sponsors
usenix conference policies
You are here
Mimesis Aegis: A Mimicry Privacy Shield–A System’s Approach to Data Privacy on Public Cloud
Billy Lau, Simon Chung, Chengyu Song, Yeongjin Jang, Wenke Lee, and Alexandra Boldyreva, Georgia Institute of Technology
Users are increasingly storing, accessing, and exchanging data through public cloud services such as those provided by Google, Facebook, Apple, and Microsoft. Although users may want to have faith in cloud providers to provide good security protection, the confidentiality of any data in public clouds can be violated, and consequently, while providers may not be “doing evil,” we can not and should not trust them with data confidentiality.
To better protect the privacy of user data stored in the cloud, in this paper we propose a privacy-preserving system called Mimesis Aegis (M-Aegis) that is suitable for mobile platforms. M-Aegis is a new approach to user data privacy that not only provides isolation but also preserves the user experience through the creation of a conceptual layer called Layer 7.5 (L-7.5), which is interposed between the application (OSI Layer 7) and the user (Layer 8). This approach allows M-Aegis to implement true end-to-end encryption of user data with three goals in mind: 1) complete data and logic isolation from untrusted entities; 2) the preservation of original user experience with target apps; and 3) applicable to a large number of apps and resilient to app updates.
In order to preserve the exact application workflow and look-and-feel, M-Aegis uses L-7.5 to put a transparent window on top of existing application GUIs to both intercept plaintext user input before transforming the input and feeding it to the underlying app, and to reversetransform the output data from the app before displaying the plaintext data to the user. This technique allows MAegis to transparently integrate with most cloud services without hindering usability and without the need for reverse engineering. We implemented a prototype of MAegis on Android and show that it can support a number of popular cloud services, e.g. Gmail, Facebook Messenger, WhatsApp, etc.
Our performance evaluation and user study show that users incur minimal overhead when adopting M-Aegis on Android: imperceptible encryption/decryption latency and a low and adjustable false positive rate when searching over encrypted data.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Billy Lau and Simon Chung and Chengyu Song and Yeongjin Jang and Wenke Lee and Alexandra Boldyreva},
title = {Mimesis Aegis: A Mimicry Privacy {Shield{\textendash}A} {System{\textquoteright}s} Approach to Data Privacy on Public Cloud},
booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
year = {2014},
isbn = {978-1-931971-15-7},
address = {San Diego, CA},
pages = {33--48},
url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/lau},
publisher = {USENIX Association},
month = aug
}
connect with us