Mimesis Aegis: A Mimicry Privacy ShieldA System's Approach to Data Privacy on Public Cloud
Billy Lau, Simon Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva
USENIX 14
Presenter: Shasha Wen
Some figures are from the author's slides
Outline
Motivation Related work M-Aegis
System design implementation
Evaluation Limitation Conclusion
Motivation
Public cloud services(PCS) Trust server to secure our data Conflict of interest for data privacy between users
and PCS providers Text communication service Smart phone
Change the status
End to end encryption Hard in practical
Good solution Users' ease-of-use Developers' effort to maintain support Feasibility and deployability of solution on a mobile
system
Design goals
1
2
3
For a solution to be secure, it must be properly isolated from untrusted entities
For a solution to be adoptable, it must preserve the user experience
For a solution to be sustainable, it must be easy to maintain and scalable
Outline
Motivation Related work M-Aegis
System design implementation
Evaluation Limitation Conclusion
Related work
Standalone solutions Protect data confidentiality Good isolation from untrusted entities e.g. Gibberbot, TextSecure, SafeSlinger...... Problem
Not preserve user experience
1
Related work
Browser Plugin/Extension Solutions e.g. Cryptocat, Scramble, NOYB...... Provides transparent integration Problem
Not applicable to mobile platform
App repackaging/Rewriting solution e.g. Aurasium, Dr. Android...... Problem
Breaks app updates Isolation model is unclear
2
2
Outline
Motivation Related work M-Aegis
System design Implementation
Evaluation Limitation Conclusion
Mimesis Aegis
Apply end-to-end encryption while preserving user experience Mimicking GUIs of app of interest Interacting with app on behalf of user
Good isolation model Generalizable across different apps Resilient to app updates
3
2
1
Mimesis Aegis
M-Aegis System Design-Threat Model
In-scope Untrusted parties
Public cloud service providers Client side apps Middle boxes between a PCS and client side app
Trusted components Hardware, OS, keyboard, M-Aegis components, the user
Out of scope availability(denial-of-service)
Attacks against our TCB
M-Aegis System Design-Architecture
Layer 7.5 User interface automation/accessibility(UIA) Secure No developer attention Users' sense
M-Aegis System Design-Architecture
Layer 7.5 Interactions without data confidentiality
click-through Interactions with data confidentiality
Place opaque GUIs in different color Interactions with control GUIs
Semi-transparent mimic GUIs
M-Aegis System Design-Architecture
UI Automation Manager(UIAM) Give M-Aegis the context of the screen
TCA, GUI tree, content of the GUI Provide information to correctly render GUIs
Per-Target Client App(TCA) Logic Handle direct user input
Decides suitable actions Pass or encode Encryption and encoding scheme
M-Aegis System Design-Architecture
Cryptographic Module Key manager
Per TCA Password based(default) to more sophisticated one
Searchable Encryption Scheme Easily-deployable efficiently-searchable symmetric
encryption(EDESE)
Searchable Encryption Scheme
Normal encryption “ab”, ”abc”
Bellare et al[1] keywords
HMACs of unique keywords Add dummy keywords
Bloom filter(BF) Efficient set-inclusion tests Encodes the positions of on-bits in a BF
[1] BELLARE, M., BOLDYREVA, A., AND O’NEILL, A. Determin- istic and efficiently searchable encryption. In CRYPTO (2007), A. Menezes, Ed., vol. 4622 of Lecture Notes in Computer Sci- ence, Springer, pp. 535–552.
Searchable Encryption Scheme
Bloom filter(BF)
From http://en.wikipedia.org/wiki/Bloom_filter
Keyword:128bit BF: 224
k: 10
M-Aegis System Design- User Workflow
launch the Gmail initialize
User L7.5 UIAMPer-TCA logic
detect
Detect statecomposing Mimic GUI
send Get content;Get the key;
encode
Mimic GUI Send to app;Click “send”
App
UI
M-Aegis Implementation
UIAM based on UIA libraries Monitor events
WINDOW_CONTEST_CHANGED WINDOW_STATE_CHANGED VIEW_SCROLLED
Query for UI node Resource ID ← UI Automator Viewer performAction()
Layer 7.5 always-on-top Creation of various system windows
TYPE_SYSTEM_OVERLAY TYPE_SYSTEM_ERROR
M-Aegis Implementation
Per-TCA Logic Identify signatures for each TCA state
Event handler
Type of input data
Encrypt data into CJK unicode
Cryptographic Schemes AES-GCM-256
PBKDF2 & SHA-1 as HMAC
Outline
Motivation Related work M-Aegis
System design Implementation
Evaluation Limitation Conclusion
M-Aegis Evaluations-Performance
Experimental Setup: Stock Android phone(LG Nexus 4)
Android 4.4.2(Kit Kat, API level 19) Repeat 10 times and take average
Preview Encrypted Email 76 ms to render plaintext on L-7.5
Well with expected response time(50-150ms)
Composing and Sending Encrypted Email With longest email:
953 words, of which 362 are unique 205 ms to encrypt, build the search index, and encode
M-Aegis Evaluations-User Study
Users: college students Tasks: previewing, reading, composing, sending and searching
Difference and experience
Report from 15 participants No one notice major difference
One: L-7.5 didn't catch up smoothly when scrolled One: L-7.5 lag when reading emails
All would use M-Aegis to protect the privacy of their data
Outline
Motivation Related work M-Aegis
System design Implementation
Evaluation Limitation Conclusion
Limitation
Data format text(Unicode-compatible)
Not support other types(e.g. Image, audio, video)
Unavailability of transformation functions Other process steps, like compression
Typographical error during search Rare happen
Encryption schemes that tolerate typographical error search without server modification
Outline
Motivation Related work M-Aegis
System design Implementation
Evaluation Limitation Conclusion
Conclusion
Users can control private data using Mimesis Aegis Layer 7.5
Strong isolation Preserve original user experience Scalar to more apps and resilient to app updates
Prototype on Android
Minimal overhead User study shows acceptable
Questions?