express private communication without synchronization
play

Express: Private Communication without Synchronization Saba - PowerPoint PPT Presentation

Express: Private Communication without Synchronization Saba Eskandarian, Henry Corrigan-Gibbs, Matei Zaharia, Dan Boneh Our Story Our Story Our Story How to Communicate Privately? Option 1: End to end encrypted messaging apps E.g. Signal,


  1. Express: Private Communication without Synchronization Saba Eskandarian, Henry Corrigan-Gibbs, Matei Zaharia, Dan Boneh

  2. Our Story

  3. Our Story

  4. Our Story

  5. How to Communicate Privately? Option 1: End to end encrypted messaging apps E.g. Signal, WhatsApp Problem: metadata

  6. How to Communicate Privately? Option 1: Option 2: End to end encrypted messaging apps Anonymizing proxy E.g. Signal, WhatsApp E.g. Tor, SecureDrop Problem: metadata Problem: global adversaries

  7. How to Communicate Privately? Option 3: Metadata-hiding communication systems

  8. How to Communicate Privately? Option 3: Metadata-hiding communication systems E.g. Riposte, Pung, Vuvuzela, Talek, Alpenhorn, Stadium, Karaoke, Atom, XRD, Verdict, Dissent, Herbivore, ….

  9. How to Communicate Privately? Option 3: Metadata-hiding communication systems E.g. Riposte, Pung, Vuvuzela, Talek, Alpenhorn, Stadium, Karaoke, Atom, XRD, Verdict, Dissent, Herbivore, …. Drawback: Require running in rounds/synchronization

  10. How to Communicate Privately? Option 3: Metadata-hiding communication systems E.g. Riposte, Pung, Vuvuzela, Talek, Alpenhorn, Stadium, Karaoke, Atom, XRD, Verdict, Dissent, Herbivore, …. Drawback: Require running in rounds/synchronization Can we get any metadata-hiding system that does not require running in rounds?

  11. Introducing Express First metadata-hiding communication system with no requirement for users to contact server at regular intervals

  12. Introducing Express First metadata-hiding communication system with no requirement for users to contact server at regular intervals Journalists can register mailboxes for sources to send messages/documents

  13. Introducing Express First metadata-hiding communication system with no requirement for users to contact server at regular intervals Journalists can register mailboxes for sources to send messages/documents Asymptotic improvements: client computation costs O(log N) communication costs O(log N) (both previously O(√N))

  14. Introducing Express First metadata-hiding communication system with no requirement for users to contact server at regular intervals Journalists can register mailboxes for sources to send messages/documents Asymptotic improvements: Practical improvements: client computation costs O(log N) 5x improvement in server computation time communication costs O(log N) 8x improvement in client computation time (both previously O(√N)) >10x improvement in communication costs

  15. Express Overview 3 server system, secure against: - Arbitrarily many corrupt users - Up to one corrupt server

  16. Express Overview 3 server system, secure against: - Arbitrarily many corrupt users - Up to one corrupt server Supported operations: Register mailbox (Private) write to mailbox Read from mailbox

  17. Express Overview 3 server system, secure against: - Arbitrarily many corrupt users - Up to one corrupt server Supported operations: Register mailbox (Private) write to mailbox Read from mailbox Servers A/B store DB, handle requests Auditor filters malformed/malicious requests

  18. Express Overview 3 server system, secure against: - Arbitrarily many corrupt users - Up to one corrupt server Supported operations: Register mailbox (Private) write to mailbox Read from mailbox Servers A/B store DB, handle requests Auditor filters malformed/malicious requests Security: can’t tell who the recipient of a message is (unless you are the recipient)

  19. Outline Introduction/Overview Hiding metadata without rounds Handling disruptive users Metadata-hiding “web browsing” Evaluation

  20. Tool: Private Writing with Distributed Point Functions Point function : a function that is zero everywhere, except at one point Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14.

  21. Tool: Private Writing with Distributed Point Functions Point function : a function that is zero everywhere, except at one point x f(x) 0 0 1 0 2 0 3 “Hi!” 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14.

  22. Tool: Private Writing with Distributed Point Functions Point function : a function that is zero everywhere, except at one point x f 1 (x) x f 2 (x) x f(x) 0 “abc” 0 “abc” 0 0 1 “xf$” 1 “xf$” 1 0 = ⊕ 2 “^tg” 2 “^tg” 2 0 3 “!7≈” 3 “‘2!)” 3 “Hi!” 4 “jhV” 4 “jhV” 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14.

