forward private searchable symmetric encryption with
play

Forward Private Searchable Symmetric Encryption with Optimized I/O - PowerPoint PPT Presentation

Aug 30, 2022 •258 likes •551 views

Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency Changyu Dong <changyu.dong@newcastle.ac.uk> Joint work with Xiangfu Song, Dandan Yuan, Qiuliang Xu, Minghao Zhao Motivation: Data Outsourcing Explosive

  1. Forward Private Searchable Symmetric Encryption with Optimized I/O Efficiency Changyu Dong <changyu.dong@newcastle.ac.uk> Joint work with Xiangfu Song, Dandan Yuan, Qiuliang Xu, Minghao Zhao

  2. Motivation: Data Outsourcing Explosive growth in enterprise data storage needs grow 52% per year [Forrester Research] escalating storage management costs: $9,555/TB/year [Forrester Research] Increased importance of data availability and business continuity remote backup to prevent data loss in disasters like 9.11 Here they come to help you! Amazon, Google, IBM, Microsoft, HP . . . . . . by providing cheap-as-chips data storage outsourcing service. changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 2 / 25

  3. You Don’t Trust Them, Do You? You might save money, you might get better fault-tolerance, you might even get better performance. But how about data confidentiality and privacy? Do you really want someone else to see and control all your sensitive data? A True Story In Oct 2003, a woman in Pakistan obtained sensitive patient documents from the University of California, San Francisco, Medical Centre through a medical transcription subcontractor that she worked for, and she threatened to post the files on the Internet unless she was paid more money. “Your patient records are out in the open... so you better track that person and make him pay my dues.” – San Francisco Chronicle (October 22, 2003) changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 3 / 25

  4. Question How do we store sensitive data on an untrusted server? Answer Encrypt the data before sending it to the server hides all information about data the server performs only basic I/O functions and has no knowledge of what is stored But users must download all data, decrypt and perform operations locally Can we let the server do more? changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 4 / 25

  5. Searchable Encryption Typical scenario: User has a collection of data items that each associates with a set of keywords, e.g. “new iPhone design”, “list of CIA agents” The data items and keywords are encrypted before sending to the server Functionality: the server should support the following type of queries: “Find all data items that contain a given keyword” Confidentiality: Allow the server to help, but reveal as little information as possible First paper published in 2000, now 7,270 results in Google scholar (Feb, 2019) changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 5 / 25

  6. Query Privacy The server should not know the plaintext of keywords being queried. adversary Client keyword token Server changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 6 / 25

  7. File Injection Attack In USENIX Security 2016, Zhang et.al. showed that query privacy can be totally broken by a file injection attack. tokens submitted in previous queries adversary Client Server changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 7 / 25

  8. File Injection Attack In USENIX Security 2016, Zhang et.al. showed that query privacy can be totally broken by a file injection attack. tokens submitted in previous queries adversary Client Server changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 7 / 25

  9. File Injection Attack In USENIX Security 2016, Zhang et.al. showed that query privacy can be totally broken by a file injection attack. tokens submitted in previous queries adversary Client Server changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 7 / 25

  10. File Injection Attack In USENIX Security 2016, Zhang et.al. showed that query privacy can be totally broken by a file injection attack. tokens submitted in previous queries adversary Client Server changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 7 / 25

