1 / 29

Mimesis Aegis: A Mimicry Privacy Shield A System's Approach to Data Privacy on Public Cloud

Mimesis Aegis: A Mimicry Privacy Shield A System's Approach to Data Privacy on Public Cloud Billy Lau, Simon Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva USENIX 14 Presenter: Shasha Wen. Some figures are from the author's slides. Outline. Motivation Related work

Download Presentation

Mimesis Aegis: A Mimicry Privacy Shield A System's Approach to Data Privacy on Public Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mimesis Aegis: A Mimicry Privacy Shield A System's Approach to Data Privacy on Public Cloud Billy Lau, Simon Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva USENIX 14 Presenter: Shasha Wen Some figures are from the author's slides

  2. Outline • Motivation • Related work • M-Aegis • System design • implementation • Evaluation • Limitation • Conclusion

  3. Motivation • Public cloud services(PCS) • Trust server to secure our data • Conflict of interest for data privacy between users and PCS providers • Text communication service • Smart phone

  4. Change the status • End to end encryption • Hard in practical • Good solution • Users' ease-of-use • Developers' effort to maintain support • Feasibility and deployability of solution on a mobile system

  5. Design goals For a solution to be secure, it must be properly isolated from untrusted entities 1 For a solution to be adoptable, it must preserve the user experience 2 For a solution to be sustainable, it must be easy to maintain and scalable 3

  6. Outline • Motivation • Related work • M-Aegis • System design • implementation • Evaluation • Limitation • Conclusion

  7. Related work • Standalone solutions • Protect data confidentiality • Good isolation from untrusted entities • e.g. Gibberbot, TextSecure, SafeSlinger...... • Problem • Not preserve user experience 1

  8. Related work • Browser Plugin/Extension Solutions • e.g. Cryptocat, Scramble, NOYB...... • Provides transparent integration • Problem • Not applicable to mobile platform • App repackaging/Rewriting solution • e.g. Aurasium, Dr. Android...... • Problem • Breaks app updates • Isolation model is unclear 2 2

  9. Outline • Motivation • Related work • M-Aegis • System design • Implementation • Evaluation • Limitation • Conclusion

  10. Mimesis Aegis • Apply end-to-end encryption while preserving user experience • Mimicking GUIs of app of interest • Interacting with app on behalf of user • Good isolation model • Generalizable across different apps • Resilient to app updates 2 1 3

  11. Mimesis Aegis

  12. M-AegisSystem Design-Threat Model • In-scope • Untrusted parties • Public cloud service providers • Client side apps • Middle boxes between a PCS and client side app • Trusted components • Hardware, OS, keyboard, M-Aegis components, the user • Out of scope • availability(denial-of-service) • Attacks against our TCB

  13. M-AegisSystem Design-Architecture • Layer 7.5 • User interface automation/accessibility(UIA) • Secure • No developer attention • Users' sense

  14. M-AegisSystem Design-Architecture • Layer 7.5 • Interactions without data confidentiality • click-through • Interactions with data confidentiality • Place opaque GUIs in different color • Interactions with control GUIs • Semi-transparent mimic GUIs

  15. M-AegisSystem Design-Architecture • UI Automation Manager(UIAM) • Give M-Aegis the context of the screen • TCA, GUI tree, content of the GUI • Provide information to correctly render GUIs • Per-Target Client App(TCA) Logic • Handle direct user input • Decides suitable actions • Pass or encode • Encryption and encoding scheme

  16. M-AegisSystem Design-Architecture • Cryptographic Module • Key manager • Per TCA • Password based(default) to more sophisticated one • Searchable Encryption Scheme • Easily-deployable efficiently-searchable symmetric encryption(EDESE)

  17. Searchable Encryption Scheme • Normal encryption • “ab”, ”abc” • Bellare et al[1] • keywords • HMACs of unique keywords • Add dummy keywords • Bloom filter(BF) • Efficient set-inclusion tests • Encodes the positions of on-bits in a BF [1] BELLARE, M., BOLDYREVA, A., AND O’NEILL, A. Determin- istic and efficiently searchable encryption. In CRYPTO (2007), A. Menezes, Ed., vol. 4622 of Lecture Notes in Computer Sci- ence, Springer, pp. 535–552.

  18. Searchable Encryption Scheme • Bloom filter(BF) • Keyword:128bit • BF: 224 • k: 10 From http://en.wikipedia.org/wiki/Bloom_filter

  19. M-AegisSystem Design- User Workflow User L7.5 Per-TCA logic UIAM App launch the Gmail initialize detect composing Mimic GUI Detect state send Mimic GUI Send to app; Click “send” Get content; Get the key; encode UI

  20. M-AegisImplementation • UIAM based on UIA libraries • Monitor events • WINDOW_CONTEST_CHANGED • WINDOW_STATE_CHANGED • VIEW_SCROLLED • Query for UI node • Resource ID ← UI Automator Viewer • performAction() • Layer 7.5 always-on-top • Creation of various system windows • TYPE_SYSTEM_OVERLAY • TYPE_SYSTEM_ERROR

  21. M-AegisImplementation • Per-TCA Logic • Identify signatures for each TCA state • Event handler • Type of input data • Encrypt data into CJK unicode • Cryptographic Schemes • AES-GCM-256 • PBKDF2 & SHA-1 as HMAC

  22. Outline • Motivation • Related work • M-Aegis • System design • Implementation • Evaluation • Limitation • Conclusion

  23. M-AegisEvaluations-Performance • Experimental Setup: • Stock Android phone(LG Nexus 4) • Android 4.4.2(Kit Kat, API level 19) • Repeat 10 times and take average • Preview Encrypted Email • 76 ms to render plaintext on L-7.5 • Well with expected response time(50-150ms) • Composing and Sending Encrypted Email • With longest email: • 953 words, of which 362 are unique • 205 ms to encrypt, build the search index, and encode

  24. M-AegisEvaluations-User Study • Users: college students • Tasks: previewing, reading, composing, sending and searching • Difference and experience • Report from 15 participants • No one notice major difference • One: L-7.5 didn't catch up smoothly when scrolled • One: L-7.5 lag when reading emails • All would use M-Aegis to protect the privacy of their data

  25. Outline • Motivation • Related work • M-Aegis • System design • Implementation • Evaluation • Limitation • Conclusion

  26. Limitation • Data format • text(Unicode-compatible) • Not support other types(e.g. Image, audio, video) • Unavailability of transformation functions • Other process steps, like compression • Typographical error during search • Rare happen • Encryption schemes that tolerate typographical error search without server modification

  27. Outline • Motivation • Related work • M-Aegis • System design • Implementation • Evaluation • Limitation • Conclusion

  28. Conclusion • Users can control private data using Mimesis Aegis • Layer 7.5 • Strong isolation • Preserve original user experience • Scalar to more apps and resilient to app updates • Prototype on Android • Minimal overhead • User study shows acceptable

  29. Questions?

More Related