Safe and secure outsourced computing with fully homomorphic encryption and trusted execution environments

Abstract

Increases in data production and growing demands for more computing power leads to the current trend of outsourcing data and computation services to cloud providers. With data breaches and cases of data misuse becoming increasingly common, there is a high demand for secure systems. This, however, conflicts with the current data trust models. A solution to this that is becoming more common is the use of Trusted Execution Environment (TEE), aimed at guaranteeing code and data integrity and confidentiality.

However, it has been shown that TEEs such as Intel's Software Guard Extensions (SGX) are susceptible to several types of side-channel attacks where an adversary may gain information of the code and data within a secure environment, breaking the confidentiality property. There are some ways to counter this, such as using oblivious primitives to hide access patterns which may leak information, but these are inefficient and add performance overhead to computation.

Another way to ensure data confidentiality while simultaneously retaining the ability to perform computations on the data is through the use of Fully Homomorphic Encryption (FHE). FHE allows computing on encrypted data, preserving confidentiality and allowing outsourced computations to untrusted parties such as cloud providers. However, this type of encryption is malleable and lacks integrity protection, making it susceptible to integrity breaches where an adversary could modify the data resulting in a corrupt or incorrect plaintext after decryption.

This thesis implements a library for performing FHE in SGX, written in a memory-safe programming language to strengthen the internal safety of software in SGX and reduce its attack surface. We evaluate our design and show that one can feasibly combine these concepts while providing stronger security guarantees with a minimal development effort.