revisiting leakage abuse attacks
play

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara - PowerPoint PPT Presentation

Nov 15, 2023 •367 likes •983 views

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS Encrypted Search Trusted client Untrusted server Cat Fish Cat Dog Dog 2 Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted

  1. Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI 
 SYSTEMS

  2. Encrypted Search Trusted client Untrusted server Cat Fish Cat Dog Dog 2

  3. Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted server Index Dog Dog Secret key 3

  4. Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted server Index Dog Dog Cat Secret key 3

  5. Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted server Index Dog Dog Cat Secret key Cat Cat Dog 3

  6. Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted server Index Dog Dog Cat Secret key Cat Cat Dog 4

  7. Encrypted Search Setup Leakage 
 L S Cat Fish Encrypted Trusted client Cat Untrusted server Index Dog Dog Cat Secret key Cat Cat Dog 4

  8. Encrypted Search Setup Leakage 
 L S Cat Fish Encrypted Trusted client Cat Untrusted server Index Dog Dog Cat Secret key Query Leakage 
 Cat Cat L Q Dog 4

  9. Query Leakage Terminology • Query equality pattern (qeq) • If and when the search is the same (search pattern) • Response identity pattern (rid) • The file identifiers matching the query (access pattern) • Co-occurrence pattern (co-occ) • The number of files shared by any two queries • Response length pattern (rlen) • The number of files matching a query • Volume pattern (vol) / Total volume pattern (tvol) • The number of bits of each file / the sum of file sizes in bits 5

  10. Q : do we leak all of these patterns “at once”? 6

  11. Encrypted Search Primitives Property-Preserving Functional Structured Encryption Encryption (PPE) Encryption (STE) Oblivious RAM Fully-Homomorphic (ORAM) Encryption (FHE) 7

  12. Encrypted Search Primitives Property-Preserving Functional Structured Encryption Encryption (PPE) Encryption (STE) Oblivious RAM Fully-Homomorphic (ORAM) Encryption (FHE) 7

  13. Encrypted Search STE- & ORAM- based schemes co-occ qeq vol rid rlen tvol 8

  14. Encrypted Search Baseline STE STE- & ORAM- based schemes co-occ qeq vol rid rlen tvol 8

  15. Encrypted Search Baseline STE STE- & ORAM- based schemes Semi-ORAM co-occ qeq vol rid rlen tvol 8

  16. Encrypted Search Baseline STE STE- & ORAM- based schemes Semi-ORAM co-occ qeq OPQ STE [this work] vol rid rlen tvol 8

  17. Encrypted Search Baseline STE STE- & ORAM- based schemes Semi-ORAM co-occ qeq OPQ STE [this work] vol rid rlen Full ORAM tvol 8

  18. Q : can we use the disclosed leakage to recover user’s data? 9

  19. Leakage Attacks Input Output Leakage Attack One or more User’s query or leakage pattern data recovery • Type of adversary Assumptions • Type of auxiliary data • Type of actions • … 10

  20. Leakage Attacks Assumptions 11

  21. Leakage Attacks Assumptions • Adversarial model • persistent: needs encrypted index, documents and queries • snapshot: needs encrypted index and documents 11

  22. Leakage Attacks Assumptions • Adversarial model • persistent: needs encrypted index, documents and queries • snapshot: needs encrypted index and documents • Auxiliary information • known sample: needs sample from same distribution • known data: needs actual data or/and user queries • δ : fraction of adversarially-known data 11

  23. Leakage Attacks Assumptions • Adversarial model • persistent: needs encrypted index, documents and queries • snapshot: needs encrypted index and documents • Auxiliary information • known sample: needs sample from same distribution • known data: needs actual data or/and user queries • δ : fraction of adversarially-known data • Passive vs. active • injection (chosen-data): needs to inject data 11

  24. Leakage Attacks IKK Attack [Islam-Kuzu-Kantarcioglu12] Input Output IKK Attack Query recovery co-occ 12

  25. Leakage Attacks IKK Attack [Islam-Kuzu-Kantarcioglu12] Input Output IKK Attack Query recovery co-occ • Persistent adversary Assumptions • Passive • Known sample * • Known queries 12

  26. Leakage Attacks IKK Attack [Islam-Kuzu-Kantarcioglu12] Input Output IKK Attack Query recovery co-occ Vulnerable • Persistent adversary Assumptions schemes • Passive • Baseline STE • Known sample * • Semi-ORAM • Known queries 12

