encrypted search intro basics
play

Encrypted Search: Intro & Basics Seny Kamara 2 - PowerPoint PPT Presentation

Sep 12, 2023 •376 likes •924 views

SAC Summer School 2019 Encrypted Search: Intro & Basics Seny Kamara 2 14,717,618,286* 4% * since 2013 3 Why so Few? Incompetence? Lazyness? Cost? because it would have hurt Yahoos ability to index and search message

  1. SAC Summer School 2019 Encrypted Search: Intro & Basics Seny Kamara

  2. 2

  3. 14,717,618,286* 4% * since 2013 3

  4. Why so Few? Incompetence? Lazyness? Cost? “…because it would have hurt Yahoo’s ability to index and search message data…” — J. Bonforte in NY Times 4

  5. Q : can we search on encrypted data? 5

  6. distributed leakage suppression range attacks storage [KMO18,KM19] [NKW15,KKNO17,LMP18,…] [AK19] ranges attacks [PBP16,…] [IKK12,CGPR15,ZKP16,BKM19] Boolean in sub-linear [CJJJ+13,PKVK+14,KM17] dynamic in OPT time OPT time [KPR12,NPG14,CJJJKRS14] [CGKO06] O(#docs) I/O efficient [Goh03,CM05] [CJJJKRS14,CT14,…] parallel Can we? [KPR13] [SWP00] sec. defs adaptive sec. defs forward private ESPADA,BlindSeer [Goh03,CM05] [CGKO06] [SPS14,B16,…] [CJJKRS13,PKVK+14] dual secure [AKM19] snapshot secure [AKM19] multi-user Pixek [CGKO06,JJKRS13,PPY18,…] [ZKM18] relational DBs graphs [HILI02,KC05, [CK10,MKNK15] PRZB11,KM19] beyond search DEX [CK10] [KMZZ19] 6

  7. Interdisciplinary Databases Machine Data Structures Learning Graph Algorithms Cryptography Information Retrieval Distributed Systems Statistics Optimization 7

  8. Real-World Problem • Startups • Major companies • Funding agencies • Ciphercloud • Microsoft, SAP • NSF • Skyhigh Networks • MongoDB, Cisco • IARPA • Bitglass • Google Research • DARPA • Baffle • Hitachi, Fujitsu • Cossack Labs • more… • Strong Salt, Overnest • many many more 8

  9. Encrypted Search (Building Blocks) Property-Preserving Functional Structured Encryption (PPE) Encryption Encryption (STE) Oblivious RAM Fully-Homomorphic (ORAM) Encryption (FHE) 9

  10. Efficiency Functionality Leakage 10

  11. What is Search? • Complexity regimes • linear search: O(n) Without Pre-Processing With Pre-Processing • sub-linear search: o(n) • Algorithmic paradigms Linear sequential scan not interesting • with pre-processing • without pre-processing read sub-set of input Sub-Linear data structures ( errors) • For medium to large data • sub-linear search is a requirement ; not an option 11

  12. Background: Data Structures • Abstract data types • Arrays store values 
 • capture functionality • ex: dictionary A • Data structures v 1 v 2 v 3 v 4 v 5 v 6 • instantiate ADTs • ex: hash table, binary search tree • Write: A[i] := v i • As common in CS • Read: A[i] returns v i • we sometimes blur the distinction 12

  13. 
 Background: Data Structures • Dictionaries map labels to values 
 • Multi-Maps map labels to tuples 
 DX MM ℓ 1 v 1 ℓ 1 v 1 v 3 v 4 ℓ 2 v 2 ℓ 2 v 3 ℓ 3 v 3 ℓ 3 v 2 v 4 • Put: DX[ ℓ 2 ] := v 2 • Put: MM[ ℓ 3 ]:= (v 2 ,v 4 ) • Get: DX[ ℓ 2 ] returns v 2 • Get: MM[ ℓ 3 ] returns (v 2 ,v 4 ) 13

