Skip to main content
SpringerLink
Log in

TimeClave: Oblivious In-Enclave Time Series Processing System

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14252))

Included in the following conference series:

  • 664 Accesses

Abstract

Cloud platforms are widely adopted by many systems, such as time series processing systems, to store and process massive amounts of sensitive time series data. Unfortunately, several incidents have shown that cloud platforms are vulnerable to internal and external attacks that lead to critical data breaches. Adopting cryptographic protocols such as homomorphic encryption and secure multi-party computation adds high computational and network overhead to query operations.

We present TimeClave, a fully oblivious in-enclave time series processing system: TimeClave leverages Intel SGX to support aggregate statistics on time series with minimal memory consumption inside the enclave. To hide the access pattern inside the enclave, we introduce a non-blocking read-optimised ORAM named RoORAM. TimeClave integrates RoORAM to obliviously and securely handle client queries with high performance. With an aggregation time interval of 10 s, \(2^{14}\) summarised data blocks and 8 aggregate functions, TimeClave run point query in 0.03 ms and a range query of 50 intervals in 0.46 ms. Compared to the ORAM baseline, TimeClave achieves lower query latency by up to \(2.5\times \) and up to \(2\times \) throughput, with up to 22K queries per second.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Vasisht, D., et al.: \(\{ FarmBeats \}\): An \(\{ IoT \}\) platform for \(\{ Data-Driven \}\) agriculture. In: USENIX NSDI, pp. 515–529 (2017)

    Google Scholar 

  2. Amazon Timestream. https://aws.amazon.com/timestream/

  3. InfluxData. Influxdb (2020). https://influxdata.com

  4. Burkhalter, L., Hithnawi, A., Viand, A., Shafagh, H., Ratnasamy, S.: TimeCrypt: encrypted data stream processing at scale with cryptographic access control. In: USENIX NSDI, pp. 835–850 (2020)

    Google Scholar 

  5. Dauterman, E., Rathee, M., Popa, R.A., Stoica, I.: Waldo: a private time-series database from function secret sharing. Cryptology ePrint Archive (2021)

    Google Scholar 

  6. Poddar, R., Lan, C., Popa, R.A., Ratnasamy, S.: \(\{ SafeBricks \}\): shielding network functions in the cloud. In: USENIX NSDI, pp. 201–216 (2018)

    Google Scholar 

  7. Viand, A., Jattke, P., Hithnawi, A.: SoK: fully homomorphic encryption compilers. In: IEEE S &P, pp. 1092–1108 (2021)

    Google Scholar 

  8. Sathya, S.S., Vepakomma, P., Raskar, R., Ramachandra, R., Bhattacharya, S.: A review of homomorphic encryption libraries for secure computation. arXiv preprint arXiv:1812.02428 (2018)

  9. McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: Hasp@ isca, vol. 10, no. 1 (2013)

    Google Scholar 

  10. Tian, H., et al.: Switchless calls made practical in intel SGX. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution, pp. 22–27 (2018)

    Google Scholar 

  11. Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., Strackx, R.: Telling your secrets without page faults: stealthy page \(\{ Table-Based \}\) attacks on enclaved execution. In: USENIX Security, pp. 1041–1056 (2017)

    Google Scholar 

  12. Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of \(\{ File-Injection \}\) attacks on searchable encryption. In: USENIX Security, pp. 707–720 (2016)

    Google Scholar 

  13. Liu, C., Zhu, L., Wang, M., Tan, Y.-A.: Search pattern leakage in searchable encryption: attacks and new construction. Inf. Sci. 265, 176–188 (2014)

    Article  Google Scholar 

  14. Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: An efficient oblivious search index. In: IEEE S &P, pp. 279–296. IEEE (2018)

    Google Scholar 

  15. Sasy, S., Gorbunov, S., Fletcher, C.W.: ZeroTrace: oblivious memory primitives from intel SGX. Cryptology ePrint Archive (2017)

    Google Scholar 

  16. Sahin, C., Zakhary, V., El Abbadi, A., Lin, H., Tessaro, S.: TaoStore: overcoming asynchronicity in oblivious data storage. In: IEEE S &P, pp. 198–217. IEEE (2016)

