encrypted data
play

encrypted data Raluca Ada Popa MIT Compromise of confidential data - PowerPoint PPT Presentation

Oct 01, 2022 •311 likes •851 views

? xd51db5 xe891a1 X9ce568 X32e1dc xab2356 xdd0135 x453a32 x63ab12 Building systems that compute on encrypted data Raluca Ada Popa MIT Compromise of confidential data is prevalent Problem setup server clients Secret Secret Secret

  1. ? xd51db5 xe891a1 X9ce568 X32e1dc xab2356 xdd0135 x453a32 x63ab12 Building systems that compute on encrypted data Raluca Ada Popa MIT

  2. Compromise of confidential data is prevalent

  3. Problem setup server clients Secret Secret Secret no computation computation storage databases, web applications, mobile applications, machine learning, etc. ?? encryption

  4. Current systems strategy server clients Secret Secret Prevent attackers from breaking into servers

  5. Lots of existing work  Checks at the operating-system level  Language-based enforcement of a security policy  Static or dynamic analysis of application code  Checks at the network level  Trusted hardware …

  6. Data still leaks even with these mechanisms because attackers eventually break in!

  7. Attacker examples Attacker: Reason they succeed: hackers software is complex cloud employees insiders: legitimate server access! increasingly many companies store data on external clouds government e.g., physical access accessed private data according to

  8. My work Systems that protect confidentiality even against attackers with access to all server data

  9. My approach Servers store, process, and compute on encrypted data in a practical way server ?? client Strawman: Secret Secret Result Secret Secret

  10. Computing on encrypted data in cryptography [Rivest-Adleman- Dertouzos’78] Fully homomorphic encryption ( FHE ) [Gentry’09] prohibitively slow, e.g., slowdown X 1,000,000,000 My work: practical systems practical systems large class of meaningful real-world + + real security performance applications

  11. My contributions Server under attack: System: Databases: CryptDB [SOSP’11][CACM’12] DB mOPE, adjJOIN server [Oakland’13] Web apps: Mylar [NSDI’14] DB web app server multi-key search server Mobile PrivStats [CCS’11] apps: mobile app server VPriv [Usenix Security’09] Theory: Functional encryption [STOC’13] [CRYPTO’13] In general:

  12. Combine systems and cryptography 1. identify core operations needed strawman: systems one generic crypto scheme (FHE) 3. Design and build system 2. multiple specialized encryption schemes New schemes: mOPE, adjJOIN for CryptDB  multi-key search for Mylar 

  13. My contributions Server under attack: System: Databases: CryptDB DB server Web apps: Mylar DB web app server server Mobile PrivStats apps: mobile app server VPriv Theory: Functional encryption In general:

  14. CryptDB [SOSP’11: Popa -Redfield-Zeldovich-Balakrishnan] First practical database system (DBMS) to process most SQL queries on encrypted data

  15. Related work Systems work:  [Hacigumus et al .’ 02][Damiani et al.’ 03][Ciriani et al’ 09] no formal confidentiality guarantees  restricted functionality  client-side filtering  Theory work:  General computation: FHE  [Gentry’09] very strong security: forces slowdown - many queries  must always scan and return the whole DB prohibitively slow (10 9 x)  Specialized schemes  [Amanatidis et al.’07 ][Song et al.’ 00][Boldyreva et al.’ 09]

  16. Setup trusted client-side under passive attack DB server Application Use cases:  Outsource DB to the cloud (DBaaS)  e.g. Encrypted BigQuery  Local cluster: hide DB content from sys. admins.

