encrypted cloud storage
play

Encrypted Cloud Storage David Cash Paul Grubbs Jason Perry Tom - PowerPoint PPT Presentation

Dec 02, 2022 •132 likes •508 views

Security of Searchable Encrypted Cloud Storage David Cash Paul Grubbs Jason Perry Tom Ristenpart Rutgers U Skyhigh Networks Lewis U Cornell Tech Outsourced storage and searching client cloud provider give me all records containing

  1. Security of Searchable Encrypted Cloud Storage David Cash Paul Grubbs Jason Perry Tom Ristenpart Rutgers U Skyhigh Networks Lewis U Cornell Tech

  2. Outsourced storage and searching client cloud provider give me all records containing “sunnyvale” , , • “records” could be emails, text documents, Salesforce records, … • searching is performed efficiently in the cloud via standard indexing techniques

  3. End-to-end encryption breaks searching ??? client cloud provider give me all records containing “sunnyvale” • Searching incompatible with privacy goals of traditional encryption

  4. Searchable Encryption Research Efficiency • Space/computation Usability used by server and • What query types are client Security supported? • Minimizing what • Legacy compatible? a dishonest server can learn This Talk: • only treating single-keyword queries • only examining highly efficient constructions • focus on understanding security Not treated: More theoretical, highly secure solutions (FHE, MPC, ORAM, …)

  5. Searchable Symmetric Encryption [SWP’00, CGKO’06, …] Want docs Should not learn containing word docs or queries w = “simons” client cloud provider Search token: T w nCeUKlK7GO5ew6mwpIra ODusbskYvBj9GX0F0bNv puxtwXKuEdbHVuYAd4mE ULgyJmzHV03ar8RDpUE1 6TfEqihoa8WzcEol8U8b Q1BzLK368qufbMMHlGvN sOVqt2xtfZhDUpDig8I0 jyWyuOedYOvYq6XPqZc2 5tDHNCLv2DFJdcD9o4FD c 1 , c 2 , c 3 , … 5

  6. Other SE types deployed (and sold) Typically lower security than SSE literature solutions, as we will see.

  7. How SE is analyzed in the literature Crypto security definitions usually formalize e.g.: “ nothing is leaked about the input, except size” SE uses a weakened type of definition: identify a formal “leakage function” L • allows server to learn info corresponding to L , but no more • Example L outputs: • Size info of records and newly added records • Query repetition • Access pattern: Repeated record IDs across searches • Update information: Some schemes leak when two added records contain the same keyword

  8. What does L- secure mean in practice? Messy question which depends on: • The documents : number, size, type/content • The queries : number, distribution, type/content • Data processing : Stemming, stop word removal, etc • The updates : frequency, size, type Adversary’s knowledge : of documents and/or queries • Adversary’s goal : What exactly is it trying to do? • Currently almost no guidance in the literature.

  9. Attacking SE: An example • Consider an encrypted inverted index • Keywords/data not in the clear, but pattern of access of document IDs is keyword records “record #37 contains every 45e8a 4, 9,37 “this keyword is the keyword, and overlaps with 092ff 9,37,93,94,95 record #9 a lot” most common” f61b5 9,37,89,90 cc562 4,37,62,75 • Highly unclear if/when leakage is dangerous

  10. One prior work: Learning queries Under certain circumstances, queries can be Bad news: learned at a high rate (80%) by a curious server who knows all of the records that were encrypted . [Islam-Kuzu-Kantarcioglu] (sketched later)

  11. This work: Practical Exploitability of SE Leakage • Many-faceted expansion of [Islam-Kuzu-Kantarcioglu]: 1. Different adversary goals: Document (record) recovery in addition to query recovery 2. Different adversary knowledge: (full, partial, and distributional) 3. Active adversaries: planted documents • Simple attacks exploiting only leakage for query recovery, document recovery, with experiments • Note: For simplicity, this talk presents attacks on specific implementations.

