secure storage in the cloud using property preserving
play

Secure storage in the cloud using property preserving encryption - PowerPoint PPT Presentation

Feb 24, 2023 •394 likes •877 views

Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern

  1. Secure storage in the cloud using property preserving encryption Kenny Paterson Information Security Group

  2. Overview 1. Application scenarios. 2. Deterministic encryption and search. 3. OPE/ORE and range queries. 4. Analysing access pattern leakage from range queries. 2

  3. Application scenarios

  4. Application Scenarios Data owners wish to securely outsource storage to cloud providers whilst • preserving capability for users to query data in various ways. What kinds of queries? • What kinds of users? • What kinds of data? • What kinds of query? • What kinds of adversary? • Meta: Why not just use FHE and be done? • 4

  5. Two scenarios, one picture 5

  6. Scenario 1: Searchable File Storage • Owner has large collection of files, indexed by keywords. • Owner encrypts files and stores these on remote server. • Owner encodes keywords in such a way that keyword searches can still be carried out. • Encoded keywords also stored on server, as an encoded index. • Owner sends search token to server; server uses token and index to find identifiers for matching files. • Matching file identifiers are returned to owner. 6

  7. Scenario 2: Database Encryption • Data owner has a large database of records; each record has multiple fields. • Owner encrypts data in each field in such a way that standard database queries can still be carried out. • Basic : simple searches. - “Give me all records in which surname = Dubois”. • Advanced : compound searches. • More advanced : range queries - “Give me all records with ages between 21 and 30”. • Finally : arbitrary SQL queries. * 7 * Other db query languages are available.

  8. Searchable Encryption Solution for Scenario 1: Searchable Encryption. Naïve scheme: owner uses IND-CPA symmetric encryption for files and • PRF K ( kw ) as encoding of keyword kw . Store encrypted files and encoded keywords per file on server. • Owner sends tok = PRF K ( kw ) to server; server matches tok against encoded • keywords; returns matching files. Can use an inverted index and file identifiers: server stores database of • tuples ( tok, ( fid 1 , fid 2 ,….)). 8

  9. Security Analysis Adversarial objectives? • - Keyword recovery, recovery of file contents,… ? Adversarial capabilities? • - “Snapshot”, “Honest-but-curious”, “Fully malicious”. - Can/cannot observe queries; can/cannot make queries; can/cannot inject files. What about auxiliary information? • - What if the adversary has a representative data sample or keyword sample? Cash et al . (CCS15): detailed analysis of different attacks models, leakage • profiles, etc. against SE schemes in general: Leakage Abuse Attacks . Fuller et al. (S&P17): SoK paper on cryptographically protected database • search. 9

  10. Two scenarios, one picture 10

  11. Deterministic Encryption Partial solution for Scenario 2: DE Simplest possible scheme: owner uses deterministic encryption scheme (KGen, • Enc, Dec) to encrypt each column of the database using a per-column key K. Server can store the encrypted data on server in a traditional database. • To find matches with value x in a column, send search query for y = Enc K ( x ) to • server. Server finds matches on y and returns full encrypted records to client. • Client decrypts returned records using per column keys. • Use of DE preserves equality of plaintexts and allows simple searches. • (Very similar to naïve SE, with PRF replaced by Enc/Dec). • 11

  12. Property Preserving/Revealing Encryption (PPE/PRE) More general solution for Scenario 2: PPE/PRE Generalises idea of “equality preserving/revealing” property of DE. • Main example: Order Preserving/Revealing Encrypion (OPE/ORE). • OPE: if x < y then Enc( x ) < Enc ( y ). • ORE : there exists a (public) efficiently computable function “Order” such that: • x < y iff Order(Enc( x ), Enc( y )) = 1 OPE/ORE allows range queries! • Client who wishes to query on range [ a , b ] instead sends query for range [Enc( a ), • Enc( b )] to server. 12

  13. Analysis of Deterministic Encryption

  14. Reminder: ECB information leakage Tux the Penguin, the ECB-Tux Linux mascot. Created in 1996 by Larry Ewing with The GIMP. lewing@isc.tamu.edu 14

