AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content

Web servers are vulnerable to a large class of attacks which can
allow a network attacker to steal sensitive web content. In this
work, we investigate the feasibility of a web server architecture,
wherein the vulnerable server VM runs on a trusted cloud. All sensitive
web content is made available to the vulnerable server VM in
encrypted form, thereby limiting the effectiveness of data-stealing
attacks through server VM compromise.
In this context, the main challenge is to allow the legitimate functionality
of the untrusted server VM to work. As a step towards
this goal, we develop a tool called AUTOCRYPT, which transforms
a subset of existing C functionality in the web stack to operate on
encrypted sensitive content. We show that such a transformation
is feasible for several standard Unix utilities available in a typical
LAMP stack, with no developer effort. Key to achieving this expressiveness
over encrypted data, is our scheme to combine and
convert between partially-homomorphic encryption (PHE) schemes
using a small TCB in the trusted cloud hypervisor. We show
that x86 code transformed with AUTOCRYPT achieves performance
that is significantly better than its alternatives (downloading to a
trusted client, or using fully-homomorphic encryption).