  12. Datasets for Attack Experiments Enron Emails • 30109 Documents from employee sent_mail folders (to focus on intra-company email) • When considering 5000 keywords, average of 93 keywords/doc . Apache Emails • 50582 documents from Lucene project’s java -user mailing list • With 5000 keywords, average of 291 keywords/doc Processed with standard IR keyword extraction techniques (Porter stemming, stopword removal)

  13. Outline 1. Simpler query recovery 2. Document recovery from partial knowledge 3. Document recovery via active attack

  14. Query recovery using document knowledge [Islam-Kuzu-Kantarcioglu] Attack setting: • Server knows all documents e.g., public financial data • k random queries issued • Minimal leakage: Only which records match each query (as SSE) • Target: Learn the queries Inverted index (known): Leakage (unknown queries): rec1 rec2 rec3 rec4 keyword records Q1 1 sunnyvale 4,37,62,75 Q2 1 … rutgers 9,37,93,94,95 Q3 1 1 1 Q4 1 1 admissions 4, 9,37 Q5 1 1 committee 8,37,89,90 Q6 1 … … 14

  15. [Islam-Kuzu-Kantarcioglu] The IKK attack (sketch) Leakage (unknown queries): rec1 rec2 rec3 rec4 Q1 1 Q2 1 … Q3 1 1 1 Q4 1 1 Q5 1 1 Q6 1 … • Observes how often each query intersects with other queries • Uses knowledge of document set to create large optimization problem for finding mapping from queries to keywords • Solving NP-hard problem, severely limited to small numbers of queries, certain distributions 15

  16. Observation The IKK attack requires the server to have virtually perfect knowledge of the document set If so, then why not just look at the number of documents returned by a query? When a query term returns a unique number of documents, then it can immediately be guessed 16

  17. Query Recovery via Counts • After finding unique-match queries, we then “disambiguate” remaining queries by checking intersections Q3 matched 3 Leakage: records, so it rec1 rec2 rec3 rec4 must be “rutgers” Q1 1 Q2 overlapped w/ Q2 1 one record containing Q3 1 1 1 “ rutgers ” so it must Q4 1 1 be “ sunnyvale ” Q5 1 1 Q6 1 17

  18. Query Recovery Experiment • Enron email subset Setup: • k most frequent words • 10% queried at random • Nearly 100% recovery, scales to large number of keywords, runs in seconds 18

  19. Query Recovery with Partial Knowledge • What if document set is only partially known? • We generalized counting attack to account for imperfect knowledge • Tested count and IKK attacks when only x% of the document was revealed 21

  20. Query Recovery with Partial Knowledge Enron subset, 500 most frequent keywords (stemmed, non- stopwords), 150 queried at random, 5% of queries initially given to server as hint

  21. Outline 1. Simpler query recovery 2. Document recovery from partial knowledge 3. Document recovery via active attack

  22. Document Recovery using Partial Knowledge This blob indexes some docs I happen to know and others I don’t… What does that tell me? SE index Emails Client

  23. Passive Document Recovery Attack Setting • Server knows type of documents (i.e. has training set) • No queries issued at all • Some documents become “known” • Target: Recover other document contents

  24. Leakage that we attack • Stronger SE schemes are immune to document recovery until queries are issued • So we attack weaker constructions of the form: Record 1: zAFDr7ZS99TztuSBIf[…] Record 1: The quick brown fox […] H(K,quick), H(K,brown), H(K,fox), … Record 2: Record 2: The fast red fox […] Hs9gh4vz0GmH32cXK5[…] H(K,fast), H(K,red), Example systems: H(K,fox), … [Lau et al’14] • Mimesis [He et al’14] • • Shadowcrypt Also: an extremely simple scheme

  25. Simple Observation Unknown: Known: Doc 1: Doc 2: zAFDr7ZS99TztuSBIf[…] zAFDr7ZS99TztuSBIf[…] H(K,quick), H(K,brown), H(K,fast), H(K,red), H(K,fox), … H(K,fox), … • If server knows Doc 1, then learns when any word in Doc 1 appears in other docs • Implementation detail: We assume hash values stored in order. • Harder but still possible if hash in random order. (see paper)

