QShield: Protecting Outsourced Cloud Data Queries with Multi-User Access Control Based on SGX

Yaxing Chen*, Qinghua Zheng, Zheng Yan, Dan Liu

*Corresponding author for this work

    Research output: Contribution to journalArticleScientificpeer-review

    22 Citations (Scopus)
    387 Downloads (Pure)

    Abstract

    Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.

    Original languageEnglish
    Article number9200772
    Pages (from-to)485-499
    Number of pages15
    JournalIEEE Transactions on Parallel and Distributed Systems
    Volume32
    Issue number2
    DOIs
    Publication statusPublished - 1 Feb 2021
    MoE publication typeA1 Journal article-refereed

    Keywords

    • cloud computing
    • Intel SGX
    • multi-user query control
    • outsourced data
    • secure hardware
    • Secure query

    Fingerprint

    Dive into the research topics of 'QShield: Protecting Outsourced Cloud Data Queries with Multi-User Access Control Based on SGX'. Together they form a unique fingerprint.

    Cite this