Skip to main content

Efficient Privacy-Preserving User Matching with Intel SGX

  • Conference paper
  • First Online:
Broadband Communications, Networks, and Systems (BROADNETS 2021)

Abstract

User matching is one of the most essential features that allows users to identify other people by comparing the attributes of their profiles and finding similarities. While this facility enables the exploration of friends in the same network, it poses serious security concerns over the privacy of the users as the prevalence of modern cloud computing services, companies outsource computational power to untrusted cloud service providers and confidential data of the users can be exposed as the data storage is transparent in the remote host server. Encryption can hide the user data, but it is difficult to compare the encrypted profiles. While solutions utilising the homomorphic encryption can overcome such limitations, they incur significant performance overhead, which is impractical for large networks. To overcome these problems, we propose an efficient privacy-preserving user matching protocol with Intel SGX. Other techniques such as oblivious data structure and searchable encryption are deployed to resolve security issues that Intel SGX has suffered. Our construction relies on secure hardware which guarantees the integrity and confidentiality of the code execution, which enables the computation of similarities between the profiles of the users. Moreover, our protocol is designed to provide protection against several types of side-channel attacks. The security analysis and experimental results presented in this paper indicate that our protocol is efficient, secure, practical and prevents side-channel attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proceedings of 2003 ACM SIGMOD International Conference Management of Data, pp. 86–97. ACM (2003)

    Google Scholar 

  2. Ahmed, K.W., Al Aziz, M.M., Sadat, M.N., Alhadidi, D., Mohammed, N.: Nearest neighbour search over encrypted data using Intel SGXs. J. Inf. Secur. Appl. 54, 102579 (2020)

    Google Scholar 

  3. Arnautov, S., et al.: SCONE: secure linux containers with Intel SGX. In: 12th USENIX Symposium on Operating Systems Design and Implementation, (OSDI 16), pp. 689–703 (2016)

    Google Scholar 

  4. Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: 11th USENIX Workshop on Offensive Technologies, WOOT 17 (2017)

    Google Scholar 

  5. Cash, D., et al.: Dynamic searchable encryption in very-large databases: data structures and implementation. In: NDSS, vol. 14, pp. 23–26. Citeseer (2014)

    Google Scholar 

  6. Duan, H., Wang, C., Yuan, X., Zhou, Y., Wang, Q., Ren, K.: Lightbox: full-stack protected stateful middlebox at lightning speed. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2351–2367 (2019)

    Google Scholar 

  7. Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 1–19. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_1

    Chapter  Google Scholar 

  8. Götzfried, J., Eckert, M., Schinzel, S., Müller, T.: Cache attacks on Intel SGX. In: Proceedings of the 10th European Workshop on Systems Security, pp. 1–6 (2017)

    Google Scholar 

  9. Jiang, Q., Qi, Y., Qi, S., Zhao, W., Lu, Y.: Pbsx: a practical private Boolean search using Intel SGX. Inf. Sci. 521, 174–194 (2020)

    Article  Google Scholar 

  10. Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 241–257. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_15

    Chapter  Google Scholar 

  11. Li, H., Liu, D., Dai, Y., Luan, T.H.: Engineering searchable encryption of mobile cloud networks: when QoE meets QoP. IEEE Wirel. Commun. 22(4), 74–80 (2015)

    Article  Google Scholar 

  12. Luo, J., Yang, X., Yi, X.: SGX-based users matching with privacy protection. In: Proceedings of the Australasian Computer Science Week Multiconference, pp. 1–9 (2020)

    Google Scholar 

  13. Moghimi, A., Irazoqui, G., Eisenbarth, T.: CacheZoom: how SGX amplifies the power of cache attacks. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 69–90. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_4

    Chapter  Google Scholar 

  14. Oleksenko, O., Trach, B., Krahn, R., Silberstein, M., Fetzer, C.: Varys: protecting SGX enclaves from practical side-channel attacks. In: 2018 USENIX Annual Technical Conference, USENIX ATC 18, pp. 227–240 (2018)

    Google Scholar 

  15. Priebe, C., Vaswani, K., Costa, M.: Enclavedb: a secure database using SGX. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 264–278. IEEE (2018)

    Google Scholar 

  16. Sasy, S., Gorbunov, S., Fletcher, C.W.: ZeroTrace: oblivious memory primitives from Intel SGX. IACR Cryptol. ePrint Arch. 2017, 549 (2017)

    Google Scholar 

  17. Schuster, F., et al.: Vc3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy, pp. 38–54. IEEE (2015)

    Google Scholar 

  18. Seo, J., et al.: SGX-shield: enabling address space layout randomization for SGX programs. In: NDSS (2017)

    Google Scholar 

  19. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: BlindBox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226 (2015)

    Google Scholar 

  20. Shi, E., Chan, T.-H.H., Stefanov, E., Li, M.: Oblivious ram with O((logN)3) worst-case cost. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 197–214. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_11

    Chapter  Google Scholar 

  21. Spreitzer, R., Plos, T.: Cache-access pattern attack on disaligned AES T-tables. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 200–214. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40026-1_13

    Chapter  Google Scholar 

  22. Stefanov, E., Papamanthou, C., Shi, E.: Practical dynamic searchable encryption with small leakage. In: NDSS, vol. 71, pp. 72–75 (2014)

    Google Scholar 

  23. Stefanov, E., et al.: Path ORAM: an extremely simple oblivious RAM protocol. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 299–310 (2013)

    Google Scholar 

  24. Tian, H., et al.: Switchless calls made practical in Intel SGXs. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution, pp. 22–27 (2018)

    Google Scholar 

  25. Tsai, C.C., Porter, D.E., Vij, M.: Graphene-SGX: a practical library OS for unmodified applications on SGX. In: 2017 USENIX Annual Technical Conference, USENIX ATC 17, pp. 645–658 (2017)

    Google Scholar 

  26. Van Bulck, J., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: 27th USENIX Security Symposium, USENIX Security 18, pp. 991–1008 (2018)

    Google Scholar 

  27. Wang, W., et al.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2421–2434 (2017)

    Google Scholar 

  28. Yi, X., Bertino, E., Rao, F.Y., Bouguettaya, A.: Practical privacy-preserving user profile matching in social networks. In: 2016 IEEE 32nd International Conference on Data Engineering (ICDE), pp. 373–384. IEEE (2016)

    Google Scholar 

  29. Yi, X., Bertino, E., Rao, F.Y., Lam, K.Y., Nepal, S., Bouguettaya, A.: Privacy-preserving user profile matching in social networks. IEEE Trans. Knowl. Data Eng. 32, 1572–1585 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Junwei Luo .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Luo, J., Yang, X., Yi, X., Han, F., Kelarev, A. (2022). Efficient Privacy-Preserving User Matching with Intel SGX. In: Xiang, W., Han, F., Phan, T.K. (eds) Broadband Communications, Networks, and Systems. BROADNETS 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 413. Springer, Cham. https://doi.org/10.1007/978-3-030-93479-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93479-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93478-1

  • Online ISBN: 978-3-030-93479-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics