improved reconstruction attacks on encrypted data using
play

Improved Reconstruction Attacks on Encrypted Data Using Range Query - PowerPoint PPT Presentation

Feb 09, 2023 •34 likes •654 views

Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah Lacharit, Brice Minaud , Kenny Paterson Information Security Group IEEE Symposium on Security and Privacy, May 21, 2018 Outsourcing Data with Search

  1. Improved Reconstruction Attacks on Encrypted Data Using Range Query Leakage Marie-Sarah Lacharité, Brice Minaud , Kenny Paterson Information Security Group IEEE Symposium on Security and Privacy, May 21, 2018

  2. Outsourcing Data with Search Capabilities Server Client 2

  3. Outsourcing Data with Search Capabilities Data upload Server Client 2

  4. Outsourcing Data with Search Capabilities Data upload Search query Matching records Server Client 2

  5. Outsourcing Data with Search Capabilities Data upload Search query Matching records Server Client For an encrypted database management system : • Data = collection of records in a database. e.g. health records. • Search query examples: - find records with given value. e.g. patients aged 57. - find records within a given range. e.g. patients aged 55-65. 2

  6. Security of Data Outsourcing Solutions Search query Matching records Adversarial Client server Adversaries : • Snapshot : breaks into server, gets snapshot of memory. • Persistent : corrupts server, sees all communication transcripts. Can be server itself. Security goal = privacy. → Adversary learns as little as possible about the client’s data and queries. 3

  7. Solutions • Structure-preserving encryption. Vulnerable to snapshot attackers. 4

  8. Solutions • Structure-preserving encryption. Vulnerable to snapshot attackers. • Second-generation schemes : Aim to protect against snapshot and persistent attackers. 4

  9. Solutions • Structure-preserving encryption. Vulnerable to snapshot attackers. • Second-generation schemes : Aim to protect against snapshot and persistent attackers. • Very active research topic. [AKSX04], [BCLO09], [PKV+14], [BLR+15], [NKW15], [KKNO16], [LW16], [FVY+17], [SDY+17], [DP17], [HLK18], [PVC18], [MPC+18]… 4

  10. Schemes Supporting Range Queries Range = [40,100] Server Client 3 1 2 4 45 6 83 28 5

  11. Schemes Supporting Range Queries Range = [40,100] 1 3 45 83 Server Client 3 1 2 4 45 6 83 28 5

  12. Schemes Supporting Range Queries Range = [40,100] 1 3 45 83 Server Client 3 1 2 4 45 6 83 28 5

  13. Schemes Supporting Range Queries Range = [40,100] 1 3 45 83 Server Client 3 1 2 4 45 6 83 28 • Most schemes leak set of matching records = access pattern leakage. OPE, ORE schemes, POPE, [HK16], BlindSeer, [Lu12], [FJ+15], … 5

  14. Schemes Supporting Range Queries Range = [40,100] 1 3 45 83 Server Client 3 1 2 4 45 6 83 28 • Most schemes leak set of matching records = access pattern leakage. OPE, ORE schemes, POPE, [HK16], BlindSeer, [Lu12], [FJ+15], … • Some schemes also leak #records below queried endpoints = rank leakage. FH-OPE, Lewi-Wu, Arx, Cipherbase, EncKV, … 5

  15. Exploiting Leakage • Most schemes prove that nothing more leaks than their leakage model allows. For example, leakage = access pattern + rank. What can we really learn from this leakage? 6

  16. Exploiting Leakage • Most schemes prove that nothing more leaks than their leakage model allows. For example, leakage = access pattern + rank. What can we really learn from this leakage? • Our goal : full reconstruction = recovering the exact value of every record. 6

  17. Exploiting Leakage • Most schemes prove that nothing more leaks than their leakage model allows. For example, leakage = access pattern + rank. What can we really learn from this leakage? • Our goal : full reconstruction = recovering the exact value of every record. • [KKNO16] : O( N 2 log N ) queries suffice for full reconstruction using only access pattern leakage! - where N is the number of possible values (e.g. 125 for age in years). 6

  18. Assumptions for our Analysis • Data is dense: all values appear in at least one record. • Queries are uniformly distributed . Our algorithms don’t actually care though – the assumption is for computing data upper bounds. 7

  19. Our Main Results • Full reconstruction with O( N · log N ) queries from access pattern leakage – in fact, N · (3 + log N ). 8

  20. Our Main Results • Full reconstruction with O( N · log N ) queries from access pattern leakage – in fact, N · (3 + log N ). Approximate reconstruction with relative accuracy ε with O( N · (log 1/ ε )) • queries. 8

  21. Our Main Results • Full reconstruction with O( N · log N ) queries from access pattern leakage – in fact, N · (3 + log N ). Approximate reconstruction with relative accuracy ε with O( N · (log 1/ ε )) • queries. • Approximate reconstruction using an auxiliary distribution and access pattern + rank leakage. 8

  22. Our Main Results • Full reconstruction with O( N · log N ) queries from access pattern leakage – in fact, N · (3 + log N ). Approximate reconstruction with relative accuracy ε with O( N · (log 1/ ε )) • queries. • Approximate reconstruction using an auxiliary distribution and access pattern + rank leakage. 8

  23. Full reconstruction

  24. Full Reconstruction Algorithm Set of all records M 1 M 2 M 3 M 4 M 5 Assume N = 7 values, and 5 queries. M i = set of records matched by i -th query. 10

  25. Step 1: Partitioning M 1 M 2 M 3 M 4 M 5 11

  26. Step 1: Partitioning M 1 M 2 M 3 M 4 M 5 … … 11

  27. Step 1: Partitioning M 1 M 2 M 3 M 4 M 5 … … If there are N minimal subsets → each of them correspond to a single value. 11

  28. Step 2a: Finding an Endpoint M 1 M 2 M 3 M 4 M 5 M 1 ∪ M 3 cover all but 1 minimal set 12

  29. Step 2a: Finding an Endpoint M 1 M 2 M 3 M 4 M 5 Endpoint! M 1 ∪ M 3 cover all but 1 minimal set 12

  30. Step 2a: Finding an Endpoint 7 M 1 M 2 M 3 M 4 M 5 Endpoint! M 1 ∪ M 3 cover all but 1 minimal set 12

  31. Step 2b: Propagating 7 M 1 M 1 M 2 M 3 M 4 M 5 • Intersect 13

  32. Step 2b: Propagating 7 M 1 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 13

  33. Step 2b: Propagating 7 M 1 M 1 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 13

  34. Step 2b: Propagating 7 M 1 M 1 M 1 M 2 M 3 M 4 M 5 Next point! • Intersect • Trim 13

  35. Step 2b: Propagating 7 6 M 1 M 1 M 1 M 2 M 3 M 4 M 5 Next point! • Intersect • Trim 13

  36. Step 2b: Propagating 5 7 6 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 14

  37. Step 2b: Propagating 4 5 7 6 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 15

  38. Step 2b: Propagating 3 4 5 7 6 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 16

  39. Step 2b: Propagating 2 3 4 5 7 6 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 17

  40. Done! 1 2 3 4 5 7 6 M 1 M 2 M 3 M 4 M 5 • Intersect • Trim 18

  41. Full Reconstruction: Conclusion • Generic setting: only access pattern leakage. • Partiotioning , then sorting steps. • Expectation of #queries sufficient for reconstruction: N · (3 + log N ) for N ≥ 26 • Expectation of #queries necessary for reconstruction: 1/2 · N · log N – O(N) for any algorithm. • Our algorithm is data-optimal. 19

  42. Reconstruction with Auxiliary Data + Rank Leakage

  43. Auxiliary Data Attack with Rank Leakage • Assume access pattern + rank leakage. • Also assume an approximation to the distribution on values is known. “Auxiliary distribution”. From aggregate data, or from another reference source. • We show experimentally that, under these assumptions, far fewer queries are needed. 21

  44. Auxiliary Data Attack Algorithm Set of all records M 1 M 2 Assume N = 125 values, and 2 queries. M i = set of records matched by i -th query. 22

  45. Partitioning and Matching M 1 M 2 23

  46. Partitioning and Matching M 1 M 2 23

  47. Partitioning and Matching M 1 M 2 % records 10% below 23

  48. Partitioning and Matching M 1 M 2 % records 10% 32% below 23

  49. Partitioning and Matching M 1 M 2 % records 10% 32% 77% below 23

  50. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below 23

  51. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 23

  52. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 43 23

  53. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 43 60 23

  54. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 43 60 72 23

  55. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 43 60 72 Expectation 19 23

  56. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 43 60 72 Expectation 19 50 23