  11. <latexit sha1_base64="CqDSDieBjbwNIQYnHQ0d32fBws=">ACGnicbVC7SgNBFL0bXzG+opZpFoNgFXZtBGDNpYRzAOSEGZnb5Ihsw9m7ophCeh/2NvqL9iI2Nr4B36Gk0ehiQcGDufcO4d7vFgKTY7zZWldW17LruY3Nre2d/O5eTUeJ4ljlkYxUw2MapQixSoIkNmKFLPAk1r3B5div36LSIgpvaBhjO2C9UHQFZ2SkTr7QIryjyT+pQn+Utngf+SBgajDq5ItOyZnAXiTujBTP3Jn9wBQ6eS/W37EkwBD4pJp3XSdmNopUyS4xFGulWiMGR+wHjYNDVmAup1Owkf2oVF8uxsp80KyJ+rvjZQFWg8Dz0wGjPp63huL/3qazDVD5c/lU/e0nYowTghDPo3vJtKmyB73ZPtCISc5NIRxJcwFNu8zxTiZNnOmGne+iEVSOy65Tsm9dovlC5giCwU4gCNw4QTKcAUVqAKHB3iCZ3ixHq1X6936mI5mrNnOPvyB9fkDqZqkZA=</latexit> <latexit sha1_base64="gaTbvwFZxbUVT0Os97s7ji67zmA=">ACGnicbVC7SgNBFJ31GdfXqmWaxSBYhV0bcSgjWUE84BsCLOzN8mQ2Qczd8WwpPA/7Cxs9RdsRGwF8Q/8DCebFJp4YOBwzr1zuMdPBFfoOF/GwuLS8spqYc1c39jc2rZ2dusqTiWDGotFLJs+VSB4BDXkKCZSKChL6DhDy7GfuMGpOJxdI3DBNoh7UW8yxlFLXWsodwi/k/mYRglHmsD2wQUjkYdaySU3Zy2PEnZLS2at5mjx8mtWO9e0FMUtDiJAJqlTLdRJsZ1QiZwJGpcqSCgb0B60NI1oCKqd5eEj+0Argd2NpX4R2rn6eyOjoVLD0NeTIcW+mvXG4r+eQn3NUAYz+dg9aWc8SlKEiE3iu6mwMbHPdkBl8BQDWhTHJ9gc36VFKGuk1TV+POFjFP6kdl1ym7V26pck4mKJAi2SeHxCXHpEIuSZXUCN35JE8kWfj3ngx3oz3yeiCMd3ZI39gfPwAuyGl2A=</latexit> <latexit sha1_base64="gaTbvwFZxbUVT0Os97s7ji67zmA=">ACGnicbVC7SgNBFJ31GdfXqmWaxSBYhV0bcSgjWUE84BsCLOzN8mQ2Qczd8WwpPA/7Cxs9RdsRGwF8Q/8DCebFJp4YOBwzr1zuMdPBFfoOF/GwuLS8spqYc1c39jc2rZ2dusqTiWDGotFLJs+VSB4BDXkKCZSKChL6DhDy7GfuMGpOJxdI3DBNoh7UW8yxlFLXWsodwi/k/mYRglHmsD2wQUjkYdaySU3Zy2PEnZLS2at5mjx8mtWO9e0FMUtDiJAJqlTLdRJsZ1QiZwJGpcqSCgb0B60NI1oCKqd5eEj+0Argd2NpX4R2rn6eyOjoVLD0NeTIcW+mvXG4r+eQn3NUAYz+dg9aWc8SlKEiE3iu6mwMbHPdkBl8BQDWhTHJ9gc36VFKGuk1TV+POFjFP6kdl1ym7V26pck4mKJAi2SeHxCXHpEIuSZXUCN35JE8kWfj3ngx3oz3yeiCMd3ZI39gfPwAuyGl2A=</latexit> <latexit sha1_base64="l1yux3LEBCNHf8OWsTBjZWP/ykQ=">ACGnicbVC7TsNAEDyHVwgvA2UaiwiJKrJpoIygoQwSeUhJFJ3Pm+SUO9u6WyMiywX/QU8Lv0CHaGn4Az6Di+MCEkY6aTSze6MdPxZco+t+WaW19Y3NrfJ2ZWd3b/APjxq6yhRDFosEpHq+lSD4CG0kKOAbqyASl9Ax59ez/3OPSjNo/AOZzEMJB2HfMQZRSMN7Wof4QHzf1IFQZb2QTYVFI1zYZ2za27OZxV4hWkRgo0h/Z3P4hYIiFEJqjWPc+NcZBShZwJyCr9RENM2ZSOoWdoSCXoQZqHZ86pUQJnFCnzQnRy9fdGSqXWM+mbSUlxope9ufivp9FcM1PBUj6OLgcpD+MEIWSL+FEiHIyceU9OwBUwFDNDKFPcXOCwCVWUoWmzYqrxlotYJe3zufWvVuv1rgqSiqTKjkhZ8QjF6RBbkiTtAgj+SZvJBX68l6s96tj8VoySp2jskfWJ8/EsSilw=</latexit> File Injection Attack In USENIX Security 2016, Zhang et.al. showed that query privacy can be totally broken by a file injection attack. adversary tokens submitted in previous queries X changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 7 / 25

