understanding and mitigating leakage abuse attacks
play

Understanding and Mitigating Leakage-Abuse Attacks against - PowerPoint PPT Presentation

Nov 03, 2022 •370 likes •836 views

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &

  1. Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Générale de l’Armement - Maîtrise de l’Information 2 Université de Rennes 1 3 INRIA & Ecole Normale Supèrieure ICERM’s Encrypted Search Workshop 06/10/2019 Providence, RI Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 1 / 31

  2. Disclaimers • These slides have been made very recently (like in finished last night). • Jetlag Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 2 / 31

  3. Disclaimers • These slides have been made very recently (like in finished last night). • Jetlag • Support for a discussion: please ask questions. If you see something, say something. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 2 / 31

  4. Disclaimers • These slides have been made very recently (like in finished last night). • Jetlag • Support for a discussion: please ask questions. If you see something, say something. Claim These are the (maybe) controversial points. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 2 / 31

  5. Security Definition Indistinguishability-based security definition [CGKO06] (in a general form). Init ( DB 0 , DB 1 ) Query ( q 0 i , q 1 i ) if L Stp ( DB 0 ) � = L Stp ( DB 1 ) if L Query ( q 0 i ) � = L Query ( q 1 i ) Abort game Abort game $ ← Query ( K Σ , σ, q b $ b ← { 0 , 1 } ( R , σ, τ ; EDB ) i ; EDB ) $ return τ ← Setup ( DB b ) ( EDB , K Σ , σ ) return EDB Final ( b ′ ) return b = b ′ The sequence ( DB , q 1 , . . . , q n ) is called an history . Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 3 / 31

  6. Leakage-Abuse Attacks • Introduced as inference attack in [IKK12]: use co-occurrence information against an encrypted DB. • Improved in [CGPR15] : combine co-occurrence with the volume leakage. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 4 / 31

  7. Leakage-Abuse Attacks • Introduced as inference attack in [IKK12]: use co-occurrence information against an encrypted DB. • Improved in [CGPR15] : combine co-occurrence with the volume leakage. • Exploit the scheme’s leakage to attack the DB or the queries. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 4 / 31

  8. Leakage-Abuse Attacks These attacks have many variants: • Against DB supporting range queries [KKNO16, GLMP19] • Against DB supporting k -nearest-neighbor [KPT19] • Against dynamic DB: file injection attacks [ZKP16] Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 5 / 31

  9. Leakage-Abuse Attacks These attacks have assume the adversary has some auxiliary information: • [IKK12]: distribution of the co-occurrence database • [CGPR15]: co-occurrence + keyword distribution • [KKNO16]: queries are uniformly distributed • [ZKP16]: knowledge of the adversarially inserted documents Also, you almost always achieve 100% reconstruction of the database/queries. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 6 / 31

  10. Leakage-Abuse Attacks Why do they work ? The security definition should cover these attacks. . . The model guarantees that two executions of a SE scheme cannot be distinguished; LAAs retrieve the database or the queries. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 7 / 31

  11. Leakage-Abuse Attacks Why do they work ? The security definition should cover these attacks. . . The model guarantees that two executions of a SE scheme cannot be distinguished; LAAs retrieve the database or the queries. Claim In these attacks, the observed leakage is conditioned to some additional knowledge by the adversary. The combination of both can uniquely identify a history. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 7 / 31

  12. Singular histories An history H such that there is no other history H ′ � = H with L ( H ) = L ( H ′ ) is call singular [CGKO06]. For singular histories, the ind-based security definition becomes void. Note that the existence of a second history with the same trace is a necessary assumption, other- wise the trace would immediately leak all infor- mation about the history. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 8 / 31

  13. Singular histories: examples • In [IKK12, CGPR15], the adversary ’chooses’ the database. It is impossible to find two lists of queries with the same leakage with this database. • In [KKNO16], the adversary knows that the queries are uniformly distributed. It is impossible to find two databases with the same volume leakage. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 9 / 31

  14. Singular histories: examples • In [IKK12, CGPR15], the adversary ’chooses’ the database. It is impossible to find two lists of queries with the same leakage with this database. • In [KKNO16], the adversary knows that the queries are uniformly distributed. It is impossible to find two databases with the same volume leakage. Claim The security definition protect that database and all the queries as a whole , not in isolation. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 9 / 31

  15. LAAs against other security definitions LAAs are not restricted to SE: leakage applies to other types of encryption: • CPA/CCA encryption ‘leaks’ the size of the message. The length of messages is a very useful information when attacking encrypted traffic [SSV12] => TFC. • Functional encryption ‘leaks’ the result of the function evaluation. (Non-adaptive) SE security can be seen as a restriction of (non-adaptive) functional encryption security. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 10 / 31

  16. LAAs against other security definitions Consider the following example: define an encryption scheme on a message space M such that ∀ m � = m ′ ∈ M , | m | � = | m ′ | . The encryption/decryption algorithm is the identity function: Enc ( m ) = m . Strictly speaking, this scheme is CPA secure: ∀ m , m ′ ∈ M s.t. | m | = | m ′ | , Enc ( m ) = Enc ( m ′ ) . Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 11 / 31

  17. LAAs against other security definitions Consider the following example: define an encryption scheme on a message space M such that ∀ m � = m ′ ∈ M , | m | � = | m ′ | . The encryption/decryption algorithm is the identity function: Enc ( m ) = m . Strictly speaking, this scheme is CPA secure: ∀ m , m ′ ∈ M s.t. | m | = | m ′ | , Enc ( m ) = Enc ( m ′ ) . Claim In other security definitions, there are constrains that prevent the definition to turn out void. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 11 / 31

  18. Constraints We need a formalization of auxiliary information available to the adversary: an history conforms to some constraints ( i.e. is compatible with prior adversarial knowledge). Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 12 / 31

  19. Constraints We need a formalization of auxiliary information available to the adversary: an history conforms to some constraints ( i.e. is compatible with prior adversarial knowledge). Definition (Constraint) A constraint C is a predicate over the set of all possible histories. A history H is said to satisfy the constraint C if and only if C ( H ) = true. It is valid if ∃ H � = H ′ , C ( H ) = C ( H ′ ) = true. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 12 / 31

  20. Resilience For a given constraint (representing adversarial knowledge), the leakage of a scheme should not uniquely identify the history. Definition (Resilience) A leakage function L is resilient to the constraint C iff for every history H satisfying C , there exists a distinct history H ′ � = H satisfying C such that L ( H ′ ) = L ( H ) . If C is a set of constraints, L is said to be resilient to C iff it is resilient to all C ∈ C . This already precludes most of the leakage-abuse attacks discussed previously. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 13 / 31

  21. Examples of Constraints: knowledge of the DB How to capture the prior knowledge of the database? � � DB ( DB , q 1 , . . . ) = true ⇔ DB = � DB ( H ) = C C DB C DB = { C DB , DB ∈ DB} DB for any � � From [CGPR15], L 1 is not resilient to C DB. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 14 / 31

  22. Examples of Constraints: known document subset C D 1 ,..., D ℓ ( H ) = true ⇔ D 1 , . . . , D ℓ ∈ DB [CGPR15]: L 3 (keyword occurrences) is not resilient to C D 1 ,..., D ℓ . Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 15 / 31

  23. Examples of Constraints: file injections The constraint C associated to an adversary who injects the documents D 1 , . . . , D ℓ at queries i 1 , . . . , i ℓ is true iff ∀ 1 ≤ j ≤ ℓ, q i j is an update query inserting D j . [ZKP16]: the search pattern leakage is not resilient to leakage injection constraints. Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 16 / 31

  24. Stronger forms of resilience The resilience definition gives us a very weak form of security: the choice between two histories. Definition ( α -resilience) A leakage function L is α - resilient to the constraint C iff for every history H satisfying C , there exist α pairwise distinct histories ( H i ) i ≤ α satisfying C such that ∀ i , L ( H i ) = L ( H ) . If C is a set of constraints, L is said to be α - resilient to C iff it is α -resilient to all C ∈ C . Bost, Fouque, Minaud Leakage-Abuse Attacks 06/10/2019 17 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson eprint 2019/011 and IEEE S&P 2019. (also eprint 2018/965, CCS 2018.) AriC crypto seminar, ENS

651 views • 48 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS Encrypted Search Trusted client Untrusted server Cat Fish Cat Dog Dog 2 Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted

983 views • 60 slides
Mitigating Information Leakage in Image Representations: A Maximum Entropy Approach Proteek Roy

Mitigating Information Leakage in Image Representations: A Maximum Entropy Approach Proteek Roy

Mitigating Information Leakage in Image Representations: A Maximum Entropy Approach Proteek Roy and Vishnu Boddeti Michigan State University CVPR 2019 [~]$ [1/13] >>> Representation Learning: The Bright Side * Deep Embeddings: E (

674 views • 39 slides
KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on

KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on

KRACKing WPA2 and Mitigating Future Attacks Mathy Vanhoef @vanhoefm CRYPTO Workshop on Attacks (WAC), Santa Barbara, 18 August 2018 Overview Key reinstalls in 4-way handshake Misconceptions Practical impact Channel validation 2

646 views • 51 slides
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches Menghao Zhang 1 , Guanyu Li 1 , Shicheng Wang 1 , Chang Liu 1 , Ang Chen 2 , Hongxin Hu 3 , Guofei Gu 4 , Qi Li 1 , Mingwei Xu 1 , Jianping Wu 1 1 4 2 3 DDoS Attacks are

480 views • 23 slides
Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp,

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp,

Avoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control Marcus Vlp, Adam Lackorzynski * , Jrmie Decouchant, Vincent Rahli, Francisco Rocha, and Paulo Esteves-Verssimo * Kernkonzept GmbH and University of

289 views • 28 slides
Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar & Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar & Dirk

Mitigating Sybil Attacks on the I2P Network Using Blockchain RP #97, Kotaiba Alachkar & Dirk Gaastra Supervisor: Vincent Van Mieghem, Deloitte 3 July, 2018 MSc Security and Network Engineering University of Amsterdam Introduction I2P -

720 views • 37 slides
Structuring a Compensation Framework for Clinical Research Mitigating Fraud and Abuse Risks for

Structuring a Compensation Framework for Clinical Research Mitigating Fraud and Abuse Risks for

Presenting a live 90-minute webinar with interactive Q&A Structuring a Compensation Framework for Clinical Research Mitigating Fraud and Abuse Risks for Healthcare Providers, Navigating FMV in Clinical Research Budgeting, Lessons From Recent

911 views • 44 slides
Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj

Privacy Leakage Attacks in Browser by Colluding Extensions Presentation by Anil Saini 1 , Manoj Singh Gaur 1 , Vijay Laxmi 1 , Tushar Singhal 1 , Mauro Conti 2 1 Malaviya National Institute of Technology, Jaipur, India 2 University of Padua, Italy

882 views • 58 slides
Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network

Successive Network Coding (SNC): A Mitigating Mechanism Against Eavesdropping Attacks In Network Coding Based Systems Vahid N. Talooki, University of Aveiro, Portugal Network Coding (NC) allows intermediate nodes not only to store and forward

307 views • 4 slides
Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane Foams Clare Perry Environmental Investigation Agency (EIA) International Symposium On The Unexpected Increase in Emissions of Ozone-Depleting

348 views • 18 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath , Haitao Zheng, Ben Y. Zhao University of Chicago, *UC Santa Barbara, Virginia Tech

770 views • 17 slides
Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral Heiland Matthew Kienow deral_heiland@rapid7.com mkienow@inokii.com dh@layereddefense.com @HacksForProfit @Percent_X Why ? Add value ?