  17. Setup trusted client-side under passive attack transformed DB server query plain query  Proxy encrypted DB Application decrypted encrypted Secret Secret results results  Stores schema and master key computation on  No query execution encrypted data ≈ regular computation

  18. Example Application Randomized encryption (RND) - semantic SELECT * FROM emp table1/emp col1/rank col2/name col3/salary Proxy SELECT * FROM table1 x4be219 60 x95c623 100 x2ea887 800 x17cea7 100

  19. Example Application Randomized encryption Deterministic encryption (DET) (RND) SELECT * FROM emp WHERE salary = 100 table1/emp col1/rank col2/name col3/salary SELECT * FROM table1 Proxy WHERE col3 = x5a8c34 x934bc1 x4be219 60 x5a8c34 x95c623 100 x84a21c x2ea887 800 x5a8c34 x5a8c34 ? ? x5a8c34 x17cea7 100 x5a8c34 x5a8c34

  20. Example Application “ Summable ” Deterministic encryption (HOM) - encryption (DET) semantic SELECT sum(salary) FROM emp table1 (emp) Proxy SELECT cdb_sum(col3) col1/rank col2/name col3/salary FROM table1 x934bc1 x9eab8 60 1 x5a8c34 x638e5 100 4 x84a21c x122eb4 800 x5a8c34 x578b34 x72295 1060 100 a

  21. Techniques 1. Use SQL-aware set of efficient encryption (meta technique!) schemes Most SQL can be implemented with a few core operations 2. Adjust encryption of data based on queries 3. Query rewriting algorithm

  22. 1. SQL-aware encryption schemes SQL operations: Security Function Constructio Scheme e.g., SELECT, n AES in UFE UPDATE, DELETE, RND data moving INSERT, COUNT ≈ semantic HOM addition Paillier e.g., SUM, + security word restricted ILIKE Song et al.,‘00 SEARCH search e.g., =, !=, IN, reveals GROUP BY, equality DET AES in CMC only repeat DISTINCT our new pattern join JOIN scheme e.g., >, <, ORDER BY, reveals our new scheme ASC, DESC, MAX, OPE order only [Oakland’13] MIN, GREATEST, order LEAST x < y Enc(x) < Enc(y)

  23. How to encrypt each data item? Goals: 1. Support queries 2. Use most secure encryption schemes Challenge: may not know queries ahead of time col1- col1- col1- col1- col1- col1- rank RND HOM SEARCH DET JOIN OPE ALL? ‘CEO’ ‘worker’ Leaks order!

  24. Oni nion on

  25. Oni nion on of of enc ncryp ryptions tions security + RND DET OPE value + functionality Adjust encryption: strip off layer of the onion

  26. Oni nions ons of of enc ncryp ryptions tions 1 column 3 columns HOM int value RND Onion Add RND DET each OR OPE JOIN value value value SEARCH text value Onion Equality Onion Order Onion Search Same key for all items in a column for same onion layer

  27. Onion evolution  Start out the database with the most secure encryption scheme  If needed, adjust onion level  Proxy gives decryption key to server  Proxy remembers onion layer for columns Lowest onion level is never removed

  28. Example emp: Logical table: rank name salary ‘CEO’ ‘worker’ Physical table: table 1: RND RND … col1- col1- col1- col2- DET OnionEq OnionOrder OnionSearch OnionEq … JOIN … ‘CEO’ Onion Equality SELECT * FROM emp WHERE rank = ‘CEO’

  29. Example (cont’d) table 1 RND … col1- col1- col2- col1- DET DET OnionEq OnionOrder OnionEq OnionSearch … JOIN ‘CEO’ Onion Equality SELECT * FROM emp WHERE rank = ‘CEO’ UPDATE table1 SET col1-OnionEq = Decrypt_RND(key, col1-OnionEq) SELECT * FROM table1 WHERE col1-OnionEq = xda5c0407

  30. Security threshold Data owner can specify minimum level of security CREATE TABLE emp (…, credit_card SENSITIVE integer, …) RND, HOM, DET for unique fields ≈ semantic security

  31. Security guarantee Columns annotated as sensitive have semantic security (or similar). Encryption schemes exposed for each column are the most secure enabling queries. no filter semantic equality repeats sum semantic common in practice •

  32. Limitations & Workarounds Queries not supported:  More complex operators, e.g., trigonometry  Certain combinations of encryption schemes:  e.g., salary + raise > 100K HOM use query splitting, query rewriting

  33. Implementation SQL Interface unmodified CryptDB query DBMS CryptDB SQL UDFs Application Proxy (user-defined results functions) No change to the DBMS! Largely no change to apps!