  26. Document Recovery with Partial Knowledge • For each dataset, we ran attack knowing either 2 or 20 random emails

  27. Anecdotal Example • From Enron with 20 random known documents • Note effect of stemming, stopword removal, and revealing each word once

  28. The effect of one public document Case study: A single email from the Enron corpus, sent to 500 employees • 832 Unique Keywords • Topic: an upcoming survey of the division by an outside consulting group. The vocabulary of this single document gives us on average 35% of the words in every document (not counting stopwords).

  29. Outline 1. Simpler query recovery 2. Document recovery from partial knowledge 3. Document recovery via active attack

  30. Chosen-Document-Addition Attacks Leakage from my crafted email! update protocol SE index Emails Local Proxy

  31. Chosen-Document Attack ⇒ Learn chosen hashes • Again we attack weaker constructions of the form: Doc 1: zAFDr7ZS99TztuSBIf[…] Doc 1: The quick brown fox […] H(K,quick), H(K,brown), H(K,fox), … New Doc: New Doc: VcamU4a8hXcG3F55Z[…] contract sell buy H(K,contract),H(K,buy), H(K,sell), … • Hashes in order ⇒ very easy attack • Hashes not in order ⇒ more difficult (we attack now)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov

Can You Trust Your Encrypted Cloud? An Assessment of SpiderOakONEs Security Anders Dalskov Claudio Orlandi Aarhus University RWC 2018 Agenda I A Threat Model for Encrypted Cloud Storage (ECS). I A high-level look into a modern ECS service

770 views • 47 slides
Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud Services and Storage Workshop Oslo, Norway - September 10th, 2017 The Cloud David Pointcheval Introduction 2 / 17 Anything from Anywhere One

290 views • 17 slides
Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web

Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web

Keys to the Cloud Bansal, Bhargavan, Delignat-Lavaud, Maffeis Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web Storage Crypto on the Web Motivations Formal analysis of cryptographic web

1.19k views • 106 slides
Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective Provide logical storage pools that abstract a more complex distributed infrastructure made of commodity hardware Separate storage service

627 views • 15 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software backed by Riak Simple API Multi-tenant, Per-tenant Reporting Pluggable Authentication Multi Data Center Replication (Enterprise)

369 views • 18 slides
Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted

CS573 Data Privacy and Security Secure Outsourcing Computation Li Xiong Outline Cloud computing Computing on encrypted data Homomorphic encryption What is Cloud Computing ? Cloud computing Type of computing that relies on sharing

1.29k views • 62 slides
Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research Cloud Storage Security for Cloud Storage o Main concern: will my data be safe? o it will be encrypted o it will be authenticated o it will be backed

794 views • 42 slides
Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan Stefanovici , Dushyanth Narayanan Benn Thomsen, Antony Rowstron Microsoft Research Cloud Storage Landscape: Yesterday + Today Storage Technologies $$$$

147 views • 12 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering Maintainer, GlusterFS SDC India - 24th May, 2018 CONTENTS Define: Hybrid Cloud & Infrastructure Understand: What are the storage needs of hybrid

527 views • 16 slides
Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012 Dubrovnik, Croatia Szabolcs Szkelyi <szekelyi@niif.hu> Agenda Storage infrastructure update Archiving service Cloud GUI

877 views • 18 slides
Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint work with Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva Cloud Outsourcing Storage and Computation Data storage Data processing [Cloud Security

393 views • 23 slides
: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt Virginia Tech & IBM Research Almaden Cloud object stores enable cost-efficient data storage Object storage 2 Cloud object

720 views • 46 slides
Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011

Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011

Update on cloud and storage development at NIIFI 8th TF-Storage Meeting February 4, 2011 Budapest, Hungary Szkelyi Szabolcs <szekelyi@niif.hu> Cloud Infrastructure as a Service Virtual machines, virtual networks, disk images,