  14. Keyword Search in Sub-Linear Time Setup time DS O(n) Query time DS q ans = (ptr 1 , …, ptr n ) 14

  15. Database Queries in Sub-Linear Time Setup time DS O(n) Query time DS q ans = (ptr 1 , …, ptr n ) 15

  16. Q : how do we do sub-linear search on encrypted data? 16

  17. Encrypted Keyword Search in Sub-Linear Time Setup time E DS DS O(n) O(n) Query time E DS q ans = (ptr 1 , …, ptr n ) 17

  18. Encrypted Database Queries in Sub-Linear Time Setup time E DS DS O(n) O(n) Query time E DS q ans = (ptr 1 , …, ptr n ) 18

  19. Q : how do we formalize encrypted data structures? 19

  20. Structured Encryption 
 [Chase-K.10] DS EDS q ans Setup (1 k , DS ) ⟶ (K, EDS) Query(EDS, tk ) ⟶ ans Token (K , q ) ⟶ tk 20

  21. Desiderata Setup leakage EDS Size of EDS q ans Size of state Query time Size of token Query leakage 21

  22. Structured Encryption 
 [Chase-K.10] • Many variants of STE • response-revealing • EDS query reveals answer in plaintext • response-hiding • EDS query reveals encrypted answer • non-interactive queries • clients sends single message called a token • interactive queries • client and server execute multi-round protocol 22

  23. Evolution of Structured Encryption Expressiveness Security Efficiency ‘00 Single-keyword SSE ‘00 Linear in file length [SWP00] ‘06 Leakage-parametrized [SWP00,Goh03,CGKO06,CJJJKRS14] security definitions [CGKO06] Linear in #docs [Goh03] ‘03 ‘06 Multi-user SSE Attacks ‘12 [CGKO06,JJKRS13,PPY16,HS [IKK12,CGPR15,ZKP16,KMNO16, WW18] LMP18,GLMP18] ‘06 Optimal [CGKO06,CK10] Boolean SSE ‘13 Forward/Backward Security 
 ‘14 [CJJKRS13,PKVK+14,KM17] [SPS14,Bost16,LC17,BMO17,AK Optimal Dynamic ‘12 M18] Range SSE 
 [KPR12,CJJJKRS14] ‘14 [PKVK+14,FJKNRS15] Leakage Supression 
 ‘18 [KMO18,KM19] STE-based SQL [KM18] ‘18 I/O efficient ‘14 ‘19 Snapshot 
 [CT14,CJJJKRS14,ANSS16,D [AKM18] PP18],ASS18] 23

  24. Adversarial Models 24

  25. Adversarial Models Snapshot Persistent View View EDS 0 EDS 0 q q ans ans EDS 0 EDS 0 u u EDS 1 q EDS 2 u 25

  26. Persistent (Adaptive) Security 
 [Curtmola-Garay-K.-Ostrovsky06,Chase-K.10] • An STE scheme is ( ℒ S , ℒ Q )-secure vs. a persistent adv. if • it reveals no information about the structure beyond ℒ S • it reveals no information about the structure and query beyond ℒ Q 26

  27. Persistent (Adaptive) Security 
 [Curtmola-Garay-K.-Ostrovsky06,Chase-K.10] Real Ideal ℒ S ( DS ) DS DS DS DS ℒ Q ( DS, q ) q q q q ℒ U ( DS, u ) u u u u 27

  28. Forward Privacy [Stefanov-Papamanthou-Shi14, Bost16] • Informally [SPS14] • “Updates not correlated to previous queries” • Formally [Bost16] • ℒ U (MM, ( ℓ , v )) = # v 28

  29. Snapshot (Adaptive) Security 
 [Amjad-K.-Moataz19] • We say that an STE scheme is ℒ Snp -secure vs. a snapshot adv. if • it reveals no information about the structure beyond ℒ Snp 29

  30. Snapshot (Adaptive) Security 
 [Amjad-K.-Moataz19] Real Ideal DS 0 DS 0 L S ( DS 0 ) E DS 0 E DS 0 L S ( DS 1 , q ) q q E DS 1 E DS 1 L S ( DS 2 , q ) u u E DS 2 E DS 2 30