  23. Tool: Private Writing with Distributed Point Functions Point function : a function that is zero everywhere, except at one point Distributed point function: technique for efficiently splitting a point function into two pieces, each a (non-point) function whose XOR is the original point function x f 1 (x) x f 2 (x) x f(x) Key features: 0 “abc” 0 “abc” 0 0 - concise 1 “xf$” 1 “xf$” 1 0 representation = ⊕ - fast to generate 2 “^tg” 2 “^tg” 2 0 3 “!7≈” 3 “‘2!)” 3 “Hi!” 4 “jhV” 4 “jhV” 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14.

  24. Tool: Private Writing with Distributed Point Functions I want to write “Hi!” to address 3 Addr Data Addr Data 0 0 0 0 1 0 1 0 2 0 2 0 3 0 3 0 4 0 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  25. Tool: Private Writing with Distributed Point Functions x f(x) 0 0 1 0 Addr Data Addr Data 2 0 0 0 0 0 3 “Hi!” 1 0 1 0 4 0 2 0 2 0 3 0 3 0 4 0 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  26. Tool: Private Writing with Distributed Point Functions x f 1 (x) x f 2 (x) 0 “abc” 0 “abc” 1 “xf$” 1 “xf$” Addr Data Addr Data 2 “^tg” 2 “^tg” 0 0 0 0 3 “!7≈” 3 “‘2!)” 1 0 1 0 4 “jhV” 4 “jhV” 2 0 2 0 3 0 3 0 4 0 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  27. Tool: Private Writing with Distributed Point Functions f 1 f 2 Addr Data Addr Data 0 0 0 0 1 0 1 0 2 0 2 0 3 0 3 0 4 0 4 0 Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  28. Tool: Private Writing with Distributed Point Functions f 1 f 2 Addr Data Addr Data 0 f 1 (0) 0 f 2 (0) 1 f 1 (1) 1 f 2 (1) 2 f 1 (2) 2 f 2 (2) 3 f 1 (3) 3 f 2 (3) 4 f 1 (4) 4 f 2 (4) Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  29. Tool: Private Writing with Distributed Point Functions f 1 f 2 Addr Data Addr Data 0 “abc” 0 “abc” 1 “xf$” 1 “xf$” 2 “^tg” 2 “^tg” 3 “!7≈” 3 “‘2!)” 4 “jhV” 4 “jhV” Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  30. Tool: Private Writing with Distributed Point Functions f 1 f 2 Addr Data Addr Data 0 “abc” 0 “abc” 1 “xf$” 1 “xf$” ⊕ 2 “^tg” 2 “^tg” 3 “!7≈” 3 “‘2!)” “Hi!” 4 “jhV” 4 “jhV” Distributed Point Functions and their Applications, Niv Gilboa, Yuval Ishai, Eurocrypt’14. Private Information Storage, Rafail Ostrovsky, Victor Shoup, STOC’97

  31. Hiding Data How to prevent curious clients from reading others’ mailboxes? Addr Data Addr Data 0 “abc” 0 “abc” 1 “xf$” 1 “xf$” 2 “^tg” 2 “^tg” 3 “!7≈” 3 “‘2!)” 4 “jhV” 4 “jhV”

  32. Hiding Data How to prevent curious clients from reading others’ mailboxes? Encrypt each row with a different key held by the owner of the mailbox Addr Data Key Addr Data Key 0 “abc” k NYT 0 “abc” k NYT 1 “xf$” k WaPo 1 “xf$” k WaPo 2 “^tg” k WSJ 2 “^tg” k WSJ 3 “!7≈” k Buzzfeed 3 “‘2!)” k Buzzfeed 4 “jhV” k Inquirer 4 “jhV” k Inquirer

  33. Hiding Data How to prevent curious clients from reading others’ mailboxes? Encrypt each row with a different key held by the owner of the mailbox Different key sent to each server Addr Data Key Addr Data Key 0 “abc” k NYT1 0 “abc” k NYT2 1 “xf$” k WaPo1 1 “xf$” k WaPo2 2 “^tg” k WSJ1 2 “^tg” k WSJ2 3 “!7≈” k Buzzfeed1 3 “‘2!)” k Buzzfeed2 4 “jhV” k Inquirer1 4 “jhV” k Inquirer2

  34. Hiding Meta data Construction thus far vulnerable to polling attack: Attacker reads every row after each write to see which one was changed

  35. Hiding Meta data Construction thus far vulnerable to polling attack: Attacker reads every row after each write to see which one was changed Solution: servers non-interactively re-randomize every row after each write Additional cost is low since they already write to each row

Recommend


More recommend