Sharing without Showing: Secure Cloud Analytics with Trusted Execution Environments

• Published in: 2024 IEEE Secure Development Conference (SecDev) pp. 105 - 116
• Main Authors: Birgersson, Marcus, Artho, Cyrille, Balliu, Musard
• Format: Conference Proceeding
• Language: English
• Published: IEEE 07.10.2024
• Subjects: Cloud computing; Confidential computation; Cryptography; Histograms; Internet of Things; Multi-party computation; Public transportation; SGX; Software; Support vector machines; Trusted execution platform; Urban areas
• DOI: 10.1109/SecDev61143.2024.00016

Many applications benefit from computations over the data of multiple users while preserving confidentiality. We present a solution where multiple mutually distrusting users' data can be aggregated with an acceptable overhead, while allowing users to be added to the system at any time without re-encrypting data. Our solution to this problem is to use a Trusted Execution Environment (Intel SGX) for the computation, while the confidential data is encrypted with the data owner's key and can be stored anywhere, without trust in the service provider. We do not require the user to be online during the computation phase and do not require a trusted party to store data in plain text. Still, the computation can only be carried out if the data owner explicitly has given permission.Experiments using common functions such as the sum, least square fit, histogram, and SVM classification, exhibit an average overhead of 1.6×. In addition to these performance experiments, we present a use case for computing the distributions of taxis in a city without revealing the position of any other taxi to the other parties.