939 views • 66 slides
A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen, Enes Gkta (joint first author) (VU) Moritz Contag, Andre Pawlowski, Thorsten Holz (RUB) Xi Chen, Sanjay Rawat, Herbert Bos, Elias Athanasopoulos,

587 views • 26 slides
Genera&ng entanglement in solids, and detec&ng entanglement

Genera&ng entanglement in solids, and detec&ng entanglement

Genera&ng entanglement in solids, and detec&ng entanglement for QKD Josh Nunn Clarendon Laboratory, Oxford University, UK & NRC, Security &

393 views • 25 slides
Rebecca Sutherns, PhD April 11, 2019 The map In the room AGILITY 20% Afterwards ABSORPTION

Rebecca Sutherns, PhD April 11, 2019 The map In the room AGILITY 20% Afterwards ABSORPTION

Rebecca Sutherns, PhD April 11, 2019 The map In the room AGILITY 20% Afterwards ABSORPTION In advance 5% ANTICIPATION 75% The Balance of Nimble Facilitation Improvisation Orchestration Highly Spontaneous Hardly Seen Heavily Scripted

603 views • 33 slides
Turbulent water jet Note range of eddy scales and self- similar structure. Big whirls have

Turbulent water jet Note range of eddy scales and self- similar structure. Big whirls have

Turbulent water jet Note range of eddy scales and self- similar structure. Big whirls have little whirls, That feed on their velocity; And little whirls have lesser whirls, And so on to viscosity. - L. F. Richardsons prescient 1922

482 views • 7 slides
M7S3 - Regression Thoughts Professor Jarad Niemi STAT 226 - Iowa State University November 27,

M7S3 - Regression Thoughts Professor Jarad Niemi STAT 226 - Iowa State University November 27,

M7S3 - Regression Thoughts Professor Jarad Niemi STAT 226 - Iowa State University November 27, 2018 Professor Jarad Niemi (STAT226@ISU) M7S3 - Regression Thoughts November 27, 2018 1 / 21 Outline Regression thoughts Properties Coefficient

565 views • 21 slides
The Alpha Jet Atmospheric eXperiment (AJAX): Three years of airborne ozone and greenhouse gas

The Alpha Jet Atmospheric eXperiment (AJAX): Three years of airborne ozone and greenhouse gas

The Alpha Jet Atmospheric eXperiment (AJAX): Three years of airborne ozone and greenhouse gas measurements over California and Nevada E.L. Yates 1,2* , L.T. Iraci 1 , R.B. Pierce 3 , M. Gustin 4 , R. Fine 4 , M. Roby 1,5 , D. Austerberry 1,6 ,

509 views • 21 slides
Radio/gamma connection: Study of cm/mm-band radio and gamma-ray correlated variability in

Radio/gamma connection: Study of cm/mm-band radio and gamma-ray correlated variability in

Radio/gamma connection: Study of cm/mm-band radio and gamma-ray correlated variability in Fermi bright blazars Lars Fuhrmann S. Larrson, J. Chiang, E. Angelakis, V. Pavlidou, I. Nestoras, J. A. Zensus et al. on behalf of the F-GAMMA &

433 views • 19 slides
Welcome to LOT-QuantumDesign Europe Cracow 2018, Stefan Riesner About us Presence in 20

Welcome to LOT-QuantumDesign Europe Cracow 2018, Stefan Riesner About us Presence in 20

Welcome to LOT-QuantumDesign Europe Cracow 2018, Stefan Riesner About us Presence in 20 European countries Part of worldwide Quantum Design network Local support and service Application centers Approx. 140 specialists serving

636 views • 53 slides
Jets (and some other stuff) for the LHC: experimental perspective Joey Huston Michigan State

Jets (and some other stuff) for the LHC: experimental perspective Joey Huston Michigan State

Jets (and some other stuff) for the LHC: experimental perspective Joey Huston Michigan State University West Coast Theorist thing Davis Dec. 8 2006 ATLAS webcams on Geneve and Jura sides 1 References Also online at ROP Standard Model

1.07k views • 73 slides

More recommend