Adil Ahmad (Purdue), Byunggill Joe (KAIST), Yuan Xiao (Ohio State University), Yinqian Zhang (Ohio State University), Insik Shin (KAIST), Byoungyoung Lee (Purdue/SNU)
Program obfuscation is a popular cryptographic
construct with a wide range of uses such as IP theft prevention. Although
cryptographic solutions for program obfuscation impose
impractically high overheads, a recent breakthrough leveraging
trusted hardware has shown promise. However, the existing
solution is based on special-purpose trusted hardware, restricting
its use-cases to a limited few.
In this paper, we first study if such obfuscation is feasible
based on commodity trusted hardware, Intel SGX, and we
observe that certain important security considerations are not
afforded by commodity hardware. In particular, we found that
existing obfuscation/obliviousness schemes are insecure if directly
applied to Intel SGX primarily due to side-channel limitations.
To this end, we present OBFUSCURO, the first system providing
program obfuscation using commodity trusted hardware, Intel
SGX. The key idea is to leverage ORAM operations to perform
secure code execution and data access. Initially, OBFUSCURO
transforms the regular program layout into a side-channel-secure
and ORAM-compatible layout. Then, OBFUSCURO ensures
that its ORAM controller performs data oblivious accesses in
order to protect itself from all memory-based side-channels.
Furthermore, OBFUSCURO ensures that the program is secure
from timing attacks by ensuring that the program always runs
for a pre-configured time interval. Along the way, OBFUSCURO
also introduces a systematic optimization such as register-based
ORAM stash. We provide a thorough security analysis of
OBFUSCURO along with empirical attack evaluations showing
that OBFUSCURO can protect the SGX program execution from
being leaked by access pattern-based and timing-based channels.
We also provide a detailed performance benchmark results in
order to show the practical aspects of OBFUSCURO.