115 views • 10 slides
5:30-6:30 Drinks 6:30-8:30 Dinner SATURDAY, 19 NOVEMBER 9:4510:15 Registration

5:30-6:30 Drinks 6:30-8:30 Dinner SATURDAY, 19 NOVEMBER 9:4510:15 Registration

THE EDGE OF OUR THINKING CONFERENCE SCHEDULE FRIDAY, 18 NOVEMBER 1:001:45 Registration 1:453:15 Session A Panel Susan Barnett Story of elsewhere; not these people, not this place Meg Rahaim Performing the Palimpsest: On the Impulse

263 views • 8 slides
Biography Playwright Harold Pinter was born in Hackney, London, on 10 October 1930. He was

Biography Playwright Harold Pinter was born in Hackney, London, on 10 October 1930. He was

Biography Playwright Harold Pinter was born in Hackney, London, on 10 October 1930. He was educated at Hackney Downs Grammar School and trained at the Royal Academy of Dramatic Art and Central School of Speech and Drama. Harold Pinter was

296 views • 7 slides
Fantasies of History: Guy Gavriel Kay's Hybridization of the Historical Fantasy Novel MythCon

Fantasies of History: Guy Gavriel Kay's Hybridization of the Historical Fantasy Novel MythCon

Fantasies of History: Guy Gavriel Kay's Hybridization of the Historical Fantasy Novel MythCon 2014 Matthew Rettino McGill University Where does fantasy fit? BA English Literature History with a Twist: Kay's Genre Theory of Fantasy

258 views • 24 slides
Laboratory for Manufacturing Systems and Automation - LMS Factories of the Future Community Day

Laboratory for Manufacturing Systems and Automation - LMS Factories of the Future Community Day

Laboratory for Manufacturing Systems and Automation - LMS Factories of the Future Community Day 2018 27 June 2018 Dexterous manipulation using mobile dual arm robots Dr. Michalos George (michalos@lms.mech.upatras.gr ) Laboratory for

377 views • 10 slides
Isometries WIMS Marina Cazzola Dipartimento di Matematica e Applicazioni Universit` a di

Isometries WIMS Marina Cazzola Dipartimento di Matematica e Applicazioni Universit` a di

Isometries Teaching geometry Why isometries? Geometry or Geometries? Isometries and teacher training Symmetry Isometries, symmetry, teacher training and WIMS Tools Isometries WIMS Marina Cazzola Dipartimento di Matematica e

642 views • 6 slides
Mimetic Least Squares Spectral/ hp Finite Element Method for the Poisson Equation Artur Palha 1

Mimetic Least Squares Spectral/ hp Finite Element Method for the Poisson Equation Artur Palha 1

Outline The Standard Least Squares Mimetic Approach Summary and Future Work Mimetic Least Squares Spectral/ hp Finite Element Method for the Poisson Equation Artur Palha 1 and Marc Gerritsma 1 1 Faculty of Aerospace Engineering Delft University

1.01k views • 55 slides
Mixed Mimetic Spectral Elements for Geophysical Fluid Dynamics Dave Lee Los Alamos National

Mixed Mimetic Spectral Elements for Geophysical Fluid Dynamics Dave Lee Los Alamos National

Mixed Mimetic Spectral Elements for Geophysical Fluid Dynamics Dave Lee Los Alamos National Laboratory Lee; LA-UR-17-24044 Mixed Mimetic Spectral Elements Outline Connection of finite volumes to differential forms Key ideas of

276 views • 15 slides
Stability properties in mimetic gravity theories Alexander Ganz Dipartimento di Fisica e

Stability properties in mimetic gravity theories Alexander Ganz Dipartimento di Fisica e

Stability properties in mimetic gravity theories Alexander Ganz Dipartimento di Fisica e Astronomia "Galileo Galilei" Universit di Padova INFN, Sezione di Padova Paris-Saclay AstroParticle Symposioum 2019 16th October 2019 A.

368 views • 11 slides

More recommend