  31. Snapshot (Adaptive) Security 
 [Amjad-K.-Moataz19] Static Structures Dynamic Structures ℒ Snp = ℒ S Forward privacy Snapshot security Insertion independence Write-only obliviousness (variant of history independence) 31

  32. Q : Why do we parameterize definitions with leakage? 32

  33. Leakage-Parameterized Definitions [Curtmola-Garay-K.-Ostrovsky, Chase-K.10] • This area is about tradeoffs • but traditional cryptographic definitions don’t capture tradeoffs • in 00’s, different approaches were proposed to capture leakage • #1: limit adversary’s power in the proof • #2: make assumptions on data (e.g., high entropy) • Original motivations for leakage-parameterized definitions • Approaches #1 & #2 are misleading (sweep leakage under the rug) • Leakage should be made explicit and not be implicit • gives clear target for cryptanalysis • makes it (somewhat) easier to compare schemes 33

  34. Q : How do we model leakage? 34

  35. Modeling Leakage • Each scheme has a leakage profile: 𝚳 = ( ℒ S , ℒ Q , ℒ U ) • where ℒ S = (patt 1 , …, patt n ) is the Setup leakage • ℒ Q = (patt 1 , …, patt n ) is the Query leakage • ℒ U = (patt 1 , …, patt n ) is the Update leakage • Each “operational” leakage is composed of leakage patterns • (patt 1 , …, patt n ) 35

  36. Common Leakage Patterns [K.-Moataz-Ohrimenko18] • qeq : query equality • req : response equality • a.k.a. search pattern • mqlen : max query length • rid : response identity • mrlen : max resp. length • a.k.a. access pattern • srlen : sequence resp. length • qlen : query length • dsize : data size • trlen : total resp. length • usize : update size • rlen/vol: response length • did : data identity • a.k.a. volume pattern 36

  37. Example Leakage Profiles • The “Baseline” leakage profile for response-revealing EMMs • 𝚳 = ( ℒ S , ℒ Q , ℒ U ) = (dsize, (qeq, rid), usize) • The “Baseline” leakage profile for response-hiding EMMs • 𝚳 = ( ℒ S , ℒ Q , ℒ U ) = (dsize, qeq, usize) • Several new constructions have better leakage profiles • AZL and FZL [K.-Moataz-Ohrimenko18] • VLH and AVLH [K.-Moataz19] 37

  38. Structured Encryption vs. Other Primitives • Encrypted structures appear implicitly throughout crypto • Oblivious RAM can be viewed as a • response-hiding encrypted array • with leakage profile 𝚳 ORAM = ( ℒ S , ℒ Q , ℒ U ) = (dsize, ⟘ ) • PIR can be viewed as a • response-hiding encrypted array • with leakage profile 𝚳 PIR = ( ℒ S , ℒ Q , ℒ U ) = (did, ⟘ ) • Garbled gates can be viewed as • response-revealing 2x2 arrays • 𝚳 GG = ( ℒ S , ℒ Q , ℒ U ) = (dsize, qeq) 38

  39. Encrypted Multi-Maps 39

  40. Encrypted Multi-Maps: The Heart of Sub-Linear Encrypted Search • EMMs are used as building block for sub-linear • Single keyword search [Curtmola-Garay-K.-Ostrovsky06,…] • Conjunctive keyword search [Cash et al.13,…] • Boolean keyword search [Cash et al.13, K.-Moataz17,…] • Range queries [Faber et al.14, Demertzis et al. 16,…] • Substring, wildcard, [Faber et al.14,…] • SQL databases [K.-Moataz18,…] • Graph databases [Chase-K.10,…] 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 But you want to start your climb at 8:00 am before the crowds arrive! 5 5 6 6 CSE 3402

1 But you want to start your climb at 8:00 am before the crowds arrive! 5 5 6 6 CSE 3402

CSE 3402: Intro to Artificial Intelligence CSE 3402: Intro to Artificial Intelligence Why Search Why Search Search I Search I Successful Required Readings: Chapter 3, Sec. 1-4. Success in game playing programs based on search.

