Simpson,

Robin AnkeleAuthors Info & Claims

SysTEX '16: Proceedings of the 1st Workshop on System Software for Trusted Execution

Article No.: 5, Pages 1 - 6

https://doi.org/10.1145/3007788.3007793

Published: 12 December 2016 Publication History

Abstract

The theoretical construct of a Trusted Third Party (TTP) has the potential to solve many security and privacy challenges. In particular, a TTP is an ideal way to achieve secure multiparty computation---a privacy-enhancing technique in which mutually distrusting participants jointly compute a function over their private inputs without revealing these inputs. Although there exist cryptographic protocols to achieve this, their performance often limits them to the two-party case, or to a small number of participants. However, many real-world applications involve thousands or tens of thousands of participants. Examples of this type of many-party application include privacy-preserving energy metering, location-based services, and mobile network roaming.

Challenging the notion that a trustworthy TTP does not exist, recent research has shown how trusted hardware and remote attestation can be used to establish a sufficient level of assurance in a real system such that it can serve as a trustworthy remote entity (TRE). We explore the use of Intel SGX, the most recent and arguably most promising trusted hardware technology, as the basis for a TRE for many-party applications.

Using privacy-preserving energy metering as a case study, we design and implement a prototype TRE using SGX, and compare its performance to a previous system based on the Trusted Platform Module (TPM). Our results show that even without specialized optimizations, SGX provides comparable performance to the optimized TPM system, and therefore has significant potential for large-scale many-party applications.

References

[1]

I. Anati et al. Innovative Technology for CPU based Attestation and Sealing. In HASP@ ISCA, 2013.

[2]

R. Ankele et al. Applying the Trustworthy Remote Entity to Privacy-Preserving Multiparty Computation: Requirements and Criteria for Large-Scale Applications. In IEEE International Conference on ATC, 2016.

[3]

A. Atamli-Reineh and A. Martin. Securing Application with Software Partitioning: A Case Study Using SGX. In Security and Privacy in Communication Networks. 2015.

[4]

A. Bartoli et al. Secure Lossless Aggregation for Smart Grid M2M Networks. In IEEE SmartGridComm, 2010.

[5]

J.-M. Bohli, C. Sorge, and O. Ugus. A Privacy Model for Smart Metering. In IEEE International Conference on Communications Workshops, 2010.

[6]

S. Checkoway and H. Shacham. Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface. In Eighteenth International Conference on ASPLOS, 2013.

Digital Library

[7]

C.-Y. Chow et al. A Peer-to-Peer Spatial Cloaking Algorithm for Anonymous Location-Based Service. In ACM symposium on Advances in Geographic Information Systems, 2006.

Digital Library

[8]

C. Dwork. Differential Privacy. In Automata, Languages and Programming. 2006.

Digital Library

[9]

C. Gentry et al. Fully Homomorphic Encryption using Ideal Lattices. In STOC, volume 9, 2009.

Digital Library

[10]

P. Jain et al. OpenSGX: An Open Platform for SGX Research. In NDSS, 2016.

[11]

S. Kim et al. A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications. In ACM Workshop on Hot Topics in Networks, 2015.

Digital Library

[12]

G. Klein et al. seL4: Formal Verification of an OS Kernel. In ACM SIGOPS 22nd SOSP, 2009.

Digital Library

[13]

P. Koeberl et al. Time to Rethink: Trust Brokerage Using Trusted Execution Environments. In TRUST. 2015.

[14]

H. Krawczyk. SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its use in the IKE Protocols. In CRYPTO. 2003.

[15]

K. Kursawe et al. Privacy-Friendly Aggregation for the Smart-Grid. In PETS, 2011.

Digital Library

[16]

F. McKeen et al. Innovative Instructions and Software Model for Isolated Execution. In HASP@ ISCA, 2013.

Digital Library

[17]

A. Paverd. Enhancing Communication Privacy Using Trustworhy Remote Entities. DPhil Thesis, University of Oxford, 2016.

[18]

A. Paverd, A. Martin, and I. Brown. Privacy-Enhanced Bi-Directional Communication in the Smart Grid using Trusted Computing. In IEEE SmartGridComm, 2014.

[19]

M. O. Rabin. How To Exchange Secrets with Oblivious Transfer. IACR Cryptology ePrint Archive, 2005, 2005.

[20]

A. Rial and G. Danezis. Privacy-preserving smart metering. In ACM workshop on Privacy in the Electronic Society, 2011.

Digital Library

[21]

R. Sinha et al. Moat: Verifying Confidentiality of Enclave Programs. In 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015.

Digital Library

[22]

Y. Xu, W. Cui, and M. Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In IEEE Symposium on Security and Privacy, 2015.