  12. Forward Privacy Informally, the adversary should not be able to link newly inserted file in anyway to previous search queries until the link being revealed in a future search query adversary tokens submitted in previous queries changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 8 / 25

  13. Prior Work on Forward Private Searchable Encryption Chang and Mitzenmacher 2005 search query size grows linearly in the number of updates, communication cost for the search will eventually become unacceptable. Stefanov et al. 2014, Garg et al. 2016, Hoang et al. 2016 use ORAM like structures communication cost is too high not practical Sophos (Bost, CCS 2016) first practical scheme communication complexity is optimal ✓ search operation is public key based (slow) ✗ slow I/O due to access (read & write) to storage media is random ✗ changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 9 / 25

  14. I/O Efficiency More to read Random access Slow Slow Less to read sequential access fast fast changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 10 / 25

  15. Our Contributions FAST ( F orward priv A te searchable S ymmetric encryp T ion): Uses only symmetric key crypto FASTIO (FAST + I /O O ptimized): as the name suggests. changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 11 / 25

  16. How Forward Privacy was Achieved in Sophos? The client stores a state, and update it every time inserting a new file. When inserting a new file, the client also inserts an index entry (to enable search) The state is used as an input to encrypt the index entry The search token is essentially the latest state The server can compute all previous states from the token Each state matches the corresponding index entry. The function to update the state is public key based: The server who has the public key can only go backward to the previous states of the given one – but not to later states Only the client can evolve the state forward using the private key. changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 12 / 25

  17. How Forward Privacy was Achieved in Sophos? tokens submitted in previous queries st1 adversary Client st2 st3 st4 st4 Server st4 st1 st2 st3 st4 changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 13 / 25

  18. How About Symmetric Key Crypto? There is only one key, not two So Bost’s strategy cannot be migrated to symmetric key crypto. changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 14 / 25

  19. How did we solve it? changyu.dong@newcastle.ac.uk Changyu Dong, Newcastle University 15 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FORWARD PRIVATE SEARCHABLE ENCRYPTION &amp; BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE

FORWARD PRIVATE SEARCHABLE ENCRYPTION &amp; BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE

FORWARD PRIVATE SEARCHABLE ENCRYPTION &amp; BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE Searchable Encryption Outsource data securely keep search functionalities Generic Solutions Fully Homomorphic Encryption, MPC, ORAM

578 views • 37 slides
Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice Minaud RHUL ISG seminar, November 24th 2016 Plan 1. Symmetric Searchable Encryption. 2. Leakage and Forward-Privacy. 3. Sophos and Diane schemes. 4.

479 views • 45 slides
Searchable Symmetric Encryption Seny Kamara Advanced Topics in Network Security Spring 2006 1

Searchable Symmetric Encryption Seny Kamara Advanced Topics in Network Security Spring 2006 1

Searchable Symmetric Encryption Seny Kamara Advanced Topics in Network Security Spring 2006 1 Yesterday Motivation for searchable encryption First SSE scheme [SWP00] Attacks on [SWP00] Conjunctive SSE [GSW04,PKL04,BKM05] 2

703 views • 24 slides
Dynamic Searchable M. Naveed, Encryption via Blind M. Prabhakaran, C.A. Gunter Storage

Dynamic Searchable M. Naveed, Encryption via Blind M. Prabhakaran, C.A. Gunter Storage

Dynamic Searchable M. Naveed, Encryption via Blind M. Prabhakaran, C.A. Gunter Storage Presented by: Keegan Sherman and Pardeep Banwait Searchable Symmetric Encryption Allows a user to store a collection of encrypted documents and

350 views • 24 slides
Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee

Backward Secure Dynamic Searchable Symmetric Encryption with Efficient Updates Hyung Tae Lee Chonbuk National University, Republic of Korea June 14, 2019@ Workshop on Modern Trends in Cryptography Table of contents 1. Introduction 2.

537 views • 25 slides
Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced

Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced

Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced Allocations Gilad Asharov Cornell-Tech (Hebrew University) Moni Naor Weizmann Gil Segev

827 views • 56 slides
Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced

Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced

Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced Allocations Gilad Asharov IBM Research Moni Naor Weizmann Gil Segev Hebrew

1.01k views • 42 slides
The Locality of Searchable Symmetric Encryption David Cash Stefano Tessaro Rutgers U UC Santa

The Locality of Searchable Symmetric Encryption David Cash Stefano Tessaro Rutgers U UC Santa

The Locality of Searchable Symmetric Encryption David Cash Stefano Tessaro Rutgers U UC Santa Barbara 1 Outsourced storage and searching Browser only downloads documents matching query. Avoids downloading all 6 GB. 2 End-to-end

477 views • 47 slides
Searchable Encryption Prepared for 600.624 February 9, 2006 Outline Motivation of

Searchable Encryption Prepared for 600.624 February 9, 2006 Outline Motivation of

Searchable Encryption Prepared for 600.624 February 9, 2006 Outline Motivation of Searchable Encryption Searchable Encryption Constructions of Song, Wagner and Perrig Discussion Related Work Conjunctive Keyword

753 views • 51 slides
Dynamic Searchable Symmetric Encryption DSSE INTRODUCTION TO CYBER SECURITY ESTR 4306 | LIU

Dynamic Searchable Symmetric Encryption DSSE INTRODUCTION TO CYBER SECURITY ESTR 4306 | LIU

Dynamic Searchable Symmetric Encryption DSSE INTRODUCTION TO CYBER SECURITY ESTR 4306 | LIU YICUN Motivating Problem The clients want a encrypted database which can update dynamically. The clients want to do the updates without re-encrypting

898 views • 25 slides
in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan

in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan

How to Update Documents Verifiably in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan Outline (1) Introduction (2) Our (previous) verifiable SSE scheme (3) Extend it to a dynamic SSE scheme (but

1.13k views • 70 slides
Tight Tradeoffs in Searchable Symmetric Encryption Gilad Asharov Gil Segev Ido Shahaf Cornell

Tight Tradeoffs in Searchable Symmetric Encryption Gilad Asharov Gil Segev Ido Shahaf Cornell

Tight Tradeoffs in Searchable Symmetric Encryption Gilad Asharov Gil Segev Ido Shahaf Cornell Hebrew Hebrew Tech University University The Efficiency of SSE [CT14] 2 Existing Schemes and Lower Bounds Space Locality Read efficiency

649 views • 12 slides
Efficient Dynamic Searchable Encryption with Forward Privacy Mohammad Alptekin Charalampos

Efficient Dynamic Searchable Encryption with Forward Privacy Mohammad Alptekin Charalampos

Efficient Dynamic Searchable Encryption with Forward Privacy Mohammad Alptekin Charalampos David Kp Etemad Papamanthou Evans Efficient Dynamic Searchable Encryption with Forward Privacy Etemad, Kp , Papamanthou, Evans, PETS

1.57k views • 90 slides
Searching on/Testing Encrypted Data Lecture 23 Searchable Encryption Searchable Encryption A

Searching on/Testing Encrypted Data Lecture 23 Searchable Encryption Searchable Encryption A

Searching on/Testing Encrypted Data Lecture 23 Searchable Encryption Searchable Encryption A test key T w that allows one to test if Dec SK (C) = w Searchable Encryption A test key T w that allows one to test if Dec SK (C) = w No other

1.62k views • 116 slides
Seny Kamara Tarik Moataz Bob 2 Bob 2 I cant search! Bob 2 Many Approaches Stream

Seny Kamara Tarik Moataz Bob 2 Bob 2 I cant search! Bob 2 Many Approaches Stream

Boolean Searchable Symmetric Encryption with Worst-Case Sub-Linear Complexity Seny Kamara Tarik Moataz Bob 2 Bob 2 I cant search! Bob 2 Many Approaches Stream ciphers [SWP00] Bucketing [HILM02] Structured and searchable