  57. Partitioning and Matching M 1 M 2 % records 10% 32% 77% 85% below Matching with aux. distribution Age 12 43 60 72 Expectation 19 50 65 23

  58. Auxiliary Data Attack: Experimental Evaluation • Ages, N = 125. • Health records from US hospitals (NIS HCUP 2009). • Target: age of individual hospitals' records. • Auxiliary data: aggregate of 200 hospitals' records. • Measure of success: proportion of records with value guessed within ε . 24

  59. Results with Imperfect Auxiliary Data 25

  60. Conclusions

Recommend

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud

Improved reconstruction attacks using range query leakage Marie-Sarah Lacharit Brice Minaud Kenny Paterson Information Security Group Application Setting Storing Records in the Cloud value of record ( N possible values) record identifier

615 views • 59 slides
Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson CASYS team seminar, Grenoble, December 2018 Outsourcing Data with Search Capabilities Data

534 views • 38 slides
Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs,

Learning to Reconstruct Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson eprint 2019/011 and IEEE S&P 2019. C2 seminar, Rennes, 2019 Outsourcing Data Data upload

646 views • 39 slides
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem , Apratim Bhattacharya, Michael Backes Mario Fritz,Yang Zhang CISPA Helmholtz Center for Information Security, Max Planck Institute for Informatics 1

568 views • 20 slides
Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and

Improved Key Recovery Attacks on Reduced-Round AES on Reduced-Round AES with Practical Data and Memory Complexities Orr Dunkelman Achiya Bar-On Eyal Ronen Nathan Keller Adi Shamir AES AES is the best known and most widely used secret

863 views • 58 slides
3D RECONSTRUCTION Reconstruction method Reconstruction from images Reconstruction from video

3D RECONSTRUCTION Reconstruction method Reconstruction from images Reconstruction from video

3D RECONSTRUCTION Reconstruction method Reconstruction from images Reconstruction from video Using Kinect Raw Depth Image Infrared laser projector Monochrome CMOS sensor Demo Kinect Raw data Real-time Reconstruction Pipeline Measurement

509 views • 34 slides
Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks Adam White, Austin

Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks Adam White, Austin

Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks Adam White, Austin Matthews, Kevin Snow, and Fabian Monrose Presented By Corly Leung Introduction - Google Hangout, Skype, FaceTime - Encrypting VoIP Packets -

480 views • 14 slides
Approximate reconstruction of encrypted databases Paul Grubbs, Marie-Sarah Lacharit, Brice

Approximate reconstruction of encrypted databases Paul Grubbs, Marie-Sarah Lacharit, Brice

Approximate reconstruction of encrypted databases Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson Information Security Group ESSA2, Bertinoro, 9th July 2018 Situation overview General message from previous talk: Dont use

667 views • 27 slides
Improved Single-Key Attacks on 9-Round AES-192/256 Leibo Li 1 , Keting Jia 2 and Xiaoyun Wang 1 ,

Improved Single-Key Attacks on 9-Round AES-192/256 Leibo Li 1 , Keting Jia 2 and Xiaoyun Wang 1 ,

Improved Single-Key Attacks on 9-Round AES-192/256 Improved Single-Key Attacks on 9-Round AES-192/256 Leibo Li 1 , Keting Jia 2 and Xiaoyun Wang 1 , 3 1 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education,

476 views • 29 slides
Raw Data Reconstruction with Raw-Data Reconstruction with PROOF C. Cheshkov, P. Hristov

Raw Data Reconstruction with Raw-Data Reconstruction with PROOF C. Cheshkov, P. Hristov

Raw Data Reconstruction with Raw-Data Reconstruction with PROOF C. Cheshkov, P. Hristov 24/10/2008 ALICE Offline Week C O e ee Many thanks to: Andrei,Federico,Fons,Jan,Gerri,Latchezar,Rene for the discussions and help and Marco &

399 views • 28 slides
Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schrmann, Fabian

Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schrmann, Fabian

Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schrmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 Introduction Man-in-the-Middle ZRTP

396 views • 24 slides
Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs ,

Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs ,

Learning to Reconstruct: Statistical Learning Theory and Encrypted Database Attacks Paul Grubbs , Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson pag225@cornell.edu, @pag_crypto Outsourced Databases Database Encrypting Outsourced

