More Web Proxy on the site http://driver.im/

article

Practical server privacy with secure coprocessors

Authors:

D. SaffordAuthors Info & Claims

IBM Systems Journal, Volume 40, Issue 3

Pages 683 - 695

https://doi.org/10.1147/sj.403.0683

Published: 01 March 2001 Publication History

Abstract

What does it take to implement a server that provides access to records in a large database, in a way that ensures that this access is completely private--even to the operator of this server? In this paper, we examine the question: Using current commercially available technology, is it practical to build such a server, for real databases of realistic size, that offers reasonable performance--scaling well, parallelizing well, working with the current client infrastructure, and enabling server operators of otherwise unknown credibility to prove their service has these privacy properties? We consider this problem in the light of commercially available secure coprocessors--whose internal memory is still much, much smaller than the typical database size--and construct an algorithm that both provides asymptotically optimal performance and also promises reasonable performance in real implementations. Preliminary prototypes support this analysis, but leave many areas for further work.

References

[1]

1. S. W. Smith, WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions, Research Report RC-21851, IBM Thomas J. Watson Research Center, Yorktown Heights, NY 10598 (October 2000).]]

[2]

2. S. Jiang, WebALPS Implementation and Performance Analysis, Technical Report TR2001-399, Department of Computer Science, Dartmouth College, Hanover, NH (June 2001).]]

Digital Library

[3]

3. B. S. Yee, Using Secure Coprocessors, Ph.D. thesis, Computer Science Technical Report CMU-CS-94-149, Carnegie Mellon University, Pittsburgh, PA (May 1994).]]

[4]

4. S. W. Smith and S. H. Weingart, "Building a High-Performance. Programmable Secure Coprocessor," Computer Networks (Special Issue on Computer Network Security) 31, 831-860 (April 1999).]]

Digital Library

[5]

5. IBM4758 Models 2 and 23 PCI Cryptographic Coprocessor, G221-9091-02, IBM Corporation (2000).]]

[6]

6. S. W. Smith, R. Perez, S. H. Weingart, and V. Austel, "Validating a High-Performance, Programmable Secure Coprocessor," 22nd National Information Systems Security Conference, National Institute of Standards and Technology, Washington, DC (October 1999).]]

[7]

7. M. Lindemann and S. W. Smith, "Improving DES Hardware Throughput for Short Operations," USENIX Security Symposium, August 2001, to appear (a preliminary version is available as IBM Research Report RC-21798).]]

Digital Library

[8]

8. J. Schwartz, "Computer Security Experts Question Internet Wiretaps," The New York Times, December 5, 2000.]]

[9]

9. B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, "Private Information Retrieval," Journal of the ACM45, 965-982 (November 1998).]]

Digital Library

[10]

10. C. Cachin, S. Micali, and M. Stadler, "Computationally Private Information Retrieval with Polylogarithmic Communication," EUROCRYPT 1999, Springer-Verlag, Berlin (1999).]]

Digital Library

[11]

11. O. Goldreich and R. Ostrovsky, "Software Protection and Simulation on Oblivious RAMs," Journal of the ACM43, 431-473 (May 1996).]]

Digital Library

[12]

12. R. Anderson, R. Needham, and A. Shamir, "The Steganographic File System," D. Aucsmith, Editor, Information Hiding: Second International Workshop IH98, Portland, Oregon, Springer-Verlag, Berlin (1998).]]

[13]

13. S. W. Smith, Secure Coprocessing Applications and Research Issues, Los Alamos Unclassified Release LA-UR-96-2805, Los Alamos National Laboratory, Los Alamos, NM (August 1996).]]

[14]

14. M. Reiter and A. Rubin, CROWDS: Anonymity for Web Transactions, DIMACS Technical Report, Center for Discrete Mathematics & Theoretical Computer Science, Rutgers, NJ (August 1997).]]

Digital Library

[15]

15. D. Chess, B. Grosof, C. Harrison, D. Levine, C. Parris, and G. Tsudik, "Itinerant Agents for Mobile Computing," IEEE Personal Communication Systems2, 34-49 (October 1995).]]

Digital Library

[16]

16. B. S. Yee, A Sanctuary for Mobile Agents, Computer Science Technical Report CS97-537, University of California, San Diego, CA (April 1997).]]

[17]

17. A. Menezes, P. Oorschcot, and S. Vanstone, Handbook of Applied Coptography, CRC Press, Boca Raton, FL (1997).]]

Digital Library

[18]

18. C. S. Jutla, "Encryption Modes with Almost Free Message Integrity," Cryptology ePrint Archive, Report 2000/039 (2000).]]