1.2k views • 104 slides
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D

SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = ( K , E , D ) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct decryption requirement More

1.19k views • 53 slides
Riemannian manifolds with nontrivial Limbeek local symmetry Wouter van Limbeek University of

Riemannian manifolds with nontrivial Limbeek local symmetry Wouter van Limbeek University of

Riemannian manifolds with nontrivial local symmetry Wouter van Riemannian manifolds with nontrivial Limbeek local symmetry Wouter van Limbeek University of Chicago limbeek @ math.uchicago.edu 21 October 2012 The problem Riemannian

705 views • 33 slides
4.4 Symmetric Groups Farid Aliniaeifard York University &lt;http://math.yorku.ca/~faridanf/&gt;

4.4 Symmetric Groups Farid Aliniaeifard York University &lt;http://math.yorku.ca/~faridanf/&gt;

4.4 Symmetric Groups Farid Aliniaeifard York University &lt;http://math.yorku.ca/~faridanf/&gt; June 18, 2015 Overview 3.3 is the unique indecomposable PSH 4.4 Symmetric Groups 3.3 is the unique indecomposable PSH Goal: If A has

743 views • 14 slides
Permutations, Card Shuffling, and Representation Theory Franco Saliola, Universit du Qubec

Permutations, Card Shuffling, and Representation Theory Franco Saliola, Universit du Qubec

Permutations Card Shuffling Representation theory Permutations, Card Shuffling, and Representation Theory Franco Saliola, Universit du Qubec Montral Based on joint work with: Victor Reiner, University of Minnesota Volkmar Welker,

1.71k views • 146 slides
Symmetry in SAT (and ASP and CP): Breaking the right symmetries Bart Bogaerts Aalto University

Symmetry in SAT (and ASP and CP): Breaking the right symmetries Bart Bogaerts Aalto University

Symmetry in SAT (and ASP and CP): Breaking the right symmetries Bart Bogaerts Aalto University December 8, 2015 1 / 43 Main Reference Jo Devriendt, Bart Bogaerts, and Maurice Bruynooghe. BreakIDGlucose: On the importance of row symmetry. In

468 views • 43 slides
Coxeter groups and Artin groups Day 1: Polytopes and Reflection Groups Jon McCammond (U.C. Santa

Coxeter groups and Artin groups Day 1: Polytopes and Reflection Groups Jon McCammond (U.C. Santa

Coxeter groups and Artin groups Day 1: Polytopes and Reflection Groups Jon McCammond (U.C. Santa Barbara) 1 Overview The plan is to spend two days on (topics related to) Coxeter groups, and two days on (topics related to) Artin groups.

728 views • 25 slides
Graph Basics Lecturer: Shi Li Department of Computer Science and Engineering University at

Graph Basics Lecturer: Shi Li Department of Computer Science and Engineering University at

CSE 431/531: Analysis of Algorithms Graph Basics Lecturer: Shi Li Department of Computer Science and Engineering University at Buffalo Outline Graphs 1 Connectivity and Graph Traversal 2 Testing Bipartiteness Topological Ordering 3 2/28

475 views • 28 slides
Toward classification of biharmonic homogeneous hypersurfaces in compact symmetric spaces Takashi

Toward classification of biharmonic homogeneous hypersurfaces in compact symmetric spaces Takashi

Toward classification of biharmonic homogeneous hypersurfaces in compact symmetric spaces Takashi Sakai Tokyo Metropolitan University &amp; OCAMI 2019 Workshop on the Isoparametric Theory Beijin Normal University, Beijin

768 views • 31 slides
Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function,

Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function,

Symmetric-Key Encryption: constructions Lecture 4 OWF , PRG, Stream Cipher One-Way Function, RECALL Hardcore Predicate One-Way Function, RECALL Hardcore Predicate f k : {0,1} k {0,1} n(k) is a one-way function (OWF) if f is polynomial

3.06k views • 96 slides

More recommend