    Google Scholar 

  17. Chakraborti, A., Sion, R.: ConcurORAM: high-throughput stateless parallel multi-client ORAM. arXiv preprint arXiv:1811.04366 (2018)

  18. Stefanov, E., et al.: Path ORAM: an extremely simple oblivious ram protocol. J. ACM (JACM) 65(4), 1–26 (2018)

    Article  MathSciNet  MATH  Google Scholar 

  19. Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive (2016)

    Google Scholar 

  20. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  21. Law, A., et al.: Secure collaborative training and inference for XGBoost. In: PPMLP, pp. 21–26 (2020)

    Google Scholar 

  22. Bulck, J.V., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: USENIX Security (2018)

    Google Scholar 

  23. Chen, Z., Vasilakis, G., Murdock, K., Dean, E., Oswald, D., Garcia, F.D.: VoltPillager: hardware-based fault injection attacks against intel SGX enclaves using the SVID voltage scaling interface. In: USENIX Security (2021)

    Google Scholar 

  24. Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: IEEE S &P, pp. 490–505 (2011)

    Google Scholar 

  25. Stefanov, E., Shi, E., Song, D.: Towards practical oblivious ram. arXiv preprint arXiv:1106.3652 (2011)

  26. Timescale: Time series benchmark suite. https://github.com/timescale/tsbs

  27. Demertzis, I., Papadopoulos, D., Papamanthou, C., Shintre, S.: \(\{ SEAL \}\): Attack mitigation for encrypted databases via adjustable leakage. In: USENIX Security, pp. 2433–2450 (2020)

    Google Scholar 

  28. Eskandarian, S., Zaharia, M.: ObliDB: oblivious query processing for secure databases. arXiv preprint arXiv:1710.00458 (2017)

  29. Fuhry, B., Jain, H.J., Kerschbaum, F.: EncDBDB: searchable encrypted, fast, compressed, in-memory database using enclaves. In: IEEE/IFIP DSN, pp. 438–450 (2021)

    Google Scholar 

  30. Priebe, C., Vaswani, K., Costa, M.: EnclaveDB: a secure database using SGX. In: IEEE SP, pp. 264–278. IEEE (2018)

    Google Scholar 

  31. Ahmad, A. Kim, K., Sarfaraz, M.I., Lee, B.: Obliviate: a data oblivious filesystem for intel SGX. In: NDSS (2018)

    Google Scholar 

  32. Hoang, T., Ozmen, M.O., Jang, Y., Yavuz, A.A.: Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. Proc. Priv. Enhanc. Technol. 1, 2019 (2019)

    Google Scholar 

  33. Hoang, T., Behnia, R., Jang, Y., Yavuz, A.A.: MOSE: practical multi-user oblivious storage via secure enclaves. In: ACM CODASPY, pp. 17–28 (2020)

    Google Scholar 

Download references

Acknowledgement

The authors would like to thank the anonymous reviewers for their valuable comments and constructive suggestions. The work was supported in part by the ARC Discovery Project (DP200103308) and the ARC Linkage Project (LP180101062).

Author information

Authors and Affiliations

  1. Monash University, Melbourne, Australia

    Kassem Bagher, Shujie Cui, Xingliang Yuan & Carsten Rudolph

  2. RMIT University, Melbourne, Australia

    Xun Yi

  3. Faculty of Computing and Information Technology, King AbdulAziz University, Jeddah, Saudi Arabia

    Kassem Bagher

Authors
  1. Kassem Bagher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shujie Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xingliang Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Carsten Rudolph
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xun Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kassem Bagher .

Editor information

Editors and Affiliations

  1. Nankai University, Tianjin, China

    Ding Wang

  2. Columbia University, New York, NY, USA

    Moti Yung

  3. Nankai University, Tianjin, China

    Zheli Liu

  4. Xidian University, Xi’an, China

    Xiaofeng Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bagher, K., Cui, S., Yuan, X., Rudolph, C., Yi, X. (2023). TimeClave: Oblivious In-Enclave Time Series Processing System. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_42

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7356-9_42

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7355-2

  • Online ISBN: 978-981-99-7356-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation