metal
play

Metal A Metadata-Hiding File-Sharing System Weikeng Chen Raluca - PowerPoint PPT Presentation

Sep 26, 2022 •708 likes •1.17k views

Metal A Metadata-Hiding File-Sharing System Weikeng Chen Raluca Ada Popa UC Berkeley End-to-end encrypted file sharing Academia: DepSky, M-Aegis, Mylar, Plutus, ShadowCrypt, Sieve, SiRiUS Industry: Encryption is not enough: Metadata still

  1. Metal A Metadata-Hiding File-Sharing System Weikeng Chen Raluca Ada Popa UC Berkeley

  2. End-to-end encrypted file sharing Academia: DepSky, M-Aegis, Mylar, Plutus, ShadowCrypt, Sieve, SiRiUS Industry:

  3. Encryption is not enough: Metadata still leaks • User identities: who read or wrote a file • File access patterns: which file is being read or written

  4. Encryption is not enough: Metadata still leaks ACL: The attacker sees: Doctor, Alice • The doctor is accessing a file • The file is #1 #1 #2 #3 #1 • #1’s access control list Doctor Doctor

  5. An attack using file access patterns Cancer Heart Diabetes #1 #2 #3 Filenames are also encrypted Doctor

  6. An attack using file access patterns See counts of file access 1 Cancer Heart Diabetes #1 #2 #3 Read diabetes treatment Doctor Patient

  7. An attack using file access patterns See counts of file access 1 1 Cancer Heart Diabetes #1 #2 #3 Read cancer treatment Doctor Patient

  8. An attack using file access patterns Public database on disease incidence rate 239 37 877 Cancer Diabetes Heart 2.49 2. 49 ‰ 0. 0.39 39 ‰ 8. 8.61 61 ‰ Cancer Heart Diabetes #1 #2 #3 Doctor

  9. An attack using file access patterns Cancer Heart Diabetes Filenames inferred Cancer Heart Diabetes #1 #2 #3 Doctor

  10. Reveal a patient’s disease I saw Alice in the waiting room Cancer Heart Diabetes Cancer Heart Diabetes #1 #2 #3 Read a treatment Doctor Alice

  11. Reveal a patient’s disease Alice has cancer Cancer Heart Diabetes Cancer Heart Diabetes #1 #2 #3 Read a treatment Doctor Alice

  12. Encryption is not enough: Metadata still leaks • User identities: who read/wrote a file • File access patterns: which file is being read/written

  13. Existing solution: PIR-MCORAM [MMRS17] Single-server, secure against malicious users Scan all the files Lower bound: Single-server construction has linear server computation in # of files Example: Access a 64KB file in a million-file storage PIR-MCORAM’s amortized time > "# min

  14. Existing solution: Anonymous RAM [BHKP16] Assumes two semi-honest servers that do not collude Logarithmic overhead Server 1 Does not support file sharing Server 2 Expensive zero-knowledge proofs

  15. Metal Assumes two semi-honest servers that do not collude Logarithmic overhead Server 1 Support file sharing Server 2 Much faster 500 × faster than PIR-MCORAM and 20 × faster than AnonRAM

  16. Metal’s three components Anonymous access control See paper Permission sharing Oblivious storage with malicious users

  17. Metal’s threat model Server 1 Some users can be malicious Server 2

  18. Metal’s goals Any given access should be oblivious among all the files Privacy accessible by the honest users Efficiency

  19. Metal’s file layout Decryption key: Server 1 secret-shared between the two servers Server 2

  20. Secure two-party computation (S2PC) [Yao86] Input Output ! " # " Security guarantee: S2PC Each server only learns its own # 1 , # 2 = ((! 1 , ! 2 ) input and output Input Output ! + # +

  21. Our S2PC uses reactive Yao’s protocol … The S2PC is a continuous service , Stateful S2PC rather than a one-time computation …

  22. Strawman 1: All files in S2PC Read #1 #1 #3 #2 Security goal: • No server sees the file

  23. Strawman 1: All files in S2PC Read #1 #1 #3 #2 S2PC Security goal: • No server sees the file #1

  24. Strawman 1: All files in S2PC each bit Read #1 256 bits #1 #3 #2 S2PC Problem: Very large S2PC circuit #1

  25. Oblivious RAM [Goldreich86, Ostrovsky90] Access a file in a way that hides which file and is efficient I don’t know which file Read/write a file ORAM protocol ORAM Client ORAM Server The ORAM server only accesses log(N) files

  26. Strawman 2: S2PC + ORAM ORAM Client ? S2PC ORAM ORAM Server Client

  27. Strawman 2: S2PC + ORAM Read #1 S2PC Problem: Read #1. Still very large S2PC circuit ORAM (e.g., 75 s per access) ORAM Server Client ORAM protocol

  28. Technique: Synchronized inside-outside ORAM Observation: For efficiency, data should be outside S2PC Synchronize Small indices Big file data ORAM IndexORAM DataORAM Accessed by Accessed by Yao’s protocol public-key protocols Challenge: Synchronizing IndexORAM and DataORAM

  29. Encryption in DataORAM • Use ElGamal encryption • One can rerandomize a ciphertext using the public key Can be leveraged in designing oblivious protocols DataORAM

  30. ORAM access In ORAM, access to a file downloads data on a path Path ! ORAM Client ORAM Server

  31. Synchronized ORAM access in Metal Path ! ORAM Client IndexORAM

  32. Synchronized ORAM access in Metal Secret-share the position To Server 1 Path ! Pos (1) Pos = 2 Pos (2) To Server 2 ORAM Client The desired file IndexORAM

  33. Synchronized ORAM access in Metal Challenge: Pos (1) Obtains the data obliviously Pos (2) DataORAM

  34. Synchronized ORAM access in Metal Challenge: Pos (1) Obtains the data obliviously Uses secret-shared doubly oblivious transfer Pos (2) DataORAM A rerandomized ciphertext of the file

  35. Synchronized ORAM access in Metal Challenge: Pos (1) Obtains the data obliviously The two servers then run Pos (2) threshold decryption to return the plaintext data. DataORAM Only the user sees the data

  36. ORAM update The client updates the ORAM by reorganizing the files Path ! 1 , ! 2 ORAM Client ORAM Server

  37. Synchronized ORAM update in Metal Path ! 1 , ! 2 ORAM Client IndexORAM Challenge: securely apply the same update on DataORAM

  38. Technique: Tracking and permutation generation Old A B C --- --- the ORAM update can be expressed as a permutation New A --- B --- C Path ! 1 , ! 2 σ ORAM Client IndexORAM

  39. Synchronized ORAM update in Metal Secret-share the permutation Path ! 1 , ! 2 To Server 1 σ (1) σ σ (2) To Server 2 ORAM Client IndexORAM

  40. Synchronized ORAM update in Metal Challenge: σ (1) Applies the permutation, but hides the permutation Each server performs a secret share of permutation in turn σ (2) DataORAM

  41. Synchronized ORAM update in Metal Challenge: σ (1) Applies the permutation, but hides the permutation Applied σ (1) Each server performs a secret share of permutation in turn σ (2) Ciphertexts are rerandomized during the permutation. DataORAM Applied σ (2)

  42. Synchronized IndexORAM and DataORAM Synchronize IndexORAM DataORAM The two techniques improve over S2PC + ORAM by 20 ×

  43. Evaluation setup Metal is implemented in C/C++ using the Obliv-C platform [ZE15] Evaluation setup: Two servers, one in Northern California, one in Oregon • One client, in Canada •

  44. Metal’s file access latency The file access latency is within a few seconds 500 × faster than PIR-MCORAM and 20 × faster than AnonRAM

  45. Metal A Metadata-Hiding File-Sharing System www.oblivious.app Thank you!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WHO IS METAL PREP About Metal Prep One of the

WHO IS METAL PREP About Metal Prep One of the

WHO IS METAL PREP About Metal Prep One of the largest providers of hot rolled steel in North America Full service coil coater

462 views • 9 slides
Electronic Packaging Custom Metal Fabrication Custom Metal Fabrication Custom Metal Fabrication

Electronic Packaging Custom Metal Fabrication Custom Metal Fabrication Custom Metal Fabrication

Electronic Packaging Custom Metal Fabrication Custom Metal Fabrication Custom Metal Fabrication Custom Metal Fabrication Custom Metal Fabrication Machining Castings Extrusions Metal Injection Molding Custom Metal Fabrication Custom Metal

145 views • 11 slides
Gold (Precious Metal) Gold (Precious Metal) Gold is a precious metal, as are silver and the

Gold (Precious Metal) Gold (Precious Metal) Gold is a precious metal, as are silver and the

Gold (Precious Metal) Gold (Precious Metal) Gold is a precious metal, as are silver and the platinum group metals (platinum, palladium, rhodium, iridium, ruthenium and the extremely rare osmium). They are called precious metals because of

427 views • 40 slides
/ Ge and On the control of GeO 2 / Ge and metal/ Ge interfaces metal/ Ge interfaces toward

/ Ge and On the control of GeO 2 / Ge and metal/ Ge interfaces metal/ Ge interfaces toward

On the control of GeO 2 / Ge and On the control of GeO 2 / Ge and metal/ Ge interfaces metal/ Ge interfaces toward metal source/ drain Ge CMOS toward metal source/ drain Ge CMOS Akira Toriumi Department of Materials Engineering The

276 views • 25 slides
ZT METAL Inc. Ndran 505 Tel.: +420 373 340 811 Kralovice Fax: +420 373 340 810 331 41

ZT METAL Inc. Ndran 505 Tel.: +420 373 340 811 Kralovice Fax: +420 373 340 810 331 41

ZT METAL Inc. Ndran 505 Tel.: +420 373 340 811 Kralovice Fax: +420 373 340 810 331 41 ztmetal@ztmetal.cz Czech Republic www.ztmetal.cz ZT METAL Inc. basic information ZT Metal Inc. Kralovice is a private joint stock company. At

249 views • 7 slides
Metal Cutting (Machining) Metal cutting , commonly called machining , is the removal of unwanted

Metal Cutting (Machining) Metal cutting , commonly called machining , is the removal of unwanted

Metal Cutting (Machining) Metal cutting , commonly called machining , is the removal of unwanted portions from a block of material in the form of chips so as to obtain a finished product of desired size, shape, and finish. 1 Metal Cutting

633 views • 52 slides
in Ukraine: The role of the enabling environment for the basic metal and metal processing

in Ukraine: The role of the enabling environment for the basic metal and metal processing

Promoting economic diversity in Ukraine: The role of the enabling environment for the basic metal and metal processing industry Yaroslav Zhalilo Kiev, March 11, 2010 Where are the bottlenecks? The key factors of crisis in sector: Sharp

524 views • 13 slides
Metal Additive Manufacturing Technologies and Applications Overview Jim Snodgrass Metal AM

Metal Additive Manufacturing Technologies and Applications Overview Jim Snodgrass Metal AM

Metal Additive Manufacturing Technologies and Applications Overview Jim Snodgrass Metal AM Simplified MIM-Similar Powder Bed Fusion Directed Energy Deposition Other https://am-power.de/en/insights/ 2 TOMORROWS

1.02k views • 22 slides
Natural Metal Finishes by Boyd Waechter History of Natural Metal Finishes Floquil Bright

Natural Metal Finishes by Boyd Waechter History of Natural Metal Finishes Floquil Bright

Natural Metal Finishes by Boyd Waechter History of Natural Metal Finishes Floquil Bright Silver and Old Silver, Pactra Flat Aluminum - all enamels, none produce a true, realistic metal finish, pigments too coarse Liqua-A- Plate

706 views • 42 slides
64 bit Bare Metal Tristan Gingold Programming on RPI-3 gingold@adacore.com What is Bare Metal ?

64 bit Bare Metal Tristan Gingold Programming on RPI-3 gingold@adacore.com What is Bare Metal ?

64 bit Bare Metal Tristan Gingold Programming on RPI-3 gingold@adacore.com What is Bare Metal ? Images: Wikipedia No box What is Bare Metal ? No Operating System Your application is the OS Why Bare Board ? Not enough ressources for an

874 views • 31 slides
Metal - - screening screening Metal Thomas-Fermi (static) screening potential of point charge

Metal - - screening screening Metal Thomas-Fermi (static) screening potential of point charge

Metal - - screening screening Metal Thomas-Fermi (static) screening potential of point charge Fourier Coulomb renormalize Fourier - + Yukawa - Metal - - screening screening Metal static dielectric function singularity at 2k F

321 views • 5 slides
Advanced Sheet Metal Design Faster Steve Lynch Rapid Sheet Metal SOLIDWORKS Intro NESWUC

Advanced Sheet Metal Design Faster Steve Lynch Rapid Sheet Metal SOLIDWORKS Intro NESWUC

SOLIDWORKS Advanced Sheet Metal Advanced Sheet Metal Design Faster Steve Lynch Rapid Sheet Metal SOLIDWORKS Intro NESWUC 2012 Dedicated to quick turn prototype sheet metal parts 15 seats of SolidWorks 2013 CAD Quotes in

871 views • 64 slides
LPG b LPG base ased d High T High Ther herm Metal m Metal Cuttin Cutting g Gas Gas Dr.

LPG b LPG base ased d High T High Ther herm Metal m Metal Cuttin Cutting g Gas Gas Dr.

LPG b LPG base ased d High T High Ther herm Metal m Metal Cuttin Cutting g Gas Gas Dr. S.K. Hait IndianOil Presentation to Asia LPG Summit, Delhi What is Indane NANOCUT Indane NANOCUT is additized LPG with specific use for metal

481 views • 16 slides
Metal Carbonates Example of ligands that exist in different forms Consider CaCO 3 in a

Metal Carbonates Example of ligands that exist in different forms Consider CaCO 3 in a

CEE 680 Lecture #38 4/3/2020 Print version Updated: 3 April 2020 Lecture #38 Precipitation and Dissolution: Metal Carbonates & Hydroxides (Stumm & Morgan, Chapt.7) Benjamin; Chapter 8.7 8.15 David Reckhow CEE 680 #38 1 Metal

381 views • 7 slides
MUSC 666 Introduction to Metal Giovanni Viviani MUSC 666 Syllabus MUSC 666 Syllabus

MUSC 666 Introduction to Metal Giovanni Viviani MUSC 666 Syllabus MUSC 666 Syllabus

MUSC 666 Introduction to Metal Giovanni Viviani MUSC 666 Syllabus MUSC 666 Syllabus Topics Overview of Metal Very Brief History Metal Rock vs. Metal Short Overview of Metal Genres MUSC 666 Syllabus Topics Grading

909 views • 71 slides
HVAC DUCT CONSTRUCTION STANDARDS METAL AND FLEXIBLE THIRD EDITION 2005 SHEET METAL AND AIR

HVAC DUCT CONSTRUCTION STANDARDS METAL AND FLEXIBLE THIRD EDITION 2005 SHEET METAL AND AIR

HVAC DUCT CONSTRUCTION STANDARDS METAL AND FLEXIBLE THIRD EDITION 2005 SHEET METAL AND AIR CONDITIONING CONTRACTORS NATIONAL ASSOCIATION, INC. 4201 Lafayette Center Drive Chantilly, VA 201511209 www.smacna.org 1_w in. wg Static

1.28k views • 82 slides
Lecture 8 Authorities and Metadata mapping in practice i290-rmm Patrick Schmitz

Lecture 8 Authorities and Metadata mapping in practice i290-rmm Patrick Schmitz

Lecture 8 Authorities and Metadata mapping in practice i290-rmm Patrick Schmitz Authorities Enable term control (consistent usage/reference) In object, procedural, and media support records In other authority records (persons

762 views • 17 slides
Software Citation: Principles, Discussion, and Metadata Daniel S. Katz Associate Director for

Software Citation: Principles, Discussion, and Metadata Daniel S. Katz Associate Director for

Software Citation: Principles, Discussion, and Metadata Daniel S. Katz Associate Director for Scientific Software & Applications, NCSA Research Associate Professor, ECE Research Associate Professor, iSchool dskatz@illinois.edu,

506 views • 19 slides
Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle Wi Within a a S Swi witch

Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle Wi Within a a S Swi witch

Pa PacketScope: : Monit itorin ing the Pac acket Li Lifecycle Wi Within a a S Swi witch Ross Teixeira (Princeton) Rob Harrison (United States Military Academy) Arpit Gupta (UC Santa Barbara) Jennifer Rexford (Princeton) Ou Outline

335 views • 18 slides
SmartStore: A New Metadata Organization Paradigm with Semantic-Awareness for Paradigm with

SmartStore: A New Metadata Organization Paradigm with Semantic-Awareness for Paradigm with

Supercomputing 2009 SmartStore: A New Metadata Organization Paradigm with Semantic-Awareness for Paradigm with Semantic-Awareness for Next-Generation File Systems Yu Hua Hong Jiang Yifeng Zhu Dan Feng Lei Tian 1 Outline Outline

795 views • 27 slides
Eurec ecom om-Polito te team Presented by: Authors: Elena Baralis Benoit Huet Bernard

Eurec ecom om-Polito te team Presented by: Authors: Elena Baralis Benoit Huet Bernard

TRECVID 2017 Hyperlinking task Eurec ecom om-Polito te team Presented by: Authors: Elena Baralis Benoit Huet Bernard Merialdo Paolo Garza (EURECOM) (EURECOM) Mohammad Reza Kavoosifar huet@eurecom.fr (Politecnico di Torino)

441 views • 15 slides
Re Relig ligio ion (plus us a bri rief sidebar r on age) Elicit licitat atio ion &

Re Relig ligio ion (plus us a bri rief sidebar r on age) Elicit licitat atio ion &

Re Relig ligio ion (plus us a bri rief sidebar r on age) Elicit licitat atio ion & & metadat adata a David Bowie University of Alaska Anchorage LSA 2012 4 January 2012 The linguistic (un)importance of religion

531 views • 21 slides
Image Data Stephen Bailey Instructor DataCamp Biomedical Image Analysis in Python Biomedical

Image Data Stephen Bailey Instructor DataCamp Biomedical Image Analysis in Python Biomedical

DataCamp Biomedical Image Analysis in Python BIOMEDICAL IMAGE ANALYSIS IN PYTHON Image Data Stephen Bailey Instructor DataCamp Biomedical Image Analysis in Python Biomedical imaging: more than a century of discovery 1895 2017 DataCamp

469 views • 26 slides
I Let You Know Who Can See What Xuemeng Song , Xiang Wang , Liqiang Nie , Xiangnan He

I Let You Know Who Can See What Xuemeng Song , Xiang Wang , Liqiang Nie , Xiangnan He

A Personal Privacy Preserving Framework: I Let You Know Who Can See What Xuemeng Song , Xiang Wang , Liqiang Nie , Xiangnan He , Zhumin Chen , Wei Liu $ School of Computer Science and Technology, Shandong University

379 views • 37 slides

More recommend