research-article

PHANTOM: practical oblivious computation in a secure processor

Authors:

Krste Asanovic,

John Kubiatowicz,

Dawn SongAuthors Info & Claims

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Pages 311 - 324

https://doi.org/10.1145/2508859.2516692

Published: 04 November 2013 Publication History

Abstract

We introduce PHANTOM [1] a new secure processor that obfuscates its memory access trace. To an adversary who can observe the processor's output pins, all memory access traces are computationally indistinguishable (a property known as obliviousness). We achieve obliviousness through a cryptographic construct known as Oblivious RAM or ORAM. We first improve an existing ORAM algorithm and construct an empirical model for its trusted storage requirement. We then present PHANTOM, an oblivious processor whose novel memory controller aggressively exploits DRAM bank parallelism to reduce ORAM access latency and scales well to a large number of memory channels. Finally, we build a complete hardware implementation of PHANTOM on a commercially available FPGA-based server, and through detailed experiments show that PHANTOM is efficient in both area and performance. Accessing 4KB of data from a 1GB ORAM takes 26.2us (13.5us for the data to be available), a 32x slowdown over accessing 4KB from regular memory, while SQLite queries on a population database see 1.2-6x slowdown. PHANTOM is the first demonstration of a practical, oblivious processor and can provide strong confidentiality guarantees when offloading computation to the cloud.

References

[1]

"PrivateCore", http://www.privatecore.com/.

[2]

J. Agat, "Transforming out Timing Leaks," in POPL, 2000.

Digital Library

[3]

A. Askarov, D. Zhang, and A. C. Myers, "Predictive black-box mitigation of timing channels," in CCS, 2010.

Digital Library

[4]

A. Aviram, S. Hu, B. Ford, and R. Gummadi, "Determinating Timing Channels in Compute Clouds," in CCSW, 2010.

Digital Library

[5]

J. Bachrach, H. Vo, B. Richards, Y. Lee, A. Waterman, R. Avizienis, J. Wawrzynek, and K. Asanovic, "Chisel: Constructing Hardware in a Scala Embedded Language," in DAC, 2012.

Digital Library

[6]

K.-M. Chung, Z. Liu, and R. Pass, "Statistically-secure oram with O(log^2 n)overhead," http://arxiv.org/abs/1307.3699, 2013.

[7]

B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter, "Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors," in SP, 2009.

Digital Library

[8]

J. Devietti, B. Lucia, L. Ceze, and M. Oskin, "DMP: Deterministic Shared Memory Multiprocessing," in ASPLOS, 2009.

Digital Library

[9]

C. W. Fletcher, M. v. Dijk, and S. Devadas, "A Secure Processor Architecture for Encrypted Computation on Untrusted Programs," in STC, 2012.

Digital Library

[10]

C. Gentry, K. Goldman, S. Halevi, C. Julta, M. Raykova, and D. Wichs, "Optimizing oram and using it efficiently for secure computation," in PETS, 2013.

[11]

O. Goldreich, "Towards a Theory of Software Protection and Simulation by Oblivious RAMs," in STOC, 1987.

Digital Library

[12]

O. Goldreich and R. Ostrovsky, "Software Protection and Simulation on Oblivious RAMs," J. ACM, 1996.

Digital Library

[13]

M. T. Goodrich and M. Mitzenmacher, "Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation," in ICALP, 2011.

Digital Library

[14]

M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia, "Privacy-preserving Group Data Access via Stateless Oblivious RAM Simulation," in SODA, 2012.

Digital Library

[15]

Y. Gu, Y. Fu, A. Prakash, Z. Lin, and H. Yin, "OS-Sommelier: Memory-only Operating System Fingerprinting in the Cloud," in SoCC, 2012.

Digital Library

[16]

A. Haeberlen, B. C. Pierce, and A. Narayan, "Differential Privacy Under Fire," in USENIX Security, 2011.

Digital Library

[17]

J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten, "Lest We Remember: Cold-boot Attacks on Encryption Keys," Commun. ACM, vol. 52, no. 5, 2009.

