Preserving access pattern privacy in SGX-assisted encrypted search

Abstract

Outsourcing sensitive data and operations to untrusted cloud providers is considered a challenging issue. To
perform a search operation, even if both the data and the query are encrypted, attackers still can learn which data locations match the query and what results are returned to the user. This kind of leakage is referred to as data access pattern. Indeed, using access pattern leakage, attackers can easily infer the content of the data and the query. Oblivious RAM (ORAM), Fully Homomorphic Encryption (FHE), and secure Multi-Party Computation (MPC) offer a higher level of security but incur high computation and communication overheads.
One promising practical approach to process the outsourced
data efficiently and securely is leveraging trusted hardware
like Intel SGX. Recently, several SGX-based solutions have
been proposed in the literature. However, those solutions suffer
from side channel attacks, high overheads of context switching,
or limited SGX memory. In this paper, we present an SGXassisted scheme for performing search over encrypted data. Our
solution protects access pattern against side channel attacks while
ensuring search efficiency. It can process large databases without
requiring any long-term storage on SGX. We have implemented
a prototype of the scheme and evaluated its performance using a
dataset of 1 million records. The equality query can be completed
in 9.55 milliseconds. Comparing with ORAM-based solutions,
such as ObliDB, our scheme is more than 11× faster