Reichert, Leonie ; Chandran, Gowri R. ; Schoppmann, Phillipp ; Schneider, Thomas ; Scheuermann, Björn (2024)
Menhir: An Oblivious Database with Protection against Access
and Volume Pattern Leakage.
19th ACM Asia Conference on Computer and Communications Security. Singapore (01.07.2024 - 05.07.2024)
doi: 10.1145/3634737.3657005
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Analyzing user data while protecting the privacy of individuals remains a big challenge. Trusted execution environments (TEEs) are a possible solution as they protect processes and Virtual Machines (VMs) against malicious hosts. However, TEEs can leak access patterns to code and to the data being processed. Furthermore, when data is stored in a TEE database, the data volume required to answer a query is another unwanted side channel that contains sensitive information. Both types of information leaks, access patterns and volume patterns, allow for database reconstruction attacks. In this paper, we present Menhir, an oblivious TEE database that hides access patterns with ORAM guarantees and volume patterns through differential privacy. The database allows range and point queries with SQL-like WHERE-clauses. It builds on the state-of-the-art oblivious AVL tree construction Oblix (S&P'18), which by itself does not protect against volume leakage. We show how volume leakage can be exploited in range queries and improve the construction to mitigate this type of attack. We prove the correctness and obliviousness of Menhir. Our evaluation shows that our approach is feasible and scales well with the number of rows and columns in the database.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2024 |
| Autor(en): | Reichert, Leonie ; Chandran, Gowri R. ; Schoppmann, Phillipp ; Schneider, Thomas ; Scheuermann, Björn |
| Art des Eintrags: | Bibliographie |
| Titel: | Menhir: An Oblivious Database with Protection against Access and Volume Pattern Leakage |
| Sprache: | Englisch |
| Publikationsjahr: | 1 Juli 2024 |
| Verlag: | ACM |
| Buchtitel: | ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security |
| Veranstaltungstitel: | 19th ACM Asia Conference on Computer and Communications Security |
| Veranstaltungsort: | Singapore |
| Veranstaltungsdatum: | 01.07.2024 - 05.07.2024 |
| DOI: | 10.1145/3634737.3657005 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Analyzing user data while protecting the privacy of individuals remains a big challenge. Trusted execution environments (TEEs) are a possible solution as they protect processes and Virtual Machines (VMs) against malicious hosts. However, TEEs can leak access patterns to code and to the data being processed. Furthermore, when data is stored in a TEE database, the data volume required to answer a query is another unwanted side channel that contains sensitive information. Both types of information leaks, access patterns and volume patterns, allow for database reconstruction attacks. In this paper, we present Menhir, an oblivious TEE database that hides access patterns with ORAM guarantees and volume patterns through differential privacy. The database allows range and point queries with SQL-like WHERE-clauses. It builds on the state-of-the-art oblivious AVL tree construction Oblix (S&P'18), which by itself does not protect against volume leakage. We show how volume leakage can be exploited in range queries and improve the construction to mitigate this type of attack. We prove the correctness and obliviousness of Menhir. Our evaluation shows that our approach is feasible and scales well with the number of rows and columns in the database. |
| Freie Schlagworte: | Security and privacy, Database and storage security, Privacy- preserving protocol, TEE, DP, Volume patterns, Access Patterns |
| Fachbereich(e)/-gebiet(e): | 18 Fachbereich Elektrotechnik und Informationstechnik 18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik 18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik > Kommunikationsnetze 20 Fachbereich Informatik 20 Fachbereich Informatik > Praktische Kryptographie und Privatheit DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 23 Jul 2024 08:40 |
| Letzte Änderung: | 06 Aug 2024 07:15 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum