pixek
play

Pixek Seny Kamara,Tarik Moataz, Martin Zhu 1 2 9,198,580,293* 4% - PowerPoint PPT Presentation

Feb 24, 2024 •246 likes •681 views

Pixek Seny Kamara,Tarik Moataz, Martin Zhu 1 2 9,198,580,293* 4% * since 2013 3 Why so Few? Incompetence? Lazyness? Cost? because it would have hurt Yahoos ability to index and search message data J. Bonforte in NY

  1. Pixek Seny Kamara,Tarik Moataz, Martin Zhu 1

  2. 2

  3. 9,198,580,293* 4% * since 2013 3

  4. Why so Few? Incompetence? Lazyness? Cost? “…because it would have hurt Yahoo’s ability to index and search message data…” — J. Bonforte in NY Times 4

  5. Q : can we search on encrypted data? 5

  6. Encrypted Search (Building Blocks) Property-Preserving Functional Structured Encryption (PPE) Encryption Encryption (STE) Oblivious RAM Fully-Homomorphic (ORAM) Encryption (FHE) 6

  7. Efficiency Functionality Leakage 7

  8. Evolution from 2001-2018 Structured Encryption Oblivious RAM Property- (STE) (ORAM) Preserving Encryption (PPE) ‘01 SSE ‘96 ORAM ‘06 Efficient SSE ‘06 DET ‘10 STE ‘12 Tree-based ‘09 OPE ORAM ’12 IKK attacks ‘11 OPE proofs ‘13 Path ORAM; 
 CS2 ’12 ObliviStore ‘12 CryptDB Boolean SSE ’13 ‘16 Obliv P2P; TaoStore ‘15 MS Always Enc ’14 OSPIR; BlindSeer ‘16 KKNO ‘15 NKW attacks ’16 Clusion; OpenSSE attacks ‘16 ’17 SQL Snapshot PPE 8

  9. Structured Encryption tk utk 9

  10. Would Encryption Even Prevent Breaches? 10

  11. Q : can encrypted search be deployed? 11

  12. Why Isn’t Encrypted Search Deployed? 12

  13. Tarik Martin 13

  14. End-to-End Encryption messaging video 14

  15. Digital Photos - 1.2 Trillion (2017) 85% 10.3% 4.7% 15

  16. Photo Collections Sentimental Large Private value Cloud Encryption 16

  17. Celebgate (2014) • Edward Majerczyk • hacked 30 Gmail & iCloud accounts • 500 private photos leaked including of many celebrities 17

  18. 18

  19. 19

  20. 20

  21. 21

  22. Pixek End-to-end encrypted camera app

  23. 23

  24. Building Blocks Clusion 
 open source (GPLv3) encrypted search library from Brown ESL 
 pibase, pidyn, 2Lev, ZMF, IEX-2Lev, IEX-ZMF 
 coming: DLS, SPX, REX, PBS TensorFlow Mobile 
 open source machine learning from Google 
 pre-trained model Geomobile 
 open source geolocation 24

  25. Lamp/Bear 23’x21’x24’ 25

  26. Pixek Client EC2+S3 downsampling bear lamp Providence, RI Brown U. TensorFlow bear lamp Providence, RI Brown U. utk utk utk utk 26

  27. EC2+S3 Pixek Client Bear tk 27

  28. What I Didn’t Cover • Caching • Crash recovery • Password recovery • Multi-device • Local mode 28

  29. Pixek v0.1.0 (Current) • Tags & photos are streamed • Encrypted structure needs forward-privacy • Published state-of-the-art • Sophos [Bost16] • Diana [Bost-Minaud-Ohrimenko17] • New scheme • pidyn [Cash-Jaeger-Jarecki-Jutla-Krawczyk-Rosu-Steiner14] • no public-key operations • no constrained PRFs 29

  30. 
 Background: Data Structures • DXs map labels to values 
 • MMs map labels to tuples 
 Multi-map MM Dictionary DX id 1 w 1 id 1 id 3 id 4 w 1 id 3 w 2 id 3 w 2 id 2 w 3 id 2 id 4 w 3 • Get: MM[w 3 ] returns (id 2 , id 4 ) • Get: DX[w 3 ] returns id 2 30

  31. Setup π dyn [CJJJKRS’14] EMM EMM.Setup 1 k , , EMM MM 31

  32. Setup π dyn [CJJJKRS’14] En crypted MM F Kw1 (1) id 1 F Kw1 (2) id 3 Multi-map MM F Kw1 (3) id 4 EMM.Setup 1 k , , w 1 id 1 id 3 id 4 F Kw2 (1) id 3 w 2 l 2 id 3 w 3 id 2 id 4 F Kw3 (1) id 2 F Kw3 (2) id 4 * PRF and Enc keys are different but derived from w i 32

  33. Get π dyn [CJJJKRS’14] w i = K w1 , EMM K w1 EMM.Get id 1 id 3 id 4 , DX 1. DX.Get F Kw1 (1) id 1 , DX 2. DX.Get F Kw1 (2) id 3 , DX 3. DX.Get F Kw1 (3) id 4 , DX 4. DX.Get ⊥ F Kw1 (4) 33

  34. Get π dyn [CJJJKRS’14] , DX Dictionary DX F Kw1 (1) 1. DX.Get id 1 F Kw1 (1) id 1 , F Kw1 (2) id 3 DX F Kw1 (2) 2. DX.Get id 3 = F Kw1 (3) id 4 , K w1 EMM.Get , DX F Kw2 (1) id 3 F Kw1 (3) 3. DX.Get id 4 F Kw3 (1) id 2 , F Kw3 (2) id 4 DX ⊥ F Kw1 ( 4 ) 4. DX.Get 34

  35. Edit + π dyn [CJJJKRS’14] , F Kw1 (4) id 9 EMM EMM EMM.Edit + , DX DX 1. DX.Put 35

  36. Edit + π dyn [CJJJKRS’14] Dictionary DX Dictionary DX F Kw1 (1) id 1 F Kw1 (1) id 1 F Kw1 (2) id 3 F Kw1 (2) id 3 F Kw1 (3) id 4 F Kw1 (3) id 4 , EMM.Edit + F Kw1 (4) id 9 F Kw1 (4) id 9 F Kw2 (1) id 3 F Kw2 (1) id 3 F Kw3 (1) id 2 F Kw3 (1) id 2 F Kw3 (2) id 4 id 4 F Kw3 (2) 36

  37. Forward-Private π dyn • Why is not forward-private? π dyn • new pairs encrypted under same key used for search, • K wi := F K (w i ||1) • so previously searched w’s can be linked to new pairs • Making forward-private π dyn • use keys with version number that rotates at each update • K wi := F K (w i ||version||1) • To search send keys for all versions • F K (w i ||version1||1), …, F K (w i ||version8||1) 37

  38. Forward-Private π dyn • Search complexity • optimal O(#MM[w]) • Token size • non-optimal O(#MM[w]) • new technique makes it O(1) (not implemented yet) 38

  39. Leakage • Search pattern • we see if a query is repeated • ex: if you search for “bear” 3x, we see you searched for ? 3x • Access pattern • we see which encrypted photo matched your query • ex: if you search for “bear”, we see which encrypted photos match query • What are the consequences of this leakage? • To see your photos we have to break AES • To learn about your queries we have to know/guess > 90% of your tags 
 & know the occurrence of each tag 39

  40. 40

  41. Testers & Feedback • Only available on Android • Let us know @pixekapp if you want access 41

  42. pixek.io @pixekapp

Recommend

More recommend