Digital Library

[23]

A. C. Yao. Protocols for Secure Computations. In Foundations of Computer Science, 1982.

Digital Library

Cited By

Gurevin DJin CNguyen PKhan Ovan Dijk M(2025)Secure Remote Attestation With Strong Key Insulation GuaranteesIEEE Transactions on Computers10.1109/TC.2023.329087074:3(848-859)Online publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1109/TC.2023.3290870
Liu THuang ZLi JNiu JChen GZhang Y(2024)SoK: Opportunities for Accelerating Multi - Party Computation via Trusted Hardware2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00024(143-154)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00024
Park JKang B(2023)EnclaveVPN: Toward Optimized Utilization of Enclave Page Cache and Practical Performance of Data Plane for Security-Enhanced Cloud VPNProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607210(397-411)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607210
Show More Cited By

Recommendations

Secure and Private Function Evaluation with Intel SGX
CCSW'19: Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop

Secure function evaluation (SFE) allows two parties to jointly evaluate a publicly known function without revealing their respective inputs. SFE can be realized via well-known cryptographic protocols, such as Yao's garbled circuits (GC) and the protocol ...
Efficient Fair Secure Two-Party Computation
APSCC '12: Proceedings of the 2012 IEEE Asia-Pacific Services Computing Conference)

Yao first introduced a constant-round protocol for secure two-party computation (2PC) withstanding semi-honest adversaries by using a tool called """"garbled circuit"""". Later, many protocols based on garbled circuit approach have been presented, most ...
Anonymous System for Fully Distributed and Robust Secure Multi-Party Computation
CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

In secure multi-party computation (SMPC), it is considered that multiple parties that are known to each other evaluate a function over their private inputs in a secure fashion. The participating parties do not learn anything about each other's private ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SysTEX '16: Proceedings of the 1st Workshop on System Software for Trusted Execution

December 2016

54 pages

ISBN:9781450346702

DOI:10.1145/3007788

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

ACM: Association for Computing Machinery
USENIX Assoc: USENIX Assoc
IFIP

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 December 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

Middleware '16

Sponsor:

ACM
USENIX Assoc

Middleware '16: 17th International Middleware Conference

December 12 - 16, 2016

Trento, Italy

Upcoming Conference

EuroSys '25

Sponsor:
sigops

Twentieth European Conference on Computer Systems

March 30 - April 3, 2025

Rotterdam , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
1,072
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)4

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gurevin DJin CNguyen PKhan Ovan Dijk M(2025)Secure Remote Attestation With Strong Key Insulation GuaranteesIEEE Transactions on Computers10.1109/TC.2023.329087074:3(848-859)Online publication date: 1-Mar-2025
https://dl.acm.org/doi/10.1109/TC.2023.3290870
Liu THuang ZLi JNiu JChen GZhang Y(2024)SoK: Opportunities for Accelerating Multi - Party Computation via Trusted Hardware2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00024(143-154)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00024
Park JKang B(2023)EnclaveVPN: Toward Optimized Utilization of Enclave Page Cache and Practical Performance of Data Plane for Security-Enhanced Cloud VPNProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607210(397-411)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607210
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Reinhold TKuehn PGünther DSchneider TReuter C(2023)ExTRUST: Reducing Exploit Stockpiles With a Privacy-Preserving Depletion System for Inter-State RelationshipsIEEE Transactions on Technology and Society10.1109/TTS.2023.32803564:2(158-170)Online publication date: Jun-2023
https://doi.org/10.1109/TTS.2023.3280356
Valadares DSobrinho ÁWill NGorgônio KPerkusich A(2023)Trusted and only Trusted. That is the Access!Advanced Information Networking and Applications10.1007/978-3-031-28694-0_47(490-503)Online publication date: 15-Mar-2023
https://doi.org/10.1007/978-3-031-28694-0_47
Küçük KMoyle SMartin AMereacre AAllott N(2022)SoK: How Not to Architect Your Next-Generation TEE Malware?Proceedings of the 11th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3569562.3569568(35-44)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1145/3569562.3569568
Kumar SPanda ASarangi SBellavista PZhang KGherbi ABagchi SPatiño MDi Modica GGascon-Samson J(2022)SecureLeaseProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3531514(29-42)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3528535.3531514
Wei WWang JYan ZDing W(2022)EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusionInformation Fusion10.1016/j.inffus.2021.12.006Online publication date: Jan-2022
https://doi.org/10.1016/j.inffus.2021.12.006
Zhang DGu Z(2021)A High-Quality Authenticatable Visual Secret Sharing Scheme Using SGXWireless Communications and Mobile Computing10.1155/2021/66607092021(1-12)Online publication date: 17-Mar-2021
https://doi.org/10.1155/2021/6660709
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten