Generalized external interaction with tamper-resistant hardware with bounded information leakage
Reads0
Chats0
TLDR
Stream-Ascend significantly improves the generality and efficiency of Ascend in supporting many applications that fit into a streaming model, while maintaining the same security level, and is able to achieve a very high security level with small overheads for a large class of applications.Abstract:
This paper investigates secure ways to interact with tamper-resistant hardware leaking a strictly bounded amount of information. Architectural support for the interaction mechanisms is studied and performance implications are evaluated.The interaction mechanisms are built on top of a recently-proposed secure processor Ascend[ascend-stc12]. Ascend is chosen because unlike other tamper-resistant hardware systems, Ascend completely obfuscates pin traffic through the use of Oblivious RAM (ORAM) and periodic ORAM accesses. However, the original Ascend proposal, with the exception of main memory, can only communicate with the outside world at the beginning or end of program execution; no intermediate information transfer is allowed.Our system, Stream-Ascend, is an extension of Ascend that enables intermediate interaction with the outside world. Stream-Ascend significantly improves the generality and efficiency of Ascend in supporting many applications that fit into a streaming model, while maintaining the same security level.Simulation results show that with smart scheduling algorithms, the performance overhead of Stream-Ascend relative to an insecure and idealized baseline processor is only 24.5%, 0.7%, and 3.9% for a set of streaming benchmarks in a large dataset processing application. Stream-Ascend is able to achieve a very high security level with small overheads for a large class of applications.read more
Citations
More filters
Proceedings Article
Constants count: practical improvements to oblivious RAM
Ling Ren,Christopher W. Fletcher,Albert Kwon,Emil Stefanov,Elaine Shi,Marten van Dijk,Srinivas Devadas +6 more
TL;DR: This paper proposes Ring ORAM, the most bandwidth-efficient ORAM scheme for the small client storage setting in both theory and practice, the first tree-based ORAM whose bandwidth is independent of the ORAM bucket size, a property that unlocks multiple performance improvements.
Book ChapterDOI
Onion ORAM: A Constant Bandwidth Blowup Oblivious RAM
TL;DR: The Onion ORAM is the first concrete instantiation of a constant bandwidth blowup ORAM under standard assumptions, and proposes novel techniques to achieve security against a malicious server, without resorting to expensive and non-standard techniques such as SNARKs.
Proceedings ArticleDOI
Suppressing the Oblivious RAM timing channel while making information leakage and program efficiency trade-offs
TL;DR: This paper shows how a secure processor can bound ORAM timing channel leakage to a user-controllable leakage limit, and presents a dynamic scheme that leaks at most 32 bits through the ORam timing channel and introduces only 20% performance overhead and 12% power overhead relative to a baseline ORAM that has no timing channel protection.
Proceedings ArticleDOI
Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
TL;DR: This work is the first to prototype Recursive ORAM or ORAM with any integrity scheme in hardware and report area and clock frequency for a complete ORAM design post-synthesis and post-layout using an ASIC flow in a 32~nm commercial process.
Proceedings ArticleDOI
HOP: Hardware makes Obfuscation Practical.
Kartik Nayak,Christopher W. Fletcher,Ling Ren,Nishanth Chandran,Satya Lokam,Elaine Shi,Vipul Goyal +6 more
TL;DR: HOP is the first implementation of a provably secure VBB obfuscation scheme in any model under any assumptions, and is viewed as an important step towards deploying obfuscation technology in practice.
References
More filters
Journal ArticleDOI
Distinctive Image Features from Scale-Invariant Keypoints
TL;DR: This paper presents a method for extracting distinctive invariant features from images that can be used to perform reliable matching between different views of an object or scene and can robustly identify objects among clutter and occlusion while achieving near real-time performance.
Proceedings ArticleDOI
Video Google: a text retrieval approach to object matching in videos
TL;DR: An approach to object and scene retrieval which searches for and localizes all the occurrences of a user outlined object in a video, represented by a set of viewpoint invariant region descriptors so that recognition can proceed successfully despite changes in viewpoint, illumination and partial occlusion.
Proceedings ArticleDOI
Learning Generative Visual Models from Few Training Examples: An Incremental Bayesian Approach Tested on 101 Object Categories
TL;DR: The incremental algorithm is compared experimentally to an earlier batch Bayesian algorithm, as well as to one based on maximum-likelihood, which have comparable classification performance on small training sets, but incremental learning is significantly faster, making real-time learning feasible.
Journal ArticleDOI
Learning generative visual models from few training examples: An incremental Bayesian approach tested on 101 object categories
TL;DR: The incremental algorithm is compared experimentally to an earlier batch Bayesian algorithm, as well as to one based on maximum-likelihood, which have comparable classification performance on small training sets, but incremental learning is significantly faster, making real-time learning feasible.
Journal ArticleDOI
Private information retrieval
TL;DR: This work describes schemes that enable a user to access k replicated copies of a database and privately retrieve information stored in the database, so that each individual server gets no information on the identity of the item retrieved by the user.