Abstract
Cloud platforms are widely adopted by many systems, such as time series processing systems, to store and process massive amounts of sensitive time series data. Unfortunately, several incidents have shown that cloud platforms are vulnerable to internal and external attacks that lead to critical data breaches. Adopting cryptographic protocols such as homomorphic encryption and secure multi-party computation adds high computational and network overhead to query operations.
We present TimeClave, a fully oblivious in-enclave time series processing system: TimeClave leverages Intel SGX to support aggregate statistics on time series with minimal memory consumption inside the enclave. To hide the access pattern inside the enclave, we introduce a non-blocking read-optimised ORAM named RoORAM. TimeClave integrates RoORAM to obliviously and securely handle client queries with high performance. With an aggregation time interval of 10 s, \(2^{14}\) summarised data blocks and 8 aggregate functions, TimeClave run point query in 0.03 ms and a range query of 50 intervals in 0.46 ms. Compared to the ORAM baseline, TimeClave achieves lower query latency by up to \(2.5\times \) and up to \(2\times \) throughput, with up to 22K queries per second.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Vasisht, D., et al.: \(\{ FarmBeats \}\): An \(\{ IoT \}\) platform for \(\{ Data-Driven \}\) agriculture. In: USENIX NSDI, pp. 515–529 (2017)
Amazon Timestream. https://aws.amazon.com/timestream/
InfluxData. Influxdb (2020). https://influxdata.com
Burkhalter, L., Hithnawi, A., Viand, A., Shafagh, H., Ratnasamy, S.: TimeCrypt: encrypted data stream processing at scale with cryptographic access control. In: USENIX NSDI, pp. 835–850 (2020)
Dauterman, E., Rathee, M., Popa, R.A., Stoica, I.: Waldo: a private time-series database from function secret sharing. Cryptology ePrint Archive (2021)
Poddar, R., Lan, C., Popa, R.A., Ratnasamy, S.: \(\{ SafeBricks \}\): shielding network functions in the cloud. In: USENIX NSDI, pp. 201–216 (2018)
Viand, A., Jattke, P., Hithnawi, A.: SoK: fully homomorphic encryption compilers. In: IEEE S &P, pp. 1092–1108 (2021)
Sathya, S.S., Vepakomma, P., Raskar, R., Ramachandra, R., Bhattacharya, S.: A review of homomorphic encryption libraries for secure computation. arXiv preprint arXiv:1812.02428 (2018)
McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: Hasp@ isca, vol. 10, no. 1 (2013)
Tian, H., et al.: Switchless calls made practical in intel SGX. In: Proceedings of the 3rd Workshop on System Software for Trusted Execution, pp. 22–27 (2018)
Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., Strackx, R.: Telling your secrets without page faults: stealthy page \(\{ Table-Based \}\) attacks on enclaved execution. In: USENIX Security, pp. 1041–1056 (2017)
Zhang, Y., Katz, J., Papamanthou, C.: All your queries are belong to us: the power of \(\{ File-Injection \}\) attacks on searchable encryption. In: USENIX Security, pp. 707–720 (2016)
Liu, C., Zhu, L., Wang, M., Tan, Y.-A.: Search pattern leakage in searchable encryption: attacks and new construction. Inf. Sci. 265, 176–188 (2014)
Mishra, P., Poddar, R., Chen, J., Chiesa, A., Popa, R.A.: Oblix: An efficient oblivious search index. In: IEEE S &P, pp. 279–296. IEEE (2018)
Sasy, S., Gorbunov, S., Fletcher, C.W.: ZeroTrace: oblivious memory primitives from intel SGX. Cryptology ePrint Archive (2017)
Sahin, C., Zakhary, V., El Abbadi, A., Lin, H., Tessaro, S.: TaoStore: overcoming asynchronicity in oblivious data storage. In: IEEE S &P, pp. 198–217. IEEE (2016)
Chakraborti, A., Sion, R.: ConcurORAM: high-throughput stateless parallel multi-client ORAM. arXiv preprint arXiv:1811.04366 (2018)
Stefanov, E., et al.: Path ORAM: an extremely simple oblivious ram protocol. J. ACM (JACM) 65(4), 1–26 (2018)
Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive (2016)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)
Law, A., et al.: Secure collaborative training and inference for XGBoost. In: PPMLP, pp. 21–26 (2020)
Bulck, J.V., et al.: Foreshadow: extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: USENIX Security (2018)
Chen, Z., Vasilakis, G., Murdock, K., Dean, E., Oswald, D., Garcia, F.D.: VoltPillager: hardware-based fault injection attacks against intel SGX enclaves using the SVID voltage scaling interface. In: USENIX Security (2021)
Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: IEEE S &P, pp. 490–505 (2011)
Stefanov, E., Shi, E., Song, D.: Towards practical oblivious ram. arXiv preprint arXiv:1106.3652 (2011)
Timescale: Time series benchmark suite. https://github.com/timescale/tsbs
Demertzis, I., Papadopoulos, D., Papamanthou, C., Shintre, S.: \(\{ SEAL \}\): Attack mitigation for encrypted databases via adjustable leakage. In: USENIX Security, pp. 2433–2450 (2020)
Eskandarian, S., Zaharia, M.: ObliDB: oblivious query processing for secure databases. arXiv preprint arXiv:1710.00458 (2017)
Fuhry, B., Jain, H.J., Kerschbaum, F.: EncDBDB: searchable encrypted, fast, compressed, in-memory database using enclaves. In: IEEE/IFIP DSN, pp. 438–450 (2021)
Priebe, C., Vaswani, K., Costa, M.: EnclaveDB: a secure database using SGX. In: IEEE SP, pp. 264–278. IEEE (2018)
Ahmad, A. Kim, K., Sarfaraz, M.I., Lee, B.: Obliviate: a data oblivious filesystem for intel SGX. In: NDSS (2018)
Hoang, T., Ozmen, M.O., Jang, Y., Yavuz, A.A.: Hardware-supported ORAM in effect: practical oblivious search and update on very large dataset. Proc. Priv. Enhanc. Technol. 1, 2019 (2019)
Hoang, T., Behnia, R., Jang, Y., Yavuz, A.A.: MOSE: practical multi-user oblivious storage via secure enclaves. In: ACM CODASPY, pp. 17–28 (2020)
Acknowledgement
The authors would like to thank the anonymous reviewers for their valuable comments and constructive suggestions. The work was supported in part by the ARC Discovery Project (DP200103308) and the ARC Linkage Project (LP180101062).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Bagher, K., Cui, S., Yuan, X., Rudolph, C., Yi, X. (2023). TimeClave: Oblivious In-Enclave Time Series Processing System. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_42
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_42
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)