Preserving Access Pattern Privacy in SGX-Assisted Encrypted Search

Outsourcing sensitive data and operations to un-trusted cloud providers is considered a challenging issue. To perform a search operation, even if both the data and the query are encrypted, attackers still can learn which data locations match the query and what results are returned to the user. This kind of leakage is referred to as data access pattern. Indeed, using access pattern leakage, attackers can easily infer the content of the data and the query. Oblivious RAM (ORAM), Fully Homomorphic Encryption (FHE), and secure Multi-Party Computation (MPC) offer a higher level of security but incur high computation and communication overheads. One promising practical approach to process the outsourced data efficiently and securely is leveraging trusted hardware like Intel SGX. Recently, several SGX-based solutions have been proposed in the literature. However, those solutions suffer from side channel attacks, high overheads of context switching, or limited SGX memory. In this paper, we present an SGX-assisted scheme for performing search over encrypted data. Our solution protects access pattern against side channel attacks while ensuring search efficiency. It can process large databases without requiring any long-term storage on SGX. We have implemented a prototype of the scheme and evaluated its performance using a dataset of 1 million records. The equality query can be completed in 9.55 milliseconds. Comparing with ORAM-based solutions, such as ObliDB, our scheme is more than 11x faster.