[19]

19. T. H. Cormen, C. E. Leiserson, and R. L. Rivest, Introduction to Algorithms, MIT Press, Cambridge, MA (1990).]]

Digital Library

Cited By

Azogagh SDelfour VGambs SKillijian MBrenner MCostache ARohloff K(2022)PROBONITEProceedings of the 10th Workshop on Encrypted Computing & Applied Homomorphic Cryptography10.1145/3560827.3563377(23-33)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3560827.3563377
Hoang TBehnia RJang YYavuz ARoussev VThuraisingham BCarminati BKantarcioglu M(2020)MOSEProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375749(17-28)Online publication date: 16-Mar-2020
https://dl.acm.org/doi/10.1145/3374664.3375749
Waye LBuiras PArden ORusso AChong SThuraisingham BEvans DMalkin TXu D(2017)Cryptographically Secure Information Flow Control on Key-Value StoresProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security10.1145/3133956.3134036(1893-1907)Online publication date: 30-Oct-2017
https://dl.acm.org/doi/10.1145/3133956.3134036
Show More Cited By

Index Terms

Practical server privacy with secure coprocessors

Recommendations

Privacy preserving joins on secure coprocessors
A new unpredictability-based radio frequency identification forward privacy model and a provably secure construction

The privacy model of radio frequency identification RFID systems is for formalizing the adversarial capabilities and the security requirements of RFID anonymity and untraceability. Existing unpredictability-based privacy models such as unp-privacy, eunp-...
Authoritative DNS Server Discovery Method to Enhance DNS Privacy Preservation
CoNEXT-SW '23: Proceedings of the on CoNEXT Student Workshop 2023

Plaintext-based DNS domain name resolution poses significant privacy risks. Therefore, encrypting DNS communication across all pathways is essential for privacy preservation. The IETF has standardized DoT, DoH, and DoQ to achieve encryption between end ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IBM Systems Journal

IBM Systems Journal Volume 40, Issue 3

End-to-end security

March 2001

195 pages

ISSN:0018-8670

Issue’s Table of Contents

Publisher

IBM Corp.

United States

Publication History

Published: 01 March 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Azogagh SDelfour VGambs SKillijian MBrenner MCostache ARohloff K(2022)PROBONITEProceedings of the 10th Workshop on Encrypted Computing & Applied Homomorphic Cryptography10.1145/3560827.3563377(23-33)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3560827.3563377
Hoang TBehnia RJang YYavuz ARoussev VThuraisingham BCarminati BKantarcioglu M(2020)MOSEProceedings of the Tenth ACM Conference on Data and Application Security and Privacy10.1145/3374664.3375749(17-28)Online publication date: 16-Mar-2020
https://dl.acm.org/doi/10.1145/3374664.3375749
Waye LBuiras PArden ORusso AChong SThuraisingham BEvans DMalkin TXu D(2017)Cryptographically Secure Information Flow Control on Key-Value StoresProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security10.1145/3133956.3134036(1893-1907)Online publication date: 30-Oct-2017
https://dl.acm.org/doi/10.1145/3133956.3134036
Gupta TCrooks NMulhern WSetty SAlvisi LWalfish MArgyraki KIsaacs R(2016)Scalable and private media consumption with PopcornProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation10.5555/2930611.2930618(91-107)Online publication date: 16-Mar-2016
https://dl.acm.org/doi/10.5555/2930611.2930618
San IAt NYakut IPolat H(2016)Efficient paillier cryptoprocessor for privacy-preserving data miningSecurity and Communication Networks10.1002/sec.14429:11(1535-1546)Online publication date: 25-Jul-2016
https://dl.acm.org/doi/10.1002/sec.1442
Lorch JParno BMickens JRaykova MSchiffman JSmith KZhou Y(2013)ShroudProceedings of the 11th USENIX conference on File and Storage Technologies10.5555/2591272.2591294(199-214)Online publication date: 12-Feb-2013
https://dl.acm.org/doi/10.5555/2591272.2591294
Stefanov EShi ESadeghi AGligor VYung M(2013)Multi-cloud oblivious storageProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516673(247-258)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516673
Stefanov Evan Dijk MShi EFletcher CRen LYu XDevadas SSadeghi AGligor VYung M(2013)Path ORAMProceedings of the 2013 ACM SIGSAC conference on Computer & communications security10.1145/2508859.2516660(299-310)Online publication date: 4-Nov-2013
https://dl.acm.org/doi/10.1145/2508859.2516660
Williams PSion RYu TDanezis GGligor V(2012)Single round access privacy on outsourced storageProceedings of the 2012 ACM conference on Computer and communications security10.1145/2382196.2382229(293-304)Online publication date: 16-Oct-2012
https://dl.acm.org/doi/10.1145/2382196.2382229
Bajaj SSion RSellis TMiller RKementsietsidis AVelegrakis Y(2011)TrustedDBProceedings of the 2011 ACM SIGMOD International Conference on Management of data10.1145/1989323.1989346(205-216)Online publication date: 12-Jun-2011
https://dl.acm.org/doi/10.1145/1989323.1989346
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents