skip to main content
10.1145/2508859.2516692acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

PHANTOM: practical oblivious computation in a secure processor

Published: 04 November 2013 Publication History

Abstract

We introduce PHANTOM [1] a new secure processor that obfuscates its memory access trace. To an adversary who can observe the processor's output pins, all memory access traces are computationally indistinguishable (a property known as obliviousness). We achieve obliviousness through a cryptographic construct known as Oblivious RAM or ORAM. We first improve an existing ORAM algorithm and construct an empirical model for its trusted storage requirement. We then present PHANTOM, an oblivious processor whose novel memory controller aggressively exploits DRAM bank parallelism to reduce ORAM access latency and scales well to a large number of memory channels. Finally, we build a complete hardware implementation of PHANTOM on a commercially available FPGA-based server, and through detailed experiments show that PHANTOM is efficient in both area and performance. Accessing 4KB of data from a 1GB ORAM takes 26.2us (13.5us for the data to be available), a 32x slowdown over accessing 4KB from regular memory, while SQLite queries on a population database see 1.2-6x slowdown. PHANTOM is the first demonstration of a practical, oblivious processor and can provide strong confidentiality guarantees when offloading computation to the cloud.

References

[1]
"PrivateCore", http://www.privatecore.com/.
[2]
J. Agat, "Transforming out Timing Leaks," in POPL, 2000.
[3]
A. Askarov, D. Zhang, and A. C. Myers, "Predictive black-box mitigation of timing channels," in CCS, 2010.
[4]
A. Aviram, S. Hu, B. Ford, and R. Gummadi, "Determinating Timing Channels in Compute Clouds," in CCSW, 2010.
[5]
J. Bachrach, H. Vo, B. Richards, Y. Lee, A. Waterman, R. Avizienis, J. Wawrzynek, and K. Asanovic, "Chisel: Constructing Hardware in a Scala Embedded Language," in DAC, 2012.
[6]
K.-M. Chung, Z. Liu, and R. Pass, "Statistically-secure oram with O(log^2 n)overhead," http://arxiv.org/abs/1307.3699, 2013.
[7]
B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter, "Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors," in SP, 2009.
[8]
J. Devietti, B. Lucia, L. Ceze, and M. Oskin, "DMP: Deterministic Shared Memory Multiprocessing," in ASPLOS, 2009.
[9]
C. W. Fletcher, M. v. Dijk, and S. Devadas, "A Secure Processor Architecture for Encrypted Computation on Untrusted Programs," in STC, 2012.
[10]
C. Gentry, K. Goldman, S. Halevi, C. Julta, M. Raykova, and D. Wichs, "Optimizing oram and using it efficiently for secure computation," in PETS, 2013.
[11]
O. Goldreich, "Towards a Theory of Software Protection and Simulation by Oblivious RAMs," in STOC, 1987.
[12]
O. Goldreich and R. Ostrovsky, "Software Protection and Simulation on Oblivious RAMs," J. ACM, 1996.
[13]
M. T. Goodrich and M. Mitzenmacher, "Privacy-Preserving Access of Outsourced Data via Oblivious RAM Simulation," in ICALP, 2011.
[14]
M. T. Goodrich, M. Mitzenmacher, O. Ohrimenko, and R. Tamassia, "Privacy-preserving Group Data Access via Stateless Oblivious RAM Simulation," in SODA, 2012.
[15]
Y. Gu, Y. Fu, A. Prakash, Z. Lin, and H. Yin, "OS-Sommelier: Memory-only Operating System Fingerprinting in the Cloud," in SoCC, 2012.
[16]
A. Haeberlen, B. C. Pierce, and A. Narayan, "Differential Privacy Under Fire," in USENIX Security, 2011.
[17]
J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten, "Lest We Remember: Cold-boot Attacks on Encryption Keys," Commun. ACM, vol. 52, no. 5, 2009.
[18]
A. Hodjat and I. Verbauwhede, "A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA," in FCCM, 2004.
[19]
A. Huang, "Keeping Secrets in Hardware: The Microsoft Xbox Case Study," in CHES, 2002.
[20]
G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal Verification of an OS Kernel," in SOSP, 2009.
[21]
E. Kushilevitz, S. Lu, and R. Ostrovsky, "On the (In)security of Hash-based Oblivious RAM and a New Balancing Scheme in SODA, 2012.
[22]
J. R. Lorch and B. Parno, "Shroud: Ensuring Private Access to Large-Scale Data in the Data Center," in FAST, 2013.
[23]
R. Martin, J. Demme, and S. Sethumadhavan, "TimeWarp: Rethinking Timekeeping and Performance Monitoring Mechanisms to Mitigate Side-channel Attacks," in ISCA, 2012.
[24]
R. Ostrovsky and V. Shoup, "Private Information Storage (Extended Abstract)," in STOC, 1997.
[25]
L. Ren, C. Fletcher, X. Yu, M. van Dijk, and S. Devadas, "Integrity verification for path oblivious-ram," in HPEC, 2013.
[26]
L. Ren, X. Yu, C. W. Fletcher, M. van Dijk, and S. Devadas, "Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors," in ISCA, 2013.
[27]
B. Rogers, S. Chhabra, M. Prvulovic, and Y. Solihin, "Using address independent seed encryption and bonsai merkle trees to make secure processors os- and performance-friendly," in MICRO, 2007.
[28]
E. Shi, T.-H. H. Chan, E. Stefanov, and M. Li, "Oblivious RAM with O(łog N)3) Worst-Case Cost," in ASIACRYPT, 2011.
[29]
S. W. Smith, "Outbound Authentication for Programmable Secure Coprocessors," in ESORICS, 2002.
[30]
E. Stefanov and E. Shi, "Oblivistore: High performance oblivious cloud storage," in S&P, 2013.
[31]
E. Stefanov, E. Shi, and D. Song, "Towards Practical Oblivious RAM," in NDSS, 2012.
[32]
E. Stefanov, M. van Dijk, E. Shi, C. Fletcher, L. Ren, X. Yu, and S. Devadas, "Path O-RAM: An Extremely Simple Oblivious RAM Protocol," in CCS, 2013.
[33]
G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas, "AEGIS: Architecture for Tamper-evident and Tamper-resistant Processing," in ICS, 2003.
[34]
D. L. C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," phSIGOPS Oper. Syst. Rev., vol. 34, no. 5, pp. 168--177, 2000.
[35]
M. Tiwari, H. M. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood, "Complete Information Flow Tracking from the Gates up," in ASPLOS, 2009.
[36]
A. Waksman and S. Sethumadhavan, "Silencing Hardware Backdoors," in SP, 2011.
[37]
A. Waterman, Y. Lee, D. A. Patterson, and K. Asanović, "The RISC-V Instruction Set Manual, Volume I: Base User-Level ISA," EECS Department, UC Berkeley, Tech. Rep. UCB/EECS-2011--62, May 2011.
[38]
P. Williams and R. Sion, "Round-Optimal Access Privacy on Outsourced Storage," in CCS, 2012.
[39]
P. Williams, R. Sion, and B. Carbunar, "Building castles out of mud: practical access pattern privacy and correctness on untrusted storage," in CCS, 2008.
[40]
P. Williams, R. Sion, and A. Tomescu, "PrivateFS: A Parallel Oblivious File System," in CCS, 2012.
[41]
D. Zhang, A. Askarov, and A. C. Myers, "Predictive Mitigation of Timing Channels in Interactive Systems," in CCS, 2011.
[42]
X. Zhuang, T. Zhang, and S. Pande, "HIDE: An Infrastructure for Efficiently Protecting Information Leakage on the Address Bus," in ASPLOS, 2004.

Cited By

View all
  • (2025)Secure Machine Learning Hardware: Challenges and Progress [Feature]IEEE Circuits and Systems Magazine10.1109/MCAS.2024.350937625:1(8-34)Online publication date: Sep-2026
  • (2025)Oblivious RAM-Based Secure ProcessorsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1553(1724-1727)Online publication date: 8-Jan-2025
  • (2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
  • Show More Cited By

Index Terms

  1. PHANTOM: practical oblivious computation in a secure processor

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
    November 2013
    1530 pages
    ISBN:9781450324779
    DOI:10.1145/2508859
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 November 2013

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. fpgas
    2. oblivious ram
    3. path oram
    4. secure processors

    Qualifiers

    • Research-article

    Conference

    CCS'13
    Sponsor:

    Acceptance Rates

    CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)68
    • Downloads (Last 6 weeks)8
    Reflects downloads up to 17 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Secure Machine Learning Hardware: Challenges and Progress [Feature]IEEE Circuits and Systems Magazine10.1109/MCAS.2024.350937625:1(8-34)Online publication date: Sep-2026
    • (2025)Oblivious RAM-Based Secure ProcessorsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1553(1724-1727)Online publication date: 8-Jan-2025
    • (2024)Towards Practical Oblivious Join ProcessingIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2023.331003836:4(1829-1842)Online publication date: Apr-2024
    • (2024)Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00012(11-22)Online publication date: 16-May-2024
    • (2024)Data Enclave: A Data-Centric Trusted Execution Environment2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00026(218-232)Online publication date: 2-Mar-2024
    • (2024)Caching and Prefetching for Improving ORAM Performance2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)10.1109/DSN-W60302.2024.00016(17-20)Online publication date: 24-Jun-2024
    • (2024)XPORAM: A Practical Multi-client ORAM Against Malicious AdversariesInformation Security and Cryptology10.1007/978-981-97-0942-7_20(397-417)Online publication date: 26-Feb-2024
    • (2024)Combining Classical and Probabilistic Independence Reasoning to Verify the Security of Oblivious AlgorithmsFormal Methods10.1007/978-3-031-71162-6_10(188-205)Online publication date: 9-Sep-2024
    • (2023)Protection of Access PatternProceedings of the 2023 7th International Conference on Computer Science and Artificial Intelligence10.1145/3638584.3638585(99-105)Online publication date: 8-Dec-2023
    • (2023)Hardware Support for Constant-Time ProgrammingProceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3613424.3623796(856-870)Online publication date: 28-Oct-2023
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media