Data Mining PlatformUsing Attribute-Based Encryption and Intel SGX.
README in Japanese is here.
graphene_ABE is the test codes of the study, ''Secure and Fine-Grained Accessible Data Mining PlatformUsing Attribute-Based Encryption and Intel SGX''.
In our system, all the data is encrypted by the ABE. When the server receives a request from auser, only the subset of data that the user is authorized to access is decrypted and analyzed in the enclave (a secure region provided by Intel SGX), and only the result is returned to the user.
- Intel Core(TM) i7-7700K CPU @ 4.20GHz
- 64-bit Linux (tested on Ubuntu 16.04.6LTS)
Create a working directory (e.g., work) and clone repositories.
cd ~
mkdir work
cd work
git clone https://github.com/cBioLab/graphene_ABE.git
git submodule update --init --recursive
To use graphene_ABE, build OpenABE library at first. To get more information about OpenABE installation, check here.
cd [PATH]/graphene_ABE
cd openabe
sudo -E ./deps/install_pkgs.sh
. ./env
make
make test
sudo -E make install
- OPTIONAL
To compile and execute C++ test apps that use the high-level OpenABE crypto box API, do as follows.
cd [PATH]/graphene_ABE/openabe
make examples
cd examples
./test_kp
./test_cp
./test_pk
./test_km
To use graphene_ABE, build graphene library. To get more information about graphene installation, check here.
cd [PATH]/graphene_ABE
cd graphene
git submodule update --init
sudo make
cd Pal/src/host/Linux-SGX/signer/
openssl genrsa -3 -out enclave-key.pem 3072
cd ../sgx-driver
make
sudo ./load.sh
cd ../../../../../
sudo make SGX=1
- OPTIONAL
To compile and execute C++ test codes, do as follows.
cd [PATH]/graphene_ABE/graphene/LibOS/shim/test/native/
make SGX_RUN=1
sudo ./pal_loader SGX helloworld
- In this system, you need to difine the password of cakey.pem, "password". If you define your own password, modify some files...
cd [PATH]/graphene_ABE/Framework/Authority
sudo /usr/lib/ssl/misc/CA.pl -newca
cd [PATH]/graphene_ABE/Framework/Authority
[ -f dhp.pem ] || openssl genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_prime_len:1024 -out dh1024.pem
cd [PATH]/graphene_ABE/Framework/Authority
openssl genrsa -des3 2048 > server.key
openssl req -new -key server.key -out server.csr
sudo openssl ca -out server.crt -infiles server.csr
cat server.crt server.key > server.pem
rm server.crt server.csr server.key
openssl genrsa -des3 2048 > client.key
openssl req -new -key client.key -out client.csr
sudo openssl ca -out client.crt -infiles client.csr
cat client.crt client.key > client.pem
rm client.crt client.csr client.key
openssl genrsa -des3 2048 > DataOwner.key
openssl req -new -key DataOwner.key -out DataOwner.csr
sudo openssl ca -out DataOwner.crt -infiles DataOwner.csr
cat DataOwner.crt DataOwner.key > DataOwner.pem
rm DataOwner.crt DataOwner.csr DataOwner.key
cp demoCA
cp cacert.pem ../
mv cacert.pem root.pem
cd [PATH]/graphene_ABE/Framework
make
@server
cd [PATH]/graphene_ABE/Framework/server
./getData
@DataOwner
cd [PATH]/graphene_ABE/Framework/DataOwner
make upload
cd [PATH]/graphene_ABE/Framework/server
make compile
@server
cd [PATH]/graphene_ABE/Framework/server
make SGXserver
@client
cd [PATH]/graphene_ABE/Framework/client
make analyze
make check
Copyright (C) 2019, Daiki Iwata All rights reserved.
graphene_ABE (files in this repository) is distributed under the BSD 3-Clause License.
For more information, please visit License.txt.
Licenses of external libraries are listed as follows.
-
graphene: GNU Lesser General Public License v3.0
-
OpenABE: GNU Affero General Public License v3.0
-
linux-sgx: BSD 3-Clause License
-
linux-sgx-driver: BSD 3-Clause License
- April 24, 2019; initial version.
岩田大輝 IWATA Daiki ([email protected])