Digital Library

[18]

A. Hodjat and I. Verbauwhede, "A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA," in FCCM, 2004.

Digital Library

[19]

A. Huang, "Keeping Secrets in Hardware: The Microsoft Xbox Case Study," in CHES, 2002.

Digital Library

[20]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal Verification of an OS Kernel," in SOSP, 2009.

Digital Library

[21]

E. Kushilevitz, S. Lu, and R. Ostrovsky, "On the (In)security of Hash-based Oblivious RAM and a New Balancing Scheme in SODA, 2012.

Digital Library

[22]

J. R. Lorch and B. Parno, "Shroud: Ensuring Private Access to Large-Scale Data in the Data Center," in FAST, 2013.

[23]

R. Martin, J. Demme, and S. Sethumadhavan, "TimeWarp: Rethinking Timekeeping and Performance Monitoring Mechanisms to Mitigate Side-channel Attacks," in ISCA, 2012.

Digital Library

[24]

R. Ostrovsky and V. Shoup, "Private Information Storage (Extended Abstract)," in STOC, 1997.

Digital Library

[25]

L. Ren, C. Fletcher, X. Yu, M. van Dijk, and S. Devadas, "Integrity verification for path oblivious-ram," in HPEC, 2013.

[26]

L. Ren, X. Yu, C. W. Fletcher, M. van Dijk, and S. Devadas, "Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors," in ISCA, 2013.

Digital Library

[27]

B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin, "Using address independent seed encryption and bonsai merkle trees to make secure processors os- and performance-friendly," in MICRO, 2007.

Digital Library

[28]

E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li, "Oblivious RAM with O(łog N)³) Worst-Case Cost," in ASIACRYPT, 2011.

Digital Library

[29]

S. W. Smith, "Outbound Authentication for Programmable Secure Coprocessors," in ESORICS, 2002.

Digital Library

[30]

E. Stefanov and E. Shi, "Oblivistore: High performance oblivious cloud storage," in S&P, 2013.

Digital Library

[31]

E. Stefanov, E. Shi, and D. Song, "Towards Practical Oblivious RAM," in NDSS, 2012.

[32]

E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas, "Path O-RAM: An Extremely Simple Oblivious RAM Protocol," in CCS, 2013.

Digital Library

[33]

G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, "AEGIS: Architecture for Tamper-evident and Tamper-resistant Processing," in ICS, 2003.

Digital Library

[34]

D. L. C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," phSIGOPS Oper. Syst. Rev., vol. 34, no. 5, pp. 168--177, 2000.

Digital Library

[35]

M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood, "Complete Information Flow Tracking from the Gates up," in ASPLOS, 2009.

Digital Library

[36]

A. Waksman and S. Sethumadhavan, "Silencing Hardware Backdoors," in SP, 2011.

Digital Library

[37]

A. Waterman, Y. Lee, D. A. Patterson, and K. Asanović, "The RISC-V Instruction Set Manual, Volume I: Base User-Level ISA," EECS Department, UC Berkeley, Tech. Rep. UCB/EECS-2011--62, May 2011.

[38]

P. Williams and R. Sion, "Round-Optimal Access Privacy on Outsourced Storage," in CCS, 2012.

Digital Library

[39]

P. Williams, R. Sion, and B. Carbunar, "Building castles out of mud: practical access pattern privacy and correctness on untrusted storage," in CCS, 2008.

Digital Library

[40]

P. Williams, R. Sion, and A. Tomescu, "PrivateFS: A Parallel Oblivious File System," in CCS, 2012.

Digital Library

[41]

D. Zhang, A. Askarov, and A. C. Myers, "Predictive Mitigation of Timing Channels in Interactive Systems," in CCS, 2011.

Digital Library

[42]

X. Zhuang, T. Zhang, and S. Pande, "HIDE: An Infrastructure for Efficiently Protecting Information Leakage on the Address Bus," in ASPLOS, 2004.