705 views • 23 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web

Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web

Keys to the Cloud Bansal, Bhargavan, Delignat-Lavaud, Maffeis Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web Storage Crypto on the Web Motivations Formal analysis of cryptographic web

1.19k views • 106 slides
On Improving Data Complexity of Attacks on RC5 A. Biryukov V. Velichkov Laboratory of

On Improving Data Complexity of Attacks on RC5 A. Biryukov V. Velichkov Laboratory of

Motivation Previous Work Improved Filter Conclusion On Improving Data Complexity of Attacks on RC5 A. Biryukov V. Velichkov Laboratory of Algorithmics, Cryptology and Security (LACS) University of Luxembourg Early Symmetric Crypto 2015

533 views • 37 slides
Why Encrypt Data? We have already discussed authentication and access control as means to

Why Encrypt Data? We have already discussed authentication and access control as means to

Security in Outsourced Databases II Outsourced Databases II (Query Processing on Encrypted Data) Disks replaced Data worthless if encrypted Customer Credit for maintenance Card Number Laptops stolen Backups lost p 1 Why Encrypt Data?

759 views • 19 slides
Advanced Methods for Data Processing and Reconstruction Accelerating Reconstruction on advanced

Advanced Methods for Data Processing and Reconstruction Accelerating Reconstruction on advanced

Advanced Methods for Data Processing and Reconstruction Accelerating Reconstruction on advanced hardware architectures: Tracking on accelerators Graph Neural Networks for reconstruction Accelerating ML inference Allison Reinsvold Hall (FNAL),

573 views • 17 slides
Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS

Revisiting Leakage Abuse Attacks Laura Blackstone Seny Kamara Tarik Moataz AROKI SYSTEMS Encrypted Search Trusted client Untrusted server Cat Fish Cat Dog Dog 2 Encrypted Search Cat Fish Encrypted Trusted client Cat Untrusted

983 views • 60 slides
Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security

Searches Through Encrypted Data presenter: Reza Curtmola Advanced Topics in Network Security (600/650.624) Introduction Searching usually done over plaintext But what if we could search encrypted data? Bloom Filters Efficient

459 views • 30 slides
Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical

Supporting Less-Than Queries on Encrypted Data using Multi-Server Secret Sharing and Practical Order-Revealing Encryption Nate Chenette ICERM conference on Encrypted Search June 12, 2019 Project Background Baffle Inc. https://baffle.io/

407 views • 23 slides
TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1

TLS 1.3 Encrypted SNI ekr: ekr@rtfm.com dkg: dkg@aclu.org IETF 94 TLS 1.3 Encrypted SNI 1 DISCLAIMER: THIS IS NOT FULLY-BAKED We just fleshed out this idea yesterday, so its hand-wavy. Insufficient analysis has been done. IETF 94 TLS 1.3

886 views • 11 slides
An improved full reconstruction tool utilizing NeuroBayes Physics In Collision 2010, Poster

An improved full reconstruction tool utilizing NeuroBayes Physics In Collision 2010, Poster

An improved full reconstruction tool utilizing NeuroBayes Physics In Collision 2010, Poster Session M. Feindt, M. Kreps, T. Kuhr, F. Keller, S. Neubauer, D. Zander, A. Zupanc | September 3rd, 2010 I NSTITUT F UR EXPERIMENTELLE K ERNPHYSIK , K

244 views • 7 slides
Improved Correlation Attacks on SOSEMANUK and SOBER-128 Joo Yeon Cho Helsinki University of

Improved Correlation Attacks on SOSEMANUK and SOBER-128 Joo Yeon Cho Helsinki University of

Improved Correlation Attacks on SOSEMANUK and SOBER-128 Joo Yeon Cho Helsinki University of Technology Department of Information and Computer Science, Espoo, Finland 24th March 2009 1 / 35 SOSEMANUK Attack Approximations SOBER-128

365 views • 35 slides
New MILP Modeling: Improved Conditional Cube Attacks on Keccak-Based Constructions Ling Song,

New MILP Modeling: Improved Conditional Cube Attacks on Keccak-Based Constructions Ling Song,

New MILP Modeling: Improved Conditional Cube Attacks on Keccak-Based Constructions Ling Song, Jian Guo, Danping Shi, San Ling 4 Dec 2018 @ Brisbane, Australia Song et al. Improved Conditional Cube Attacks on Keccak-Based Constructions 1 / 25

930 views • 44 slides

More recommend