529 views • 9 slides
Intro to FE funding and the ILR Agenda 13:30 The basics of EF A per learner and S F A (incl.

Intro to FE funding and the ILR Agenda 13:30 The basics of EF A per learner and S F A (incl.

Intro to FE funding and the ILR Intro to FE funding and the ILR 13:30 start 16:30 finish Nick Linford Director at Lsect Intro to FE funding and the ILR Agenda 13:30 The basics of EF A per learner and S F A (incl. apprenticeships) matrix

198 views • 15 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1 DISCLAIMER: THIS IS NOT FULLY-BAKED We just fleshed out this idea yesterday, so its hand-wavy. Insufficient analysis has been done. IETF 94 TLS 1.3

886 views • 11 slides
Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell

Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell

Get Found on Google: Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell Keyphraseology, LLC August 9, 2011 Session: 10028 Outline The Search Landscape How Search Engines Operate Accessibility

576 views • 46 slides
Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell

Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell

Get Found on Google: Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell Keyphraseology, LLC March 1, 2011 Session: 8793 Outline The Search Landscape How Search Engines Operate Accessibility

1.13k views • 43 slides
CS 730/830: Intro AI 1 handout: slides Are We Done? Beyond A* Suboptimal Search Anytime

CS 730/830: Intro AI 1 handout: slides Are We Done? Beyond A* Suboptimal Search Anytime

CS 730/830: Intro AI 1 handout: slides Are We Done? Beyond A* Suboptimal Search Anytime Search Real-time Search EOLQs Wheeler Ruml (UNH) Lecture 4, CS 730 1 / 24 EOLQs Are We Done? Beyond A* Suboptimal Search Anytime Search

501 views • 34 slides
Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security (600/650.624) Introduction Searching usually done over plaintext But what if we could search encrypted data? Bloom Filters Efficient

459 views • 30 slides
1/29/10 CSE 3402: Intro to Artificial Intelligence CSE 3402: Intro to Artificial Intelligence

1/29/10 CSE 3402: Intro to Artificial Intelligence CSE 3402: Intro to Artificial Intelligence

1/29/10 CSE 3402: Intro to Artificial Intelligence CSE 3402: Intro to Artificial Intelligence Heuristic Search. Heuristic Search. Informed Search I Informed Search I Required Readings: Chapter 3, Sections 5 and In uninformed

479 views • 8 slides
Get Found on Google: Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay

Get Found on Google: Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay

Get Found on Google: Search Engine Optimization (SEO) Basics & Technical Solutions Lindsay Wassell Keyphraseology March 13, 2012 Session: 10202 Outline The Search Landscape How Search Engines Operate Search Engine Optimization

616 views • 47 slides
How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k )

How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k )

How to Search on Encrypted Data SENY KAMARA MICROSOFT RESEARCH Encryption 2 Gen ( 1 k ) K Secure Communiation Enc ( K , m ) c Dec (K, c ) m Alice Bob Eve Encryption 3 Gen ( 1 k ) K Secure Storage Enc (

1.42k views • 84 slides
Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS Encrypted Search Trusted client Untrusted server Cat Fish Cat Dog Dog 2 Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted

983 views • 60 slides
CSC421 Intro to Artificial Intelligence UNIT 04: Local Search Review Heuristic functions

CSC421 Intro to Artificial Intelligence UNIT 04: Local Search Review Heuristic functions

CSC421 Intro to Artificial Intelligence UNIT 04: Local Search Review Heuristic functions estimate costs of shortest paths Good heuristics can dramatically reduce search cost Greedy best-first search expands lowest h Incomplete,

303 views • 13 slides
Heuristic Search Lucia Moura Winter 2018 Heuristic Search Lucia Moura Heuristic Search Intro

Heuristic Search Lucia Moura Winter 2018 Heuristic Search Lucia Moura Heuristic Search Intro

Heuristic Search Intro Design Strategies for Heuristic Algorithms Heuristic Searches Applied to Various Problems Heuristic Search Lucia Moura Winter 2018 Heuristic Search Lucia Moura Heuristic Search Intro Design Strategies for Heuristic

1.1k views • 75 slides
Designing a Training Program VIDEO #1 The Levels of Learning Framework 1. Levels of Learning

Designing a Training Program VIDEO #1 The Levels of Learning Framework 1. Levels of Learning

Designing a Training Program VIDEO #1 The Levels of Learning Framework 1. Levels of Learning 2. Designing and Running a Training Needs Analysis 3. Building an Individual and Overall Training Plan 4. Running Exceptional Training Sessions

643 views • 25 slides
SDES Eric Rescorla ekr@rtfm.com IETF 87 August 1, 2013 IETF 87 August 1, 2013 1 Overview

SDES Eric Rescorla ekr@rtfm.com IETF 87 August 1, 2013 IETF 87 August 1, 2013 1 Overview

SDES Eric Rescorla ekr@rtfm.com IETF 87 August 1, 2013 IETF 87 August 1, 2013 1 Overview Comparison of security properties DTLS and backward compatibility The bigger picture IETF 87 August 1, 2013 2 Security Properties wrt

338 views • 21 slides
2 Conservation in Proof Theory Michael Rathjen und Andreas Weiermann Department of Pure

2 Conservation in Proof Theory Michael Rathjen und Andreas Weiermann Department of Pure

0 2 Conservation in Proof Theory Michael Rathjen und Andreas Weiermann Department of Pure Mathematics, University of Leeds Vakgroep Zuivere Wiskunde en Computeralgebra, Universiteit Gent Festkolloquium anllich des 60. Geburtstages von

1.18k views • 96 slides
Leptogenesis in a spatially flat Milne-type universe. Ion I. Cotaescu Abstract The quantum

Leptogenesis in a spatially flat Milne-type universe. Ion I. Cotaescu Abstract The quantum

Leptogenesis in a spatially flat Milne-type universe. Ion I. Cotaescu Abstract The quantum electrodynamics on a spatially flat (1+3)-dimensional Friedmann- Lematre-Robertson-Walker space-time with a Milne-type scale factor is considered

755 views • 44 slides
BACKGROUND Major International and Domestic Tourist Destination Huge Growth in visitor

BACKGROUND Major International and Domestic Tourist Destination Huge Growth in visitor

BACKGROUND Major International and Domestic Tourist Destination Huge Growth in visitor numbers to Hahei and Hot Water Beach Comprehensive report by traffic consultants MWH in August 2016 Since then extensive discussion and

511 views • 30 slides
CM 38 -DAQ report Y. Karadzhov UNIGE - DPNC February 25, 2014 Y. Karadzhov (UNIGE - DPNC) CM

CM 38 -DAQ report Y. Karadzhov UNIGE - DPNC February 25, 2014 Y. Karadzhov (UNIGE - DPNC) CM

CM 38 -DAQ report Y. Karadzhov UNIGE - DPNC February 25, 2014 Y. Karadzhov (UNIGE - DPNC) CM 38 -DAQ report February 25, 2014 1 / 4 EMR cismic data Software EMR readout software was extensively tested exploating cosmics. Some minor bugs

71 views • 4 slides
What is Computer Security? CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey

What is Computer Security? CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey

What is Computer Security? CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2009 Week 1 Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 Week 1 1 / 38 The module Security in our Department

923 views • 58 slides
Acts 2:32 -38 This Jesus hath God raised up, whereof we all are witnesses. Therefore being by the

Acts 2:32 -38 This Jesus hath God raised up, whereof we all are witnesses. Therefore being by the

Acts 2:32 -38 This Jesus hath God raised up, whereof we all are witnesses. Therefore being by the right hand of God exalted, and having received of the Father the promise of the Holy Ghost, he hath shed forth this, which ye now see and hear. For

393 views • 12 slides

More recommend