Attack on a Scheme for Obfuscating and Outsourcing SAT Computations to the Cloud Khazam Alhamdan, Tassos Dimitriou and Imtiaz Ahmad Department of Computer Engineering, Kuwait University, Kuwait Keywords: SAT, Outsourcing Computations, Obfuscation, Data Privacy, Attack, Cloud Computing. Abstract: The emergence of cloud computing gave users the capability to offload computations that cannot be executed locally to cloud servers with large computational power. One such computationally demanding problem is solving large satisfiability (SAT) instances. Although many problems from AI, circuit verification, etc. can be converted to SAT, outsourcing SAT instances may leak considerable information that can put a user’s security at risk. Hence the privacy of outsourcing computations to the cloud is a major issue. In this work we look at the techniques of Qin et al. (Qin and Jia., 2014; Qin and Du., 2018) which have been used to obfuscate SAT formulas before they are released to the cloud. We came up with a realistic attack against their technique that demonstrates how a malicious cloud provider can obtain significant information about the underlying SAT instance. Our work shows that ad hoc schemes cannot offer the required security guarantees for outsourcing SAT computations, hence more formal frameworks should be used instead. 1 INTRODUCTION and Chen., 2018), graph theoretic problems (Blan- ton et al., 2013), rule-based machine learning (Wong Cloud computing is a new paradigm that enables ser- et al., 2007), and so on. For a recent survey on secu- vice providers to share resources (storage, computa- rity issues in computation outsourcing, please refer to tion, bandwidth, etc.) with users. Cloud computing (Shan et al., 2018). comes with mainly three different flavors: SaaS (Soft- Problems such as AI planning, deduction, and ware as a service), PaaS (Platform as a service), and software checking are also known to be hard espe- IaaS (Infrastructure as a service) (Mell and Grance, cially when the inputs are really large. Researchers 2011). While each model has its own usage, outsourc- use different algorithmic techniques to solve such ing computations mainly falls under the SaaS cate- problems, one of which it to reduce the problem from gory in which the provider offers the applications that its original form into a form (eg. propositional logic) can be run on the cloud, and the clients access these which can be tested for satisfiablity (SAT), i.e. find applications through an appropriate interface without an assignment to the variables that makes the formula having to worry about maintaining the actual hard- true (Hung and Gao., 2014). Once the problem is con- ware system. However, despite the increased conve- verted to a SAT instance, various optimized and well nience of cloud services, users may be reluctant to studied SAT solvers can be used to obtain the desired offload critical tasks to the cloud as this may leak pri- solution (Rintanen, 2011; Hung and Gao., 2014). vate information to the cloud provider. It is neces- Despite the advantage of reducing a difficult prob- sary therefore to protect user’s data and tasks against lem to such a well studied problem as SAT, still find- a malicious or untrusted provider (Zissis and Lekkas., ing a solution that satisfies the propositional logic 2012). problem is not easy. This problem is also known as There are already many problems that benefit she satisfiability problem (SAT). Knowing that SAT from outsourcing various computational tasks to the is hard means it typically requires a large amount of cloud such as those involving matrix multiplication computational power, which can be easily provided (Atallah and Frikken, 2010) and Linear Programming through the use of cloud services. Although outsourc- (C. Wang and Wang, 2011). Other known compu- ing computations to the cloud solves the problem of tationally demanding problems are those related to clients with limited computational resources to some modular exponentiation (Ding and Choo., 2017; Zhu extend, security issues arise since the input-output 356 Alhamdan, K., Dimitriou, T. and Ahmad, I. Attack on a Scheme for Obfuscating and Outsourcing SAT Computations to the Cloud. DOI: 10.5220/0007829503560362 In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications (ICETE 2019), pages 356-362 ISBN: 978-989-758-378-0 Copyright c 2019 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved Attack on a Scheme for Obfuscating and Outsourcing SAT Computations to the Cloud relationship of SAT instances may reveal consider- ditional countermeasure that can be used to prevent able information about the user’s activities as cap- simple reverse engineering using a working chip. tured by the SAT formula. For example, SAT is of- Logic locking is a technique attempting to lock ten used as a tool to accomplish other goals; Wakrime the logical functionality of the circuit unless a certain (Wakrime, 2017) developed a system that considers key input is provided along with the input parameters sharing data in a privacy preserving manner using (Chakraborty and Bhunia., 2009) of the working pro- SAT. Brun et al. (Brun and Medvidovic., 2012) used totype. Roshanisefat et al. (Roshanisefat and Sasan., SAT as an abstract view of how computation privacy 2018) further introduced SRCLock (SAT-Resistant can be achieved on the cloud. Cyclic logic Locking) to overcome some weaknesses Our scope here is the privacy of the problem’s in the original practice of logic locking. However data, in particular of SAT formulas. One of the many Chen et al. (Chen, 2018) countered SRCLock by en- approaches to provide such service is by encrypt- hancing prior attacks against it. Yet, Xie et al. (Xie ing/disguising the original problem through a pro- and Srivastava., 2018) introduced a more complex cedure called obfuscation. However, a study per- way for circuit locking called Anti-SAT, which how- formed in (Hosseinzadeh and Leppanen.,¨ 2018) states ever has also been countered by the Bit-flipping attack that obfuscation increases the difficulty of reverse- in (Shen and Zhou., 2018). engineering the problem but it does not provide any The previous attacks demonstrate that is not easy guarantees for security. Here, we will exploit such po- to hide the functionality of a circuit. However, the tential weaknesses in the SAT obfuscation approach focus of this paper is to handle the computational pri- used in (Qin and Jia., 2014) and (Qin and Du., 2018). vacy aspect of the SAT problem which is about hid- More precisely, we developed an attack against ing the original SAT formula structure from the cloud the Qin et al. SAT obfuscation schemes and found solver. that a malicious provider may learn considerable in- Brun et al. (Brun and Medvidovic., 2012) pro- formation about the underlying SAT formula even if posed to distribute the computation of a SAT formula this is presented in an obfuscated form. The lesson on multiple machines such that every machine is as- to be learned is that if an obfuscation scheme is not signed to evaluate a different part of the formula. The designed carefully then solutions obtained might re- sub-evaluation is then passed to the neighbouring ma- veal enough information which can be used to de- chines. Although this method might work in theory, obfuscate and nullify the scheme. nothing prevents the servers from colluding in order The remaining of the paper is organized as fol- to recover the hidden formula. Hence this method as- lows. In Section 2, related work about privacy of SAT sumes a trustworthy cloud provider. instances is presented. In Section 3, the (Qin and Jia., Qin et al. in (Qin and Jia., 2014) and subsequently 2014) approach is described and our methodology to in (Qin and Du., 2018) proposed two similar meth- attack the scheme is discussed. In Section 4, we vali- ods that attempt to obfuscate a SAT formula by em- date our findings with further experimental evidence. bedding a secret key in them. In the next section we Finally, Section 5 concludes this work. describe their scheme as well as our attack against it. 2 RELATED WORK 3 ATTACKING THE QIN ET AL. SCHEMES There are two aspects of the SAT privacy problem, one focusing on hiding the circuit structure of a hard- We start with a brief discussion about the underlying ware design and the other focusing on the privacy of threat model and some background information on the solving computationally hard SAT instances. SAT problem. Then we describe how the target ob- Keshavarz et al. (Keshavarz and Holcomb., 2018) fuscation scheme works (Qin and Jia., 2014; Qin and surveyed the major techniques used to achieve intel- Du., 2018), and how our attack takes advantage of lectual property (IP) protection at the hardware level flaws in the scheme’s design. as well as their potential weaknesses. These include reverse engineering a circuit through imaging, using 3.1 Preliminaries a working chip, or analyzing the circuit at the logical level. A clever way of preventing the imaging attack Threat Model: There are two main participants in the is by disguising the gates in a way that they all look model of outsourcing computations to the cloud, the the same under imaging (Rajendran and Karri., 2013). cloud service provider and the user who wants to out- Adding more circuitry to the desired design is an ad- source his/her SAT instance to the cloud. The goal of 357 SECRYPT 2019 - 16th International Conference on Security and Cryptography any SAT obfuscation algorithm should be to prevent the variables of husk into clauses of the original for- the cloud solver from getting any information about mula in order to mix the two instances together and the original instance from the obfuscated one. As the wipe out any signature of the variables in the origi- cloud solver is assumed to have the computational ca- nal clauses.