TWC: Small: Ascend: Architecture for Secure Computation on Encrypted Data

TWC：小型：Ascend：加密数据安全计算架构

• 批准号: 1317763
• 负责人: Srini Devadas
• 金额: $ 50万
• 依托单位: Massachusetts Institute of Technology
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-10-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1317763&HistoricalAwards=false
• 关键词: TWC; Small; Ascend; Architecture; Secure

Outsourcing computation to the cloud has a difficult set of privacy challenges, a primary one being that the client cannot really trust cloud or application software. Encrypted computation achieves privacy by having the user specify encrypted inputs to a program in the cloud and returning encrypted results.The design and implementation of a secure processor architecture, called Ascend, that guarantees privacy of data computed upon by untrusted programs and run on an untrusted operating system (OS) is underway. Our security goal is to only trust the Ascend processor chip and show that it is secure against software attacks and power analysis attacks on its pins even though application and system software can be malicious. Our performance goal is to show that execution time and energy overheads of encrypted computation are reasonable. The key idea in Ascend to guarantee privacy is obfuscated program execution: from the perspective of the Ascend chip's input/output and power pins, an untrusted server cannot learn anything about private user data regardless of the program run.Through innovations in architectural mechanisms, security protocols, and applied cryptography, we hope to show that it is viable to only trust hardware and not trust any software in some security-conscious applications, thereby substantially minimizing the trusted computing base for these applications. The development of simulator infrastructure and hardware prototypes will allow the fruits of the research to be widely disseminated. This project will introduce high-school students to research in applied cryptography and security through an innovative high-school outreach program.

将计算外包到云会带来一系列困难的隐私挑战，其中最主要的挑战是客户无法真正信任云或应用程序软件。加密计算通过让用户指定云中程序的加密输入并返回加密结果来实现隐私。设计和实现名为 Ascend 的安全处理器架构，可保证由不受信任的程序计算并在不受信任的计算机上运行的数据的隐私。操作系统（OS）正在进行中。 我们的安全目标是只信任升腾处理器芯片，并表明即使应用程序和系统软件可能是恶意的，它也能抵御对其引脚的软件攻击和电源分析攻击。我们的性能目标是证明加密计算的执行时间和能量开销是合理的。 Ascend保证隐私的关键思想是混淆程序执行：从Ascend芯片的输入/输出和电源引脚的角度来看，不受信任的服务器无论程序如何运行都无法获知用户的隐私数据。通过架构机制的创新，安全性协议和应用密码学，我们希望证明在一些具有安全意识的应用程序中只信任硬件而不信任任何软件是可行的，从而大大减少这些应用程序的可信计算基础。模拟器基础设施和硬件原型的开发将使研究成果得到广泛传播。该项目将通过创新的高中推广计划向高中生介绍应用密码学和安全性的研究。