TU Darmstadt / ULB / TUbiblio

Menhir: An Oblivious Database with Protection against Access and Volume Pattern Leakage

Reichert, Leonie ; Chandran, Gowri R. ; Schoppmann, Phillipp ; Schneider, Thomas ; Scheuermann, Björn (2024)
Menhir: An Oblivious Database with Protection against Access and Volume Pattern Leakage.
19th ACM Asia Conference on Computer and Communications Security. Singapore (01.07.2024 - 05.07.2024)
doi: 10.1145/3634737.3657005
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Analyzing user data while protecting the privacy of individuals remains a big challenge. Trusted execution environments (TEEs) are a possible solution as they protect processes and Virtual Machines (VMs) against malicious hosts. However, TEEs can leak access patterns to code and to the data being processed. Furthermore, when data is stored in a TEE database, the data volume required to answer a query is another unwanted side channel that contains sensitive information. Both types of information leaks, access patterns and volume patterns, allow for database reconstruction attacks. In this paper, we present Menhir, an oblivious TEE database that hides access patterns with ORAM guarantees and volume patterns through differential privacy. The database allows range and point queries with SQL-like WHERE-clauses. It builds on the state-of-the-art oblivious AVL tree construction Oblix (S&P'18), which by itself does not protect against volume leakage. We show how volume leakage can be exploited in range queries and improve the construction to mitigate this type of attack. We prove the correctness and obliviousness of Menhir. Our evaluation shows that our approach is feasible and scales well with the number of rows and columns in the database.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2024
Autor(en): Reichert, Leonie ; Chandran, Gowri R. ; Schoppmann, Phillipp ; Schneider, Thomas ; Scheuermann, Björn
Art des Eintrags: Bibliographie
Titel: Menhir: An Oblivious Database with Protection against Access and Volume Pattern Leakage
Sprache: Englisch
Publikationsjahr: 1 Juli 2024
Verlag: ACM
Buchtitel: ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security
Veranstaltungstitel: 19th ACM Asia Conference on Computer and Communications Security
Veranstaltungsort: Singapore
Veranstaltungsdatum: 01.07.2024 - 05.07.2024
DOI: 10.1145/3634737.3657005
Zugehörige Links:
Kurzbeschreibung (Abstract):

Analyzing user data while protecting the privacy of individuals remains a big challenge. Trusted execution environments (TEEs) are a possible solution as they protect processes and Virtual Machines (VMs) against malicious hosts. However, TEEs can leak access patterns to code and to the data being processed. Furthermore, when data is stored in a TEE database, the data volume required to answer a query is another unwanted side channel that contains sensitive information. Both types of information leaks, access patterns and volume patterns, allow for database reconstruction attacks. In this paper, we present Menhir, an oblivious TEE database that hides access patterns with ORAM guarantees and volume patterns through differential privacy. The database allows range and point queries with SQL-like WHERE-clauses. It builds on the state-of-the-art oblivious AVL tree construction Oblix (S&P'18), which by itself does not protect against volume leakage. We show how volume leakage can be exploited in range queries and improve the construction to mitigate this type of attack. We prove the correctness and obliviousness of Menhir. Our evaluation shows that our approach is feasible and scales well with the number of rows and columns in the database.

Freie Schlagworte: Security and privacy, Database and storage security, Privacy- preserving protocol, TEE, DP, Volume patterns, Access Patterns
Fachbereich(e)/-gebiet(e): 18 Fachbereich Elektrotechnik und Informationstechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik > Kommunikationsnetze
20 Fachbereich Informatik
20 Fachbereich Informatik > Praktische Kryptographie und Privatheit
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 23 Jul 2024 08:40
Letzte Änderung: 22 Okt 2024 13:31
PPN: 522390854
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen