QShield: Protecting Outsourced Cloud Data Queries with Multi-User Access Control Based on SGX

Thumbnail Image

Access rights

openAccess
acceptedVersion

URL

Journal Title

Journal ISSN

Volume Title

A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)

Authors

Date

2021-02-01

Department

Department of Communications and Networking

Major/Subject

Mcode

Degree programme

Language

en

Pages

15

Series

IEEE Transactions on Parallel and Distributed Systems, Volume 32, issue 2, pp. 485-499

Abstract

Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.

Description

Keywords

cloud computing, Intel SGX, multi-user query control, outsourced data, secure hardware, Secure query

Other note

DOI

10.1109/TPDS.2020.3024880

Citation

Chen, Y, Zheng, Q, Yan, Z & Liu, D 2021, ' QShield: Protecting Outsourced Cloud Data Queries with Multi-User Access Control Based on SGX ', IEEE Transactions on Parallel and Distributed Systems, vol. 32, no. 2, 9200772, pp. 485-499 . https://doi.org/10.1109/TPDS.2020.3024880

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202011066331

Collections

[article-cris] Sähkötekniikan korkeakoulu / ELEC