  15. Analysis of Deterministic Encryption • DE is equality preserving, by design. • DE therefore preserves frequencies of plaintexts in the ciphertexts, cf. monoalphabetic substitution cipher. • Naveed-Kamara-Wright (CCS15): let’s apply frequency analysis! (al-Kindi, 9 th century.) • Assumption 1 : attacker has auxiliary information – a reasonably accurate estimate for the plaintext distribution. • Assumption 2 : attacker has a snapshot of the encrypted database. 15

  16. Analysis of Deterministic Encryption 16

  17. Frequency Analysis is Maximum Likelihood! • Given a column of ciphertexts y , frequency analysis matches: - Most frequent item in y with most frequent item in aux. dist. - Second most frequent item in y with second most frequent item in aux. dist. - etc. • Defines a permutation π mapping plaintexts x to ciphertexts y . • This procedure is maximum likelihood , that is, it maximises the likelihood L(π | y ) := Pr ( y | π). • Proof : fun exercise, see also eprint 2015/1158. 17

  18. Performance of Frequency Analysis Against DE • Naveed-Kamara-Wright [CCS15] performed an empirical investigation of the performance of frequency analysis against DE. • Using a large medical dataset : per-patient data in 12 categories for 200 largest hospitals in the 2009 Nationwide Inpatient Sample (NIS), from the Healthcare Cost and Utilization Project (HCUP), run by the US Agency for Healthcare Research and Quality. • DE encrypt data per hospital for each category. • Use 2004 aggregated HCUP data as the auxiliary data. • Run frequency analysis and measure percentage of data items correctly recovered per hospital . 18

  19. Performance of Frequency Analysis Against DE 19

  20. Performance of Frequency Analysis Against DE 20

  21. Performance of Frequency Analysis Against DE 21

  22. Frequency Analysis Makes Headlines! 22

  23. Combatting Frequency Analysis • We want to smooth out frequency distribution so that frequency analysis becomes ineffective. • Performing worse than random guessing of plaintext. • We also want to preserve ability to efficiently perform search queries on a standard database. • Rules out fully randomised/IND-CPA secure encryption. • What about adding a limited amount of randomness? • Leads to idea of applying homophonic encoding to produce Frequency Smoothing Encryption (FSE) schemes (Lacharité- Paterson, forthcoming). 23

  24. Frequency Smoothing Encryption – Combatting Frequency Analysis e 0 c 1 c 3 p e 1 c 2 HE DE e 2 c 0 e 3 Plaintext Encodings Ciphertext • Homophonic Encoding (HE) consumes small amount of randomness. • Make number of encodings proportional to frequency of p for good frequency smoothing. • DE = Deterministic Encryption. • Match on {c 1 , c 2 , c 3 , c 4 } instead of a single ciphertext. • Query complexity blow-up by max. number of encodings in worst case. 24

  25. Interval-based Homophonic Encoding (IBHE) • Encoding space = r -bit strings / interval [0,2 r ). • Represent encodings of p having frequency f by an interval of size approximately f x 2 r . • Select uniformly at random from interval to encode p . • Needs an encoding table to store an interval for each plaintext item; | p | x 2 r bits. • Also needs a decoding table mapping bits back to plaintexts. p 0 p 1 p 2 p 3 …. 0 2 r -1 25

  26. Effectiveness of FSE from IBHE + DE • Can prove that as r goes to ∞, no distinguisher can tell apart ciphertexts from uniformly random strings. • But even for moderate r , IBHE + DE smooths well for all but very skewed data. • Rapidly limits (generalised) frequency analysis to being worse than a pure guessing attack. • Such an attack is always possible for limited domain of plaintexts. • We used same evaluation framework as Naveed-Kamara- Wright (CCS15). • Except that we gave the adversary the exact, per-hospital distribution as the auxiliary distribution! 26

  27. Effectiveness of FSE from IBHE + DE 27

  28. Effectiveness of FSE from IBHE + DE 28

  29. Effectiveness of FSE from IBHE + DE • Warning : FSE only protects against a basic snapshot attacker. • Recent work of Grubbs-Ristenpart-Shmatikov (HotOS17) questions legitimacy of snapshot attack model. • Columns are treated in isolation. • More powerful adversary could perform frequency analysis on the sets of responses to queries. • Scheme does not protect against an active attacker who can inject his own queries. 29

  30. Analysis of OPE/ORE

  31. Order Preserving/Revealing Encryption • OPE: if x < y then Enc( x ) < Enc ( y ). • ORE : there exists a (public) efficiently computable function “Order” such that: x < y iff Order(Enc( x ), Enc( y )) = 1 • OPE/ORE allows range queries. • Client who wishes to query on range [ a , b ] instead sends query for range [Enc( a ), Enc( b )] to server. 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL) Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud

650 views • 51 slides
Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27

Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27

Resea earch I Institut ute e for or Se Secure Sy Systems Security on cloud storage and IaaS at Taiwan-Japan Workshop 2012/Nov/27 http://www.jst.go.jp/sicp/ws2012_nsc.html Kuniyasu Suzaki Research Institute for Secure Systems (RISEC)

350 views • 22 slides
Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud

Computations on Encrypted Data for the Cloud David Pointcheval CNRS - ENS - INRIA Secure Cloud Services and Storage Workshop Oslo, Norway - September 10th, 2017 The Cloud David Pointcheval Introduction 2 / 17 Anything from Anywhere One

290 views • 17 slides
Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective

Cloud Storage Nabil Abdennadher nabil.abdennadher@hesge.ch 1 Cloud storage Objective Provide logical storage pools that abstract a more complex distributed infrastructure made of commodity hardware Separate storage service

627 views • 15 slides
Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500

A mathematical theory of distributed storage Dagstuhl workshop (16321) Coding in the time of Big Data Michael Luby August 8, 2016 Research Cloud storage state of affairs Storage clusters contain thousands of storage nodes, with e.g. 500 TB

796 views • 37 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software

Large objects in the Cloud Thursday, 11 April 13 Riak Cloud Storage Cloud Storage software backed by Riak Simple API Multi-tenant, Per-tenant Reporting Pluggable Authentication Multi Data Center Replication (Enterprise)

369 views • 18 slides
A nationwide partnership in vacant property management Secure Empty Property Limited

A nationwide partnership in vacant property management Secure Empty Property Limited

A nationwide partnership in vacant property management Secure Empty Property Limited secureemptyproperty.com About Secure Empty Property Specialist contractor with unique security technology to mitigate risks of vandalism, arson, squatting

288 views • 16 slides
Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Enterprise 2.0 Secure Cloud Mail and Content Collaboration

Use Case Sharing: Enterprise 2.0 Secure Cloud Mail and Content Collaboration Market Development Director / Andy Lin Secure Mail &amp; Collaboration Solution Provider 4 5 On-Premise Cloud OEM Cloud

657 views • 32 slides
Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan

Could Cloud Storage Be Disrupted in the Next Decade? Andromachi Chatzieleftheriou, Ioan Stefanovici , Dushyanth Narayanan Benn Thomsen, Antony Rowstron Microsoft Research Cloud Storage Landscape: Yesterday + Today Storage Technologies $$$$

147 views • 12 slides
What is the cloud? Property of TalentWise Property of TalentWise Cloud HCM Players Property of

What is the cloud? Property of TalentWise Property of TalentWise Cloud HCM Players Property of

What is the cloud? Property of TalentWise Property of TalentWise Cloud HCM Players Property of TalentWise Property of TalentWise Cloud HCM Reality $ = Property of TalentWise Property of TalentWise Oracles Strategy Property of

465 views • 14 slides
GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering

GLUSTER The storage for your Hybrid Cloud Amar Tumballi, Manager, Storage Engineering Maintainer, GlusterFS SDC India - 24th May, 2018 CONTENTS Define: Hybrid Cloud &amp; Infrastructure Understand: What are the storage needs of hybrid

527 views • 16 slides
Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012

Update on NIIFI's storage and cloud related activities TF-Storage Meeting September 27, 2012 Dubrovnik, Croatia Szabolcs Szkelyi &lt;szekelyi@niif.hu&gt; Agenda Storage infrastructure update Archiving service Cloud GUI

877 views • 18 slides
Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography

Cryptographic Cloud Storage: a proposal a proposal Seny Kamara, Kristin Lauter Cryptography Group Microsoft Research Applications/Scenarios Secure Outsourcing for Business Electronic Health Records Interactive Scientific Publishing

452 views • 4 slides
Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint

Verifiability for Cloud Storage and Computation Melek nen July 5th, 2016 Lorient Joint work with Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva Cloud Outsourcing Storage and Computation Data storage Data processing [Cloud Security

393 views • 23 slides
: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt

: Taming the Cloud Object Storage Ali Anwar , Yue Cheng , Aayush Gupta , Ali R. Butt Virginia Tech &amp; IBM Research Almaden Cloud object stores enable cost-efficient data storage Object storage 2 Cloud object

720 views • 46 slides
ENSURING QUALITY CARE THE BUSINESS OF RUNNING YOUR AFH Required posted information

ENSURING QUALITY CARE THE BUSINESS OF RUNNING YOUR AFH Required posted information

ENSURING QUALITY CARE THE BUSINESS OF RUNNING YOUR AFH Required posted information Residency agreement Business records September 2019 Safety, Oversight and Quality Unit 1 REQUIRED POSTED INFORMATION September 2019 Safety,

429 views • 21 slides
Translation without bilingual parallel corpora Chris Callison-Burch Lecture 20 with Ann Irvine,

Translation without bilingual parallel corpora Chris Callison-Burch Lecture 20 with Ann Irvine,

Translation without bilingual parallel corpora Chris Callison-Burch Lecture 20 with Ann Irvine, Alex Klementiev, and David Yarowsky How to Improve Machine Transla5on 30 25 Translation quality 20 Better models 15

812 views • 45 slides
August 2019 Grant Coordinator Meeting Todays Agenda Difference in Trainee/Fellow and

August 2019 Grant Coordinator Meeting Todays Agenda Difference in Trainee/Fellow and

August 2019 Grant Coordinator Meeting Todays Agenda Difference in Trainee/Fellow and Employee (Anita &amp; Brad) Post Award Reminders &amp; Updates (Anita) Cost Transfers (Anita &amp; Elena) Upcoming Education (Nancy) Data

774 views • 38 slides
SMS And ICT4D Connecting to People Trevor Perrier February 11, 2015 Why SMS Or: Where There Is

SMS And ICT4D Connecting to People Trevor Perrier February 11, 2015 Why SMS Or: Where There Is

SMS And ICT4D Connecting to People Trevor Perrier February 11, 2015 Why SMS Or: Where There Is No App Advantages of SMS Disadvantages Ubiquitous No structure No Install Limited bandwidth Low cost Complex syntax

428 views • 26 slides
PROFESSIONS, POWER AND TRUST Sara Shaw When you have completed the reading and participated in

PROFESSIONS, POWER AND TRUST Sara Shaw When you have completed the reading and participated in

09/10/2012 PROFESSIONS, POWER AND TRUST Sara Shaw When you have completed the reading and participated in the taught components for this week, we hope you will be able to. Outline the main approaches to understanding and analysing the role

156 views • 13 slides
Increasing Cultural Competence of Healthcare Providers and Public Health Professionals Working

Increasing Cultural Competence of Healthcare Providers and Public Health Professionals Working

Increasing Cultural Competence of Healthcare Providers and Public Health Professionals Working with Persons with Disabilities Danielle N. Scheer BACKGROUND National Council on Disability Call to Action Information related to

484 views • 25 slides
THANK YOU FOR JOINING THE ISMPP U TODAY! The program will begin promptly at 11:00 am EST

THANK YOU FOR JOINING THE ISMPP U TODAY! The program will begin promptly at 11:00 am EST

THANK YOU FOR JOINING THE ISMPP U TODAY! The program will begin promptly at 11:00 am EST December 14, 2016 ISMPP CMPP PROGRAM UPDATE: NEW EXAM BLUEPRINT AND RECERTIFICATION POLICY Jason McDonough , PhD, ISMPP Certified Medical Publication

584 views • 42 slides
Promising Practices in the US: Health Workforce Data and Information Sharing Across States Best

Promising Practices in the US: Health Workforce Data and Information Sharing Across States Best

Promising Practices in the US: Health Workforce Data and Information Sharing Across States Best Brains Exchange Advancing the Dialogue on pan Canadian Registration or Licensure of Health Professionals October 25, 2019 Jean Moore, DrPH, FAAN

428 views • 20 slides

More recommend