Combining homomorphic encryption with trusted execution environment: A demonstration with paillier encryption and SGX

Nir Drucker, Shay Gueron

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Cloud database services offer performance and storage advantages that local client platforms do not have, and become very appealing solutions. We list three approaches that address data privacy concerns that are associated with depositing sensitive data on remote platforms. Users can protect their data privacy by locally encrypting it before uploading to remote cloud servers. This prevents the servers from carrying out operations on the data, and also increases the networking overheads. Another approach uses a Trusted Execution Environments (TEE) to protect the data. Examples include OS containers, Virtual Machines or Intel's Software Guard Extension (SGX). This approach relies on the trustworthiness of the TEE for privacy and integrity of operations. The third approach is using Homomorhpic Encryption (HE) schemes. They can allow a remote platform to carry out computations on encrypted data, but are malleable. Adding authentication tags to database entries could solve this problem only if the server is in the user's trust domain. We present here a new combined model. It uses a TEE to guarantee the integrity and correctness of the database code and data, while the data itself is encrypted with some HE scheme. In this way, the malleability protection, achieved through the TEE, is decoupled from the privacy protection that is achieved through the HE. Of course, this comes at some performance costs, but the results of our demonstration, that uses SGX as the TEE and Paillier cryptosystem as the HE, indicate that the proposed combined solution is practical.

Original languageEnglish
Title of host publicationMIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages85-88
Number of pages4
ISBN (Electronic)9781450351775
DOIs
StatePublished - 30 Oct 2017
Event9th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2017 - Dallas, United States
Duration: 30 Oct 2017 → …

Publication series

NameMIST 2017 - Proceedings of the 2017 International Workshop on Managing Insider Security Threats, co-located with CCS 2017
Volume2017-January

Conference

Conference9th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2017
Country/TerritoryUnited States
CityDallas
Period30/10/17 → …

Bibliographical note

Publisher Copyright:
© 2017 Copyright held by the owner/author(s).

Keywords

  • Cloud database
  • Homomorphic encryption
  • Paillier cryptosystem
  • Secure guard extension
  • Trusted execution environment

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems

Fingerprint

Dive into the research topics of 'Combining homomorphic encryption with trusted execution environment: A demonstration with paillier encryption and SGX'. Together they form a unique fingerprint.

Cite this