  34. Evaluation Does it support real queries/applications? 1. What is the resulting confidentiality level? 2. What is the performance overhead? 3.

  35. Real queries/applications Application Encrypted # cols with queries columns not supported phpBB 23 0 apps with HotCRP 22 0 sensitive columns 0 grad-apply 103 tens of 0 TPC-C 92 thousands 1,094 sql.mit.edu 128,840 of apps SELECT 1/log(series_no+1.2) … … WHERE sin(latitude + PI()) …

  36. Confidentiality level Final onion state Application Encrypted Min level: Min level: Min level: columns ≈semantic DET/JOIN OPE phpBB 23 21 1 1 HotCRP 22 18 1 2 95 grad-apply 103 6 2 TPC-C 92 65 19 8 sql.mit.edu 128,840 80,053 34,212 13,131 Most Most columns at columns at OPE were less semantic sensitive

  37. Performance DB server throughput MySQL : Application 1 Plain database Application 2 Latency CryptDB: CryptDB Application 1 Proxy Encrypted DB CryptDB Application 2 Proxy Hardware: 2.4 GHz Intel Xeon E5620 – 8 cores, 12 GB RAM

  38. TPC-C performance Latency (per query): 0.10ms MySQL vs. 0.72ms CryptDB Throughput loss over MySQL: 26% 14000 MySQL CryptDB 12000 10000 Homomorphic Queries / sec 8000 addition 6000 4000 2000 0 Equality Join Range Delete Insert Upd. set Upd. inc Sum No cryptography at the DB server in the steady state!

Recommend

Why Encrypt Data? We have already discussed authentication and access control as means to

Why Encrypt Data? We have already discussed authentication and access control as means to

Security in Outsourced Databases II Outsourced Databases II (Query Processing on Encrypted Data) Disks replaced Data worthless if encrypted Customer Credit for maintenance Card Number Laptops stolen Backups lost p 1 Why Encrypt Data?

759 views • 19 slides
Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security (600/650.624) Introduction Searching usually done over plaintext But what if we could search encrypted data? Bloom Filters Efficient

459 views • 30 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1 DISCLAIMER: THIS IS NOT FULLY-BAKED We just fleshed out this idea yesterday, so its hand-wavy. Insufficient analysis has been done. IETF 94 TLS 1.3

886 views • 11 slides
Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig

Big Data Security: How to efficiently perform data analytics over encrypted data? Adrian Perrig Network Security Group ETH Zrich 1 Why worry about Big Data Security? Security is well understood and well handled! Really? 2 Problem

360 views • 16 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
DATA RECOVERY Reconstructed Values 400 ON ENCRYPTED DATABASES 350 WITH 300 k-NEAREST

DATA RECOVERY Reconstructed Values 400 ON ENCRYPTED DATABASES 350 WITH 300 k-NEAREST

DATA RECOVERY Reconstructed Values 400 ON ENCRYPTED DATABASES 350 WITH 300 k-NEAREST NEIGHBOR 250 QUERY LEAKAGE 200 EVGENIOS M. KORNAROPOULOS 150 CHARALAMPOS PAPAMANTHOU ROBERTO TAMASSIA 100 50 0 0 100 200 300 400 Full

777 views • 52 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest

Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest

Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue using file system features

227 views • 19 slides
Boosting Verifiable Computation on Encrypted Data PKC 2020 Dario Fiore, Anca Nitulescu , David

Boosting Verifiable Computation on Encrypted Data PKC 2020 Dario Fiore, Anca Nitulescu , David

Boosting Verifiable Computation on Encrypted Data PKC 2020 Dario Fiore, Anca Nitulescu , David Pointcheval Motivational Tale: The Bare Necessities of a Cloud User (In times of a Pandemic) 2 Pandemics biometric surveillance systems data

1k views • 51 slides
Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud , Kenny Paterson Information Security Group IEEE Symposium on Security and Privacy, May 21, 2018 Outsourcing Data with Search

654 views • 62 slides
CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska

CryptDB Protecting Confidentiality with Encrypted Query Processing Katarzyna Baranowska University of Warsaw January 21, 2012 Threats Threat 1 Speed Evaluation Threat 2 More Evaluation Why secure data? Medical data Contact data Payment

1.27k views • 78 slides
Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical databases Statistical databases, Differential privacy, Location-based privacy Encryption E ti Insider Threat/ DBMS Steganographic Intrusion

394 views • 24 slides
Reconstructing Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud,

Reconstructing Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud,

Reconstructing Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson ePrint 2017/701, to appear S&amp;P 2018. Information Security Group Workshop IoT+Cloud, Bochum, 7 Nov 2017. Outsourcing Data to the

699 views • 22 slides
Privacy-preserving entity resolution and logistic regression on encrypted data Giorgio Patrini

Privacy-preserving entity resolution and logistic regression on encrypted data Giorgio Patrini

Privacy-preserving entity resolution and logistic regression on encrypted data Giorgio Patrini &amp; Mentari Djatmiko, Stephen Hardy, Wilko Henecka, Hamish Ivey-Law, Maximilian Ott, Huy Pham, Guillaume Smith, Brian Thorne, Dongyao Wu N1

1.04k views • 37 slides
SGX BigMatrix A Practical Encrypted Data Analytic Framework with Trusted Processors Fahad Shaon

SGX BigMatrix A Practical Encrypted Data Analytic Framework with Trusted Processors Fahad Shaon

UT DALLAS Erik%Jonsson%School%of%Engineering%&amp;%Computer%Science SGX BigMatrix A Practical Encrypted Data Analytic Framework with Trusted Processors Fahad Shaon Murat Kantarcioglu Zhiqiang Lin Latifur Khan The University of Texas at

865 views • 55 slides
AnalysingAccess Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson

AnalysingAccess Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson

AnalysingAccess Pattern and Volume Leakage from Range Queries on Encrypted Data Kenny Paterson @kennyog based on joint work with Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud Information Security Group SuRI EPFL June 18, 2018

859 views • 49 slides
Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov

Why Your Encrypted Database Is Not Secure Paul Grubbs Tom Ristenpart Vitaly Shmatikov Outsourced Applications Today Server data data Encrypt the data! Encrypt the Data App functionality no App functionality no longer works :( longer

1.42k views • 58 slides
Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson CASYS team seminar, Grenoble, December 2018 Outsourcing Data with Search Capabilities Data

534 views • 38 slides
Order-Revealing Encry ryption: Definitions, Constructions, and Challenges David Wu Searching on

Order-Revealing Encry ryption: Definitions, Constructions, and Challenges David Wu Searching on

Order-Revealing Encry ryption: Definitions, Constructions, and Challenges David Wu Searching on Encrypted Data Database breaches have become the norm rather than the exception [Data taken from Vigilante.pw] Searching on Encrypted Data

1.19k views • 53 slides
The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th

The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th

The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th International Conference on Provable Security Xian, China - October 23rd, 2017 David Pointcheval Introduction 2 / 26 Anything from Anywhere

103 views • 7 slides
Nigel Paul Smart Computing on Encrypted Data How to do the impossible KU Leuven Dining Bankers

Nigel Paul Smart Computing on Encrypted Data How to do the impossible KU Leuven Dining Bankers

Nigel Paul Smart Computing on Encrypted Data How to do the impossible KU Leuven Dining Bankers (a.k.a. Millionaires Problem) A set of bankers go to lunch. They are celebrating their bonuses just being paid. Each has been given a bonus of x

876 views • 46 slides
Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted

Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted

Challenges With Building End-to-End Encrypted Challenges With Building End-to-End Encrypted Applications Learnings From Etesync Applications Learnings From Etesync stosb.com/talks Tom Hacohen tom@stosb.com FOSDEM 2019 @TomHacohen

361 views • 32 slides

More recommend