Mimesis Aegis: A Mimicry Privacy Shield A System's Approach to Data Privacy on Public Cloud

Mimesis Aegis: A Mimicry Privacy ShieldA System's Approach to Data Privacy on Public Cloud

Billy Lau, Simon Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva

USENIX 14

Presenter: Shasha Wen

Some figures are from the author's slides

Outline

Motivation Related work M-Aegis

System design implementation

Evaluation Limitation Conclusion

Motivation

Public cloud services(PCS) Trust server to secure our data Conflict of interest for data privacy between users

and PCS providers Text communication service Smart phone

Change the status

End to end encryption Hard in practical

Good solution Users' ease-of-use Developers' effort to maintain support Feasibility and deployability of solution on a mobile

system

Design goals

1

2

3

For a solution to be secure, it must be properly isolated from untrusted entities

For a solution to be adoptable, it must preserve the user experience

For a solution to be sustainable, it must be easy to maintain and scalable

Outline


System design implementation


Related work

Standalone solutions Protect data confidentiality Good isolation from untrusted entities e.g. Gibberbot, TextSecure, SafeSlinger...... Problem

Not preserve user experience

1

Related work

Browser Plugin/Extension Solutions e.g. Cryptocat, Scramble, NOYB...... Provides transparent integration Problem

Not applicable to mobile platform

App repackaging/Rewriting solution e.g. Aurasium, Dr. Android...... Problem

Breaks app updates Isolation model is unclear

2

2

Outline


System design Implementation


Mimesis Aegis

Apply end-to-end encryption while preserving user experience Mimicking GUIs of app of interest Interacting with app on behalf of user

Good isolation model Generalizable across different apps Resilient to app updates

3

2

1

Mimesis Aegis

M-Aegis System Design-Threat Model

In-scope Untrusted parties

Public cloud service providers Client side apps Middle boxes between a PCS and client side app

Trusted components Hardware, OS, keyboard, M-Aegis components, the user

Out of scope availability(denial-of-service)

Attacks against our TCB

M-Aegis System Design-Architecture

Layer 7.5 User interface automation/accessibility(UIA) Secure No developer attention Users' sense


Layer 7.5 Interactions without data confidentiality

click-through Interactions with data confidentiality

Place opaque GUIs in different color Interactions with control GUIs

Semi-transparent mimic GUIs


UI Automation Manager(UIAM) Give M-Aegis the context of the screen

TCA, GUI tree, content of the GUI Provide information to correctly render GUIs

Per-Target Client App(TCA) Logic Handle direct user input

Decides suitable actions Pass or encode Encryption and encoding scheme


Cryptographic Module Key manager

Per TCA Password based(default) to more sophisticated one

Searchable Encryption Scheme Easily-deployable efficiently-searchable symmetric

encryption(EDESE)

Searchable Encryption Scheme

Normal encryption “ab”, ”abc”

Bellare et al[1] keywords

HMACs of unique keywords Add dummy keywords

Bloom filter(BF) Efficient set-inclusion tests Encodes the positions of on-bits in a BF

[1] BELLARE, M., BOLDYREVA, A., AND O’NEILL, A. Determin- istic and efficiently searchable encryption. In CRYPTO (2007), A. Menezes, Ed., vol. 4622 of Lecture Notes in Computer Sci- ence, Springer, pp. 535–552.

Searchable Encryption Scheme

Bloom filter(BF)

From http://en.wikipedia.org/wiki/Bloom_filter

Keyword:128bit BF: 224

k: 10

M-Aegis System Design- User Workflow

launch the Gmail initialize

User L7.5 UIAMPer-TCA logic

detect

Detect statecomposing Mimic GUI

send Get content;Get the key;

encode

Mimic GUI Send to app;Click “send”

App

UI

M-Aegis Implementation

UIAM based on UIA libraries Monitor events

WINDOW_CONTEST_CHANGED WINDOW_STATE_CHANGED VIEW_SCROLLED

Query for UI node Resource ID ← UI Automator Viewer performAction()

Layer 7.5 always-on-top Creation of various system windows

TYPE_SYSTEM_OVERLAY TYPE_SYSTEM_ERROR

M-Aegis Implementation

Per-TCA Logic Identify signatures for each TCA state

Event handler

Type of input data

Encrypt data into CJK unicode

Cryptographic Schemes AES-GCM-256

PBKDF2 & SHA-1 as HMAC

Outline




M-Aegis Evaluations-Performance

Experimental Setup: Stock Android phone(LG Nexus 4)

Android 4.4.2(Kit Kat, API level 19) Repeat 10 times and take average

Preview Encrypted Email 76 ms to render plaintext on L-7.5

Well with expected response time(50-150ms)

Composing and Sending Encrypted Email With longest email:

953 words, of which 362 are unique 205 ms to encrypt, build the search index, and encode

M-Aegis Evaluations-User Study

Users: college students Tasks: previewing, reading, composing, sending and searching

Difference and experience

Report from 15 participants No one notice major difference

One: L-7.5 didn't catch up smoothly when scrolled One: L-7.5 lag when reading emails

All would use M-Aegis to protect the privacy of their data

Outline




Limitation

Data format text(Unicode-compatible)

Not support other types(e.g. Image, audio, video)

Unavailability of transformation functions Other process steps, like compression

Typographical error during search Rare happen

Encryption schemes that tolerate typographical error search without server modification

Outline




Conclusion

Users can control private data using Mimesis Aegis Layer 7.5

Strong isolation Preserve original user experience Scalar to more apps and resilient to app updates

Prototype on Android

Minimal overhead User study shows acceptable

Questions?

Documents

Mimesis Aegis: A Mimicry Privacy Shield A System's Approach to Data Privacy on Public Cloud