Practical data-in-use protection using binary decision diagrams

Oleg Mazonka, Esha Sarkar, Eduardo Chielle, Nektarios Georgios Tsoutsos, Michail Maniatakos

Research output: Contribution to journalArticlepeer-review

Abstract

Protection of data-in-use, contrary to the protection of data-at-rest or data-in-transit, remains a challenge. Cryptography advances such as Fully Homomorphic Encryption (FHE) provide theoretical, albeit impractical, solutions to functionally-complete computation over encrypted operands, necessary for general-purpose computation. In this work, we propose a practical data-in-use protection mechanism that, contrary to application-specific homomorphic encryption approaches, focuses on arbitrary computation native to established programming languages, such as C++. Therefore, our work provides a more efficient alternative to FHE schemes that can be used for general-purpose computation. Specifically, we use Binary Decision Diagrams (BDD) to transform high-level programming operations to their equivalents working on protected data. To automate this, we develop a framework that allows automatic conversion of program expressions over encrypted operands into efficient circuits that are reduced using BDDs and can simulate corresponding composed operations. Our experimental results show that our methodology is orders of magnitude faster than state-of-the-art FHE schemes and enables execution of real C++ applications with practical overheads. Our framework is complemented with security analysis proving resistance to different attack methods.

Original languageEnglish (US)
Article number8972396
Pages (from-to)23847-23862
Number of pages16
JournalIEEE Access
Volume8
DOIs
StatePublished - 2020

Keywords

  • Data security
  • data privacy
  • privacy
  • security

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint Dive into the research topics of 'Practical data-in-use protection using binary decision diagrams'. Together they form a unique fingerprint.

Cite this