  27. Leakage Attacks Count Attack [Cash-Grubbs-Perry-Ristenpart15] Input Output Count Attack Query recovery co-occ + rlen 13

  28. Leakage Attacks Count Attack [Cash-Grubbs-Perry-Ristenpart15] Input Output Count Attack Query recovery co-occ + rlen Assumptions • Persistent adversary • Passive • Known data 13

  29. Leakage Attacks Count Attack [Cash-Grubbs-Perry-Ristenpart15] Input Output Count Attack Query recovery co-occ + rlen Vulnerable Assumptions • Persistent adversary schemes • Baseline STE • Passive • Semi-ORAM • Known data 13

  30. Impact of IKK & Count • “For example, IKK demonstrated that by observing accesses to an encrypted email repository, an adversary can infer as much as 80% of the search queries” • “It is known that access patterns, to even encrypted data, can leak sensitive information such as encryption keys [IKK]” • “A recent line of attacks […,Count,…] has demonstrated that such access pattern leakage can be used to recover significant information about data in encrypted indices. For example, some attacks can recover all search queries [Count,…] …” 14

  31. A closer look at IKK & Count attacks 15

  32. Non-trivial limitations 0.2 • High known-data rates 0.15 • Count v1 requires more than 80% and 5% of the queries Frequency • IKK requires more than 95% and 5% of the queries 0.1 SU dataset • Count v2 requires more than 60% M-MU dataset L-MU dataset • Practical vs. Theoretical? 0.05 • Low-vs. high selectivity keywords • Experiments all run on high-selectivity keywords 0 0 2000 4000 6000 8000 10000 • Keywords that are frequent in the user’s data Keywords rank • Re-ran on low-selectivity keywords and failed High- Pseudo-low Low • Both exploit co-occurrence selectivity selectivity selectivity ( ≥ 13) • relatively easy to hide (using OPQ SSE) (10-13) (1-2) 16

  33. Q : can we de better than IKK & Count? 17

  34. Summary of our Attacks Known-Data attacks 18

  35. Summary of our Attacks Known-Data attacks Subgrap ID rid Query recovery Attack 18

  36. Summary of our Attacks Vulnerable schemes Known-Data attacks • Baseline STE • Semi-ORAM Subgrap ID rid Query recovery Attack 18

  37. Summary of our Attacks Vulnerable schemes Known-Data attacks • Baseline STE • Semi-ORAM Subgrap ID rid Query recovery Attack • Baseline STE • Semi-ORAM Subgraph VL vol Query recovery Attack 18

  38. Summary of our Attacks Vulnerable schemes Known-Data attacks • Baseline STE • Semi-ORAM Subgrap ID rid Query recovery Attack • Baseline STE • Semi-ORAM Subgraph VL vol Query recovery Attack • Baseline STE • Semi-ORAM VolAn & • OPQ STE tvol Query recovery SelVolAn • Full ORAM Attacks 18

  39. Summary of our Attacks Injection attacks Vulnerable schemes • Baseline STE • Semi-ORAM Decoding & • OPQ STE tvol Query recovery Binary • Full ORAM attacks First injection attack was by [Zhang-Katz-Papamanthou16] and 
 works against Baseline STE and Semi-ORAM 19

  40. The Subgraph VL Attack 20

  41. The Subgraph VL Attack • Let K ⊆ D be set of known documents • K = (K 2 , K 4 ) and D = (D 1 , …, D 4 ) 21

  42. The Subgraph VL Attack • Let K ⊆ D be set of known documents • K = (K 2 , K 4 ) and D = (D 1 , …, D 4 ) Known Graph vol(K 4 ) vol(K 2 ) w 1 w 4 w 5 21

  43. The Subgraph VL Attack • Let K ⊆ D be set of known documents • K = (K 2 , K 4 ) and D = (D 1 , …, D 4 ) Observed Graph Known Graph vol(K 4 ) vol(D 1 ) vol(D 2 ) vol(D 3 ) vol(D 4 ) vol(K 2 ) w 1 w 4 q 1 q 4 w 5 q 2 q 3 q 5 21

  44. The Subgraph VL Attack • We need to match q i to some w j • The volumes are the ground of truth Observed Graph Known Graph vol(D 1 ) vol(D 2 ) vol(D 3 ) vol(D 4 ) vol(K 4 ) vol(K 2 ) q 1 q 4 w 1 w 4 q 2 q 3 q 5 w 5 22

  45. The Subgraph VL Attack • Observations : if q i = w j then • N(w j ) ⊆ N(q i ) and #N(w j ) ≈ δ . #N(q i ) Observed Graph Known Graph vol(D 1 ) vol(D 2 ) vol(D 3 ) vol(D 4 ) vol(K 4 ) vol(K 2 ) q 1 q 4 w 1 w 4 q 2 q 3 q 5 w 5 23

  46. The Subgraph VL Attack • Each query q starts with a candidate set C q = 𝕏 remove all words s.t. either N(w j ) ⊈ N(q i ) or #N(w j ) ≉ δ . N(q i ) • N(q 1 ) = C(q 1 ) ={w 4 ,w 5 ,w 1 } N(w 4 ) = N(q 2 ) = N(w 5 ) = N(q 3 ) = C(q 4 ) = {w 4 ,w 5 ,w 1 } N(w 1 ) = N(q 4 ) = C(q 5 ) ={w 4 ,w 5 ,w 1 } N(q 5 ) = Known Graph 24 Candidate Sets Observed Graph

  47. The Subgraph VL Attack • Each query q starts with a candidate set C q = 𝕏 remove all words s.t. either N(w j ) ⊈ N(q i ) or #N(w j ) ≉ δ . N(q i ) • N(q 1 ) = C(q 1 ) ={w 4 ,w 5 ,w 1 } C(q 1 ) ={w 1 } N(w 4 ) = N(q 2 ) = N(w 5 ) = N(q 3 ) = C(q 4 ) = {w 4 ,w 5 ,w 1 } N(w 1 ) = N(q 4 ) = C(q 5 ) ={w 4 ,w 5 ,w 1 } N(q 5 ) = Known Graph 24 Candidate Sets Observed Graph

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &

836 views • 45 slides
Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson eprint 2019/011 and IEEE S&P 2019. (also eprint 2018/965, CCS 2018.) AriC crypto seminar, ENS

651 views • 48 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque

Revisiting Lattice Attacks on overstretched NTRU parameters P. Kirchner & P-A. Fouque Universit de Rennes 1, France EUROCRYPT 2017 05/01/17 1 Plan 1. Background on NTRU and Previous Attacks 2. A New Subring Attack 3.

697 views • 40 slides
Revisiting Division Property Based Cube Attacks: Key-Recovery or Distinguishing Attacks?

Revisiting Division Property Based Cube Attacks: Key-Recovery or Distinguishing Attacks?

Introduction Motivations and Contributions Preliminaries Our Main Idea Main Results Revisiting Division Property Based Cube Attacks: Key-Recovery or Distinguishing Attacks? Chen-Dong Ye and Tian Tian . . . . . . Chen-Dong Ye and Tian

734 views • 58 slides
Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp,

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp,

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp, Adam Lackorzynski * , Jrmie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Verssimo * Kernkonzept GmbH and University of

289 views • 28 slides
Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj Singh Gaur 1 , Vijay Laxmi 1 , Tushar Singhal 1 , Mauro Conti 2 1 Malaviya National Institute of Technology, Jaipur, India 2 University of Padua, Italy

882 views • 58 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral Heiland Matthew Kienow deral_heiland@rapid7.com mkienow@inokii.com dh@layereddefense.com @HacksForProfit @Percent_X Why ? Add value ?

939 views • 66 slides
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj Somorovsky Ruhr University Bochum 3curity GmbH juraj.somorovsky@3curity.de About me Security Researcher at: Chair for Network and Data Security,

818 views • 53 slides
Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud , Kenny Paterson Information Security Group IEEE Symposium on Security and Privacy, May 21, 2018 Outsourcing Data with Search

654 views • 62 slides
Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud Kenny Paterson Information Security Group Application Setting Storing Records in the Cloud value of record ( N possible values) record identifier

615 views • 59 slides
How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research

How to Compute under AC 0 Leakage without Secure Hardware Guy Rothblum Microsoft Research Silicon Valley Protecting Sensitive Computations from Leakage/Side-Channel Attacks Sensitive computations: Cryptographic Algorithms Secret Key

232 views • 20 slides
Revisiting SOHO Router Attacks DeepSec 2015 About us.. ... Meet our research group lvaro

Revisiting SOHO Router Attacks DeepSec 2015 About us.. ... Meet our research group lvaro

Revisiting SOHO Router Attacks DeepSec 2015 About us.. ... Meet our research group lvaro Folgado Rueda Independent Researcher Jos Antonio Rodrguez Garca Independent Researcher Ivn Sanz de Castro Security Analyst at Wise Security

1.03k views • 72 slides
Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional Account Director Arcom Digital < HOME Digital Leakage Outline Digital Leakage Traditional Leakage LTE Ingress and Egress issues

877 views • 68 slides
On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes

On the Local Leakage Resilience of Linear Secret Sharing Schemes Linear Secret Sharing Schemes Akshay Degwekar (MIT) Joint with Fabrice Benhamouda (IBM Research), Yuval Ishai (Technion) and Tal Rabin (IBM Research) Leakage attacks can be

547 views • 30 slides
GEARNET: Summary and successes of a new approach to conservation engineering Michael Pol

GEARNET: Summary and successes of a new approach to conservation engineering Michael Pol

GEARNET: Summary and successes of a new approach to conservation engineering Michael Pol Massachusetts Division of Marine Fisheries Steve Eayrs Gulf of Maine Research Institute Pingguo He School for Marine Science and Technology,

436 views • 17 slides
NFWF National Fish and Wildlife Foundation Presentation by Gulf Restoration Network Payout

NFWF National Fish and Wildlife Foundation Presentation by Gulf Restoration Network Payout

NFWF National Fish and Wildlife Foundation Presentation by Gulf Restoration Network Payout Schedule Settlement Monies from BP and Transocean Total funds equal $2.544 Billion from BP and Transocean Plea Agreements BP ($2.394 billion) and

893 views • 7 slides
CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens

CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations Ward Beullens Thorsten Kleinjung Frederik Vercauteren imec - COSIC December 3, 2019 Introduction : CSIDH [Castryck et al.] 1/34 Take the supersingular elliptic

1.2k views • 86 slides
Digital Signatures from Symmetric-Key Primitives Christian Rechberger IAIK, TU Graz and DTU

Digital Signatures from Symmetric-Key Primitives Christian Rechberger IAIK, TU Graz and DTU

Digital Signatures from Symmetric-Key Primitives Christian Rechberger IAIK, TU Graz and DTU Compute, DTU March 7, 2017 Based on Joint Work With David Derler Claudio Orlandi Sebastian Ramacher Daniel Slamanig TU Graz Aarhus University TU

187 views • 14 slides
Linear Regression Part 1: Fitting Lines INFO-1301, Quantitative Reasoning 1 University of

Linear Regression Part 1: Fitting Lines INFO-1301, Quantitative Reasoning 1 University of

Linear Regression Part 1: Fitting Lines INFO-1301, Quantitative Reasoning 1 University of Colorado Boulder April 19, 2017 Prof. Michael Paul Interpreting Linear Functions Fishermen in the Finger Lakes Region have been recording the dead fish

126 views • 10 slides
Its time to go scoop me some mud! Its time to go scoop me some mud! STOP

Its time to go scoop me some mud! Its time to go scoop me some mud! STOP

on ORK with Eric Chester at HOW TO IGNITE PASSION IN YOUR PEOPLE IGNITE PASSION WITHOUT BURNING THEM OUT Its time to go scoop me some mud! Its time to go scoop me some mud! STOP FISHING and START HUNTING HUNT SCHOOLS

479 views • 16 slides
DIOS A distributed Operating System for your Data Centre Malte Schwarzkopf @ms705 University

DIOS A distributed Operating System for your Data Centre Malte Schwarzkopf @ms705 University

DIOS A distributed Operating System for your Data Centre Malte Schwarzkopf @ms705 University of Cambridge Computer Laboratory Abstraction turtles all the way down... JSON, Protobuf object Cluster-level tasks Cached in-memory object

525 views • 20 slides
Autism Spectrum Disorder in Child ren and Adolescents Aura Lee A. Motus, M.D. UNM

Autism Spectrum Disorder in Child ren and Adolescents Aura Lee A. Motus, M.D. UNM

Autism Spectrum Disorder in Child ren and Adolescents Aura Lee A. Motus, M.D. UNM Department of Psychiatry Division of Child & Adolescent Psychiatry OBJECTIVES Recognize Early Signs of ASD Review Methods of Assessments

682 views • 22 slides

More recommend