security and privacy of hash based software applications
play

Security and Privacy of Hash-Based Software Applications This work - PowerPoint PPT Presentation

Oct 13, 2023 •212 likes •1.08k views

Security and Privacy of Hash-Based Software Applications This work has been partially supported by the LabEx PERSYVAL-Lab (ANR-11-LABX-0025-01) funded by the French program Investissement davenir. Amrit Kumar January 6, 2017 Privatics team,

  1. Security and Privacy of Hash-Based Software Applications This work has been partially supported by the LabEx PERSYVAL-Lab (ANR-11-LABX-0025-01) funded by the French program Investissement d’avenir. Amrit Kumar January 6, 2017 Privatics team, Inria Université Grenoble Alpes

  2. Hashing • A function h : { 0 , 1 } ∗ → { 0 , 1 } ℓ , where ℓ is the digest size. • Cryptographic: (second) pre-image and collision resistant. 2

  3. Hashing • A function h : { 0 , 1 } ∗ → { 0 , 1 } ℓ , where ℓ is the digest size. • Cryptographic: (second) pre-image and collision resistant. 2 nd pre-image pre-image collision resistance resistance resistance � = � = ? x ? ? ? h h h h h h ( x ) h ( x ) = h ( x ′ ) h ( x ) = h ( x ′ ) Best generic 2 ℓ 2 ℓ 2 ℓ/ 2 attack 2

  4. Are collisions always bad? (I) A simple use case: • Instead of storing n (large) data items, store their digests. • If ℓ is large, collisions are hard to find ⇒ space required = n × ℓ bits. 3

  5. Are collisions always bad? (I) A simple use case: • Instead of storing n (large) data items, store their digests. • If ℓ is large, collisions are hard to find ⇒ space required = n × ℓ bits. Collisions for further space savings: x 1 x 2 d 1 x 3 d i x n d m Data Digests • d i now substitutes both x 1 and x 2 ⇒ space required < n × ℓ bits. • Caveat: May introduce some unexpected behavior. 3

  6. Are collisions always bad? (I) A simple use case: • Instead of storing n (large) data items, store their digests. • If ℓ is large, collisions are hard to find ⇒ space required = n × ℓ bits. Collisions for further space savings: x 1 x 2 d 1 x 3 d i x n d m Data Digests • d i now substitutes both x 1 and x 2 ⇒ space required < n × ℓ bits. • Caveat: May introduce some unexpected behavior. • Core of several efficient (probabilistic) data structures: • Bloom filters for membership testing 3 • Sketches for data stream analysis

  7. Are collisions always bad? (II) Use case in privacy: • Hashing as a pseudonymization technique. • If ℓ is large, but #identifiers n is enumerable (in reasonable time) • Exhaustive search breaks pseudonymization. ℓ is large d 1 h h d 2 4

  8. Are collisions always bad? (II) Use case in privacy: • Hashing as a pseudonymization technique. • If ℓ is large, but #identifiers n is enumerable (in reasonable time) • Exhaustive search breaks pseudonymization. ℓ is large ℓ is small d 1 h h d h h d 2 • If ℓ is sufficiently small: • On average n / 2 ℓ identifiers share the same pseudonym. • Notion of anonymity-set. • Caveat: Provides weak anonymity guarantees. 4 • Employed in Google Safe Browsing: a malicious URL detection tool.

  9. Contrasting perspectives and outline Contrasting perspectives • Collisions have to be absolutely avoided in cryptography. • Somewhat welcome in algorithms and data structures. • Useful to some extent in the context of privacy. 5

  10. Contrasting perspectives and outline Contrasting perspectives • Collisions have to be absolutely avoided in cryptography. • Somewhat welcome in algorithms and data structures. • Useful to some extent in the context of privacy. Goal: Investigate the security and privacy implications of hash collisions. Focus for today: • Security: Bloom Filters 1. The Power of Evil Choices in Bloom Filters. DSN’15 Joint work with T. Gerbet and C. Lauradoux 2. Bloom Filters in Adversarial Settings. Under submission Joint work with C. Lauradoux and P. Lafourcade • Privacy: Safe Browsing 1. A Privacy Analysis of Google and Yandex Safe Browsing. DSN’16 Joint work with T. Gerbet and C. Lauradoux 5

