Ascend : an architecture for performing secure computation on encrypted data
Author(s)Fletcher, Christopher W. (Christopher Wardlaw)
Architecture for performing secure computation on encrypted data
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
MetadataShow full item record
This thesis considers encrypted computation where the user specifies encrypted inputs to an untrusted batch program controlled by an untrusted server. In batch computation, all data that the program might need is known at program start time. Encrypted computation on untrusted batch programs can be realized through fully homomorphic encryption (FHE) techniques, but FHE's current overheads limit its applicability. Secure processors (e.g., Aegis), coprocessors (e.g., TPM) or hardware extensions (e.g., TXT) typically require trust in the entire processor, the host operating system and the program that computes on the inputs. In this thesis, we design a secure processor architecture, called Ascend, that guarantees privacy of data given untrusted batch programs. The key idea in Ascend to guarantee privacy is parameterizable, obfuscated program execution. From the perspective of the Ascend chip's input/output and power pins, an untrusted server cannot learn anything about private user data regardless of the program run. Ascend uses Oblivious RAM (ORAM) techniques to hide memory access patterns and differential-power analysis (DPA) resistance techniques to hide data-dependent power draw. For each of the input/output and power channels, an Ascend chip exposes a set of public knobs that fully specify the observable behavior of the chip given any batch program and any input to that batch program. These knobs (e.g., specifying strict intervals for when external memory should be accessed) are controlled by the server and can be tuned, based on the server's apriori knowledge of the program, to trade-off performance and power without impacting security. Experimental results when running Ascend on SPEC benchmarks show an average 3.6x /6.6x and 5.2x /4.7x performance/power overhead-when hiding memory access pattern and power draw-using two schemes that capture the server's apriori knowledge in different ways. Furthermore-when hiding memory access pattern only-performance/power overheads drop to only 2.6x/2.2x. These surprising results mean that it is viable to only trust hardware and not software in some security-conscious applications.
Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (p. 97-101).
DepartmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.