Publikationen

Hardware-Assisted Ad-Hoc Secure Two-Party Computation on Smartphones

AutorDemmler, Daniel; Schneider, Thomas; Zohner, Michael
Datum2013
ArtConference Proceedings
AbstraktSecure computation allows multiple mutually distrusting parties to jointly compute a function on their private inputs without revealing anything but the function output. This technique is particularly interesting in the context of mobile devices, such as smartphones, where typically highly sensitive user data is stored and processed. The protection of this data is desirable but challenging, due to the computational complexity of secure computation protocols and the limited processing power, memory and battery-life of mobile hardware. In this work we focus on the practical realization of secure two-party computation in a mobile environment and the possibility of enhancing it by using a trusted hardware token. Previous work in the field, e.g., is mainly based on Yao’s garbled circuit protocol [Yao86]. Further protocols employ homomorphic encryption, but are usually limited to a specific use case. We follow a different and more efficient approach by implementing the protocol by Goldreich-Micali-Wigderson and allowing generic functions to be evaluated. This is done on off-the-shelf Android smartphones using a general purpose microSD smartcard. To address the aforementioned performance issues, we shift the most expensive cryptographic operations into an initialization phase on the trusted hardware token. This phase is independent of the function to be evaluated and can be executed locally when the phone is idle, e.g., charging overnight. The pre-generated trusted data enables us to efficiently mask sensitive user data, thus minimizing the ad-hoc computation time. For the purpose of securely distributing this data from the trusted token to the user, we implemented two secure channel protocols on the smartcard. Our proof-of-concept implementation allows for managing the hardware token and running ad- hoc secure two-party computation with several use cases: private set intersection in order to find common contacts or securely scheduling a meeting, optionally with location preferences. However, our implementation is generic, i.e., new functionalities can easily be introduced by providing the Boolean circuit to be evaluated securely. The performance of our mobile implementation is exten- sively evaluated and found to be able to compete with state-of-the-art protocols implemented on desktop PCs.
Konferenz19th Crypto-Day
SchlüsselTUD-CS-2013-0425
Urlhttps://tubiblio.ulb.tu-darmstadt.de/id/eprint/104261