  11. Security: Bloom Filters

  12. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 0 0 0 0 0 0 0 7

  13. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 0 0 0 0 0 0 7

  14. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 0 0 1 0 0 0 7

  15. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 7

  16. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 1 • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  17. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 1 • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  18. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 1 / ∈ S • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  19. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 2 = x 2 y 1 / ∈ S • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  20. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 2 = x 2 y 1 / ∈ S • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  21. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 2 = x 2 y 1 / ∈ S y 3 / ∈ S • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  22. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 2 = x 2 y 1 / ∈ S y 3 / ∈ S • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

  23. Bloom filters [Bloom 1970] Setup( m , n , k ): • A binary vector � z of size m compressing a set of n items. • k uniform and independent hash functions: h i : { 0 , 1 } ∗ → [ 0 , m − 1 ] z initialized to � • � 0. Operations: • Insert( x ) : Set bits of � z at h 1 ( x ) , . . . , h k ( x ) to 1. S = { x 1 , x 2 , x 3 } k = 2 0 0 0 1 1 0 1 1 0 1 y 2 = x 2 y 1 / ∈ S y 3 / ∈ S ( false positive ) • Query( y ) : Return True if bits of � z at h 1 ( y ) , . . . , h k ( y ) are all 1. 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Applications using Erlang Web 2.0 Security &amp; Privacy (W2SP) 2010 May 20, Berkeley,

Applications using Erlang Web 2.0 Security &amp; Privacy (W2SP) 2010 May 20, Berkeley,

Enforcing User Privacy in Web Applications using Erlang Web 2.0 Security &amp; Privacy (W2SP) 2010 May 20, Berkeley, California, USA Ioannis Papagiannis , Matteo Department of Computing Migliavacca, Peter Pietzuch Imperial College London

627 views • 30 slides
Improving Stateless Hash-Based Signatures CT-RSA 2018 Jean-Philippe Aumasson 1 , Guillaume

Improving Stateless Hash-Based Signatures CT-RSA 2018 Jean-Philippe Aumasson 1 , Guillaume

Improving Stateless Hash-Based Signatures CT-RSA 2018 Jean-Philippe Aumasson 1 , Guillaume Endignoux 2 Wednesday 18 th April, 2018 1 Kudelski Security 2 Work done while at Kudelski Security and EPFL 1 Hash-based signatures What are hash-based

370 views • 36 slides
Formal Security Analysis and Improvement of a hash-based

Formal Security Analysis and Improvement of a hash-based

Formal Security Analysis and Improvement of a hash-based NFC M-coupon Protocol Ali Alshehri and Steve Schneider Agenda Introduc?on. Approach

498 views • 25 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/18/2018 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

374 views • 9 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/24/2017 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

533 views • 14 slides
Security and Privacy of Blockchain Protocols and Applications Sergei Tikhomirov

Security and Privacy of Blockchain Protocols and Applications Sergei Tikhomirov

Security and Privacy of Blockchain Protocols and Applications Sergei Tikhomirov Esch-sur-Alzette, Luxembourg, 17 September 2020 Part 1 Introduction Problems with government-controlled money Unpredictable issuance Censorship and

763 views • 51 slides
The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com

The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com

The Future of Software Privacy concerns commerce, security, cryptography, www.digicash.com www.hotmail.com and other free email sites Why is the best software designed in the US, will this continue to be the case? 1992, The

462 views • 8 slides
Chapter 6 Hash-Based Indexing Efficient Support for Equality Search Hash-Based Indexing Static

Chapter 6 Hash-Based Indexing Efficient Support for Equality Search Hash-Based Indexing Static

Hash-Based Indexing Torsten Grust Chapter 6 Hash-Based Indexing Efficient Support for Equality Search Hash-Based Indexing Static Hashing Hash Functions Architecture and Implementation of Database Systems Extendible Hashing Summer 2016

930 views • 39 slides
Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting

Java Technologies Java EE Security Securing Applications Software Security - Protecting applications against malicious / unauthorized actions Desktop What kind of code is executed by the application, on the client machine? Where

702 views • 33 slides
A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky, Ezequiel Gutesman and Ariel Waissbein Core Security Technologies August 2, 2007 - Blackhat Briefings Outline Outline 1 Introduction 2 Known Tools

762 views • 60 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their

Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their

Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their many applications Shai Halevi IBM Research IBM Research Shai Halevi USENIX Security USENIX Security August 2009 August 2009

665 views • 55 slides
Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash

Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash

Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash algorithms NIST SHA-3 Competition MD6 Algorithm and Mode of Operation Research Objective Approach Introduction to hash algorithms Hash

454 views • 14 slides
Verena: End-to-End Integrity Protection for Web Applications IEEE Security &amp; Privacy 2016

Verena: End-to-End Integrity Protection for Web Applications IEEE Security &amp; Privacy 2016

Verena: End-to-End Integrity Protection for Web Applications IEEE Security &amp; Privacy 2016 Nikos Karapanos, Alexandros Filios, Raluca Ada Popa, Srdjan Capkun Information Integrity is Critical for Decision Making EKG, EKG, heart rate,

534 views • 15 slides
13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash

13 - Computer Security Hashing 1 Solution : hash function 0 1 n - h x 0 1 - h x is the hash/digest of x Context Goal - Represent large/sensitive message by a smaller one - Numerous

1.14k views • 68 slides
FIE LD E XPE RIME NTS Ganna Pogrebna G.Pogrebna@warwick.ac.uk www.gannapogrebna.com April 28,

FIE LD E XPE RIME NTS Ganna Pogrebna G.Pogrebna@warwick.ac.uk www.gannapogrebna.com April 28,

28/04/2015 FIE LD E XPE RIME NTS Ganna Pogrebna G.Pogrebna@warwick.ac.uk www.gannapogrebna.com April 28, 2015 Where to find lecture materials? Website: www.gannapogrebna.com Section: Teaching Item: EC984 2015

401 views • 27 slides
Microeconomics: Uncertainty P . v. Mouche Spring 2020 Wageningen University Utility

Microeconomics: Uncertainty P . v. Mouche Spring 2020 Wageningen University Utility

Microeconomics: Uncertainty P . v. Mouche Spring 2020 Wageningen University Utility maximisation Three main types for setting of utility maximisation: standard (we studied in the first part of the course); inter temporal (Chapter 9; we did

340 views • 20 slides
The Noether Theorems a century later Yvette Kosmann-Schwarzbach Paris Geometry, Dynamics and

The Noether Theorems a century later Yvette Kosmann-Schwarzbach Paris Geometry, Dynamics and

The Noether Theorems a century later Yvette Kosmann-Schwarzbach Paris Geometry, Dynamics and Mechanics online seminar July 28, 2020 https://events.math.unipd.it/GDMSeminar/ Yvette Kosmann-Schwarzbach The Noether theorems a century later E.

1.03k views • 57 slides
Our Exagmination round his Factification: a Backgrounder for Randall Holmes Proof of the

Our Exagmination round his Factification: a Backgrounder for Randall Holmes Proof of the

Our Exagmination round his Factification: a Backgrounder for Randall Holmes Proof of the Consistency of Quines NF in the Style of a Part III Essay; Part The First Based on a True Story Screenplay by Thomas Forster September 19, 2017

889 views • 31 slides
Dissipation by flows Festival de thorie, Aix-en-Provence, 07.2011 Romain Nguyen van yen 1,3 ,

Dissipation by flows Festival de thorie, Aix-en-Provence, 07.2011 Romain Nguyen van yen 1,3 ,

Dissipation by flows Festival de thorie, Aix-en-Provence, 07.2011 Romain Nguyen van yen 1,3 , Marie Farge 1 , Kai Schneider 2 1 LMD-CNRS, ENS Paris, France 2 M2P2-CNRS et CMI, Universit dAix-Marseille, France 3 FB Mathematik &amp;

498 views • 36 slides
Researching the International in International Tax Law Cline Braumann Department of

Researching the International in International Tax Law Cline Braumann Department of

Researching the International in International Tax Law Cline Braumann Department of European, International and Comparative Law, University of Vienna Sour urce ce:H :H. Armstr trong ng R Roberts ts, engraving ng 1 16 Decembe

674 views • 17 slides
Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

Cryptology Cryptology = Cryptography + Cryptanalysis Usage: SSL/TLS, ssh, gpg GSM, Wifi,

An introduction to Cryptology 1 2015/03/ EMA, Franceville, Gabon Damien Robert quipe LFANT, Inria Bordeaux Sud-Ouest Institut de Mathmatiques de Bordeaux quipe MACISA, Laboratoire International de Recherche en Informatique et

809 views • 61 slides
MASTERS AND ND SLA LAVES OF OF INFOR NFORMATION ON us Solom Solomon Ma on Marcus Simion

MASTERS AND ND SLA LAVES OF OF INFOR NFORMATION ON us Solom Solomon Ma on Marcus Simion

MASTERS AND ND SLA LAVES OF OF INFOR NFORMATION ON us Solom Solomon Ma on Marcus Simion Stoilow Institute of Mathematics Romanian Academy solomarcus@gmail.com Ten Sta n State tements to B nts to Be Conside onsidered f d for or Inf

1.43k views • 104 slides

More recommend