Digital Library

Cited By

Chang ZXie DWang SLi FShen Y(2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
https://doi.org/10.1109/TKDE.2023.3310038
Xu YPangia JYe CSolihin YShen X(2024)Data Enclave: A Data-Centric Trusted Execution Environment2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00026(218-232)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00026
Gao BJia SDong JRen P(2024)XPORAM: A Practical Multi-client ORAM Against Malicious AdversariesInformation Security and Cryptology10.1007/978-981-97-0942-7_20(397-417)Online publication date: 26-Feb-2024
https://doi.org/10.1007/978-981-97-0942-7_20
Show More Cited By

Index Terms

PHANTOM: practical oblivious computation in a secure processor
1. Computer systems organization
  1. Architectures

Recommendations

GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation
ASPLOS '15

This paper presents a new, co-designed compiler and architecture called GhostRider for supporting privacy preserving computation in the cloud. GhostRider ensures all programs satisfy a property called memory-trace obliviousness (MTO): Even an adversary ...
Path ORAM: An Extremely Simple Oblivious RAM Protocol
Distributed Computing, Cryptography, Distributed Computing, Cryptography, Coding Theory, Automata Theory, Complexity Theory, Programming Languages, Algorithms, Invited Paper Foreword and Databases

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme known to date with small client storage. We formally prove that Path ORAM ...
Path ORAM: an extremely simple oblivious RAM protocol
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

We present Path ORAM, an extremely simple Oblivious RAM protocol with a small amount of client storage. Partly due to its simplicity, Path ORAM is the most practical ORAM scheme for small client storage known to date. We formally prove that Path ORAM ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

November 2013

1530 pages

ISBN:9781450324779

DOI:10.1145/2508859

General Chair:
Ahmad-Reza Sadeghi
TU Darmstadt, CASED, Intel ICRI-SC, Germany
,
Program Chairs:
Virgil Gligor
Carnegie Mellon University, USA
,
Moti Yung
Columbia University, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4 - 8, 2013

Berlin, Germany

Acceptance Rates

CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

132
Total Citations
View Citations
1,109
Total Downloads

Downloads (Last 12 months)79
Downloads (Last 6 weeks)4

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chang ZXie DWang SLi FShen Y(2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
https://doi.org/10.1109/TKDE.2023.3310038
Xu YPangia JYe CSolihin YShen X(2024)Data Enclave: A Data-Centric Trusted Execution Environment2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00026(218-232)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00026
Gao BJia SDong JRen P(2024)XPORAM: A Practical Multi-client ORAM Against Malicious AdversariesInformation Security and Cryptology10.1007/978-981-97-0942-7_20(397-417)Online publication date: 26-Feb-2024
https://doi.org/10.1007/978-981-97-0942-7_20
Gao BJia SYin PZhang X(2023)Protection of Access PatternProceedings of the 2023 7th International Conference on Computer Science and Artificial Intelligence10.1145/3638584.3638585(99-105)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.1145/3638584.3638585
Miao YKandemir MZhang DZhang YTan GWu D(2023)Hardware Support for Constant-Time ProgrammingProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3623796(856-870)Online publication date: 28-Oct-2023
https://dl.acm.org/doi/10.1145/3613424.3623796
Zhu JLi MZhang XBu KZhang MSong T(2023)Hitchhiker: Accelerating ORAM With Dynamic SchedulingIEEE Transactions on Computers10.1109/TC.2023.324827272:8(2321-2335)Online publication date: 1-Aug-2023
https://doi.org/10.1109/TC.2023.3248272
Raoufi MYang JTang XZhang Y(2023)AB-ORAM: Constructing Adjustable Buckets for Space Reduction in Ring ORAM2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10071064(361-373)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10071064
Asharov GKomargodski ILin WShi E(2023)Oblivious RAM with Worst-Case Logarithmic OverheadJournal of Cryptology10.1007/s00145-023-09447-536:2Online publication date: 24-Feb-2023
https://dl.acm.org/doi/10.1007/s00145-023-09447-5
Ren L(2023)Oblivious RAM-Based Secure ProcessorsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-642-27739-9_1553-1(1-3)Online publication date: 30-Apr-2023
https://doi.org/10.1007/978-3-642-27739-9_1553-1
Zhou MShi EChan TMaimon S(2023)A Theory of Composition for Differential ObliviousnessAdvances in Cryptology – EUROCRYPT 202310.1007/978-3-031-30620-4_1(3-34)Online publication date: 15-Apr-2023
https://doi.org/10.1007/978-3-031-30620-4_1
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents