structured encryption and leakage suppression
play

Structured Encryption and Leakage Suppression Tarik Moataz Part I - PowerPoint PPT Presentation

Feb 04, 2024 •188 likes •1.04k views

Structured Encryption and Leakage Suppression Tarik Moataz Part I is a joint work with Seny Kamara and Olya Ohrimenko Part II is a joint work with Seny Kamara Structured Encryption (STE) [CK10] EDS DS tk ans Query tk , Setup 1 k , ans ,

  1. Structured Encryption and Leakage Suppression Tarik Moataz Part I is a joint work with Seny Kamara and Olya Ohrimenko Part II is a joint work with Seny Kamara

  2. Structured Encryption (STE) [CK10] EDS DS tk ans Query tk , Setup 1 k , ans , DS EDS EDS Token , q tk � 2

  3. Structured Encryption [CK10] Setup Leakage 
 EDS L S DS tk Query Leakage 
 L Q ans Query tk , Setup 1 k , ans , DS EDS EDS Token , q tk � 3

  4. Structured Encryption [CK10] An STE scheme is -secure if � � L S , L Q • It reveals no information about the structure beyond L S • It reveals no information about the structure and queries beyond L Q � 4

  5. Structured Encryption [CK10] Encrypted NoSQL Encrypted Distributed Garbled Circuits … Databases Hash Tables Applications Encrypted Relational Searchable Symmetric Network Provenance Databases Encryption Structured Encrypted Multi-maps, Encrypted Dictionaries, Encrypted Arrays, Encrypted Graphs… Encryption (STE) � 5

  6. Structured Encryption [CK10] E ffi ciency Expressiveness Security � 6

  7. Structured Encryption Evolution Efficiency Expressiveness Security ‘00 Linear per file [SWP00] ‘00 ‘06 Single-keyword SSE Leakage-parametrized [SWP00], [Goh03], security definitions [CGKO06], [CJJJKRS14] [CGKO06] ‘03 Linear [Goh03] ‘06 Multi-user SSE ‘12 Adv. models 
 ‘06 Optimal [CGKO06,CK10] [CGKO06], [JJKRS13], [KO12],[BFP16], [PPY16], [HSWW18] [AKM18] ‘12 Dynamism [KPR12], Boolean SSE ‘13 ‘12 Attacks [KP13], [CJJJKRS14] [CJJKRS13], [PKVK+14], [IKK12], [CGPR15], [KM17] [ZKP16], [KMNO16], ‘14 I/O efficiency [CT14], [LMP18], [GLMP18] [CJJJKRS14], [ANSS16], Range SSE 
 ‘14 [DPP18], [ASS18] [PKVK+14], [FJKNRS15] ‘14 Forward/Backward Security 
 STE-based SQL [KM18] ‘18 [SPS14], [Bost16], [LC17], [BMO17], [AKM18] � 7

  8. What about Leakage ? � 8

  9. What about Leakage? Cryptanalysis Measure Suppression [IKK12] ? [KMO18] � 9

  10. Cryptanalysis Def: Given a leakage profile, design attacks to recover the queries or the data under some assumptions Goal: empirically learn the impact of a leakage pattern in real-world Limitations: the gap between assumptions and reality can get wide � 10

  11. Measure Def: Given a leakage profile, quantify (e.g., in bits) a specific leakage pattern Goal: theoretically compare between leakage patterns Limitations: (maybe) no possible total order (work in progress!) � 11

  12. Suppression Def: Given a leakage profile, design a compiler or a transform to suppress a specific leakage pattern Goal: develop tools to suppress various leakage patterns Limitations: introducing some overhead � 12

  13. Part 1* Suppressing Leakage *joint work with Seny Kamara and Olya Ohrimenko https://eprint.iacr.org/2018/551 � 13

  14. Q : is there an existing approach to reduce leakage? � 14

  15. Existing Approaches • ORAM Simulation [GO96], [SvDSFRD13] Generic • Polylog Read/Write Read/Write … • Small Leakage profile ORAM Alg(q) RAM Read/Write Interactive • … … E ffi ciency • … • Garbled RAM [LO13], [GHLORW14] • Custom Schemes [WNLCSSH14], [BM16] � 15

  16. Q : are there more e ffi cient ways to suppress leakage? � 16

  17. Background Modeling Leakage • : query equality • : query length • : response length • search pattern • volume pattern • : data identity • : maximum query length • : response equality • : maximum response length • : response identity • : sequence response length • access pattern • : data size � 17

  18. Background Non-Repeating Sub-Pattern • Non-repeating sub-pattern • Example � 18

  19. Leakage Suppression Through Compilation STE STE’ Compilation � 19

  20. Suppressing Query Equality STE STE’ Cache-Based Compiler (CBC) � 20

  21. Leakage Suppression Through Transformation STE’ DS ✓ ◆ Λ 0 = L S , L Q = patt 1 STE DS EDS Transform DS DS* ✓ ◆ Λ = L S , L Q = ( patt 1 , patt 2 ) � 21

  22. STE STE’ CBC • Cache-based Compiler (CBC) • suppresses the query equality and the repeating sub-pattern • induces an additive poly-log overhead • Requires a rebuildable STE � 22

  23. STE RSTE RSTE’ RBC CBC • Rebuild Compiler (RBC) • makes any STE scheme rebuildable • preserves the scheme’s query efficiency • adds a super-linear rebuild cost � 23

  24. STE RSTE RSTE’ RBC CBC The problem boils down to reduce of the base STE scheme � 24

  25. AZL PBS RPBS RBC CBC FZL • Piggyback scheme (PBS) • hides the response length for non-repeating queries • introduces query latency � 25

  26. Square-Root ORAM [GO96] Main memory Maximum size Cache 2 Read the real block 1 Read the entire cache 3 Insert the block back in the cache 2 Read a dummy block 1 Read the entire cache 3 Insert the block back in the cache Rebuild after � 26

  27. Reinterpreting the Square-Root Solution Main memory Encrypted Array ≈ • Main memory is an encrypted array construction • Accessing element is done deterministically through PRP evaluation • Adversary learns if/when an access to the same element is repeated • Leaks query equality � 27

  28. Reinterpreting the Square-Root Solution Cache Zero-Leakage Dictionary ≈ • The cache is an encrypted dictionary data structure • Given a label, it outputs an element or ⊥ • The cache is accessed in its entirety • Most trivial zero-leakage dictionary construction; therefore no query leakage � 28

  29. Reinterpreting the Square-Root Solution Access(15) Access(15) Access Zero-Leakage Dictionary Access Real or Dummy � 29

  30. Reinterpreting the Square-Root Solution Encrypted Array Zero-Leakage Dictionary Encrypted Data Structure Zero-Leakage Dictionary EDS � 30

  31. Reinterpreting the Square-Root Solution • Requirements • EDS scheme has to be rebuildable • Data structure has to be extendable and safe • Base scheme has to have smaller non-repeating sub-pattern � 31

  32. Data Structure Extension • -extension: • Extend the query space of the data structure with dummies • s.t. • Safe -extension: 
 EDS EDS � 32

  33. AZL RPBS PBS RBC CBC FZL � 33

  34. PBS: Data transformation • Batch size (ex: = 3) α • Pad all responses to a multiple of α Multi-map MM Dictionary DX l 1 ||1 l 1 l 1 l 1 ||2 l 2 l 2 l 2 ||1 l 3 l 3 ||1 l 3 � 34

  35. PBS Details Multi-map MM Setup PBS 1 k , State Encrypted Dictionary EDX l 1 , , l 1 ||1 2 l 1 l 1 ||2 l 2 1 l 2 ||1 l 2 l 3 1 l 3 ||1 l 3 � 35

  36. PBS Details • Consider a sequence of labels State 2 : l 1 Token PBS l 1 , , 1 l 2 1 l 3 1. has 2 batches l 1 2. Instantiate a queue l 1 ||1 l 1 ||2 3. Compute Token , l 1 ||1 l 1 ||1 4. Update queue l 1 ||2 � 36

  37. PBS Details Encrypted Dictionary EMM l 1 ||1 , Get PBS : l 1 ||2 l 1 ||1 l 2 ||1 l 3 ||1 Encrypted Dictionary EDX l 1 ||1 , Get EDX l 1 ||2 l 1 ||1 l 2 ||1 l 3 ||1 � 37

  38. PBS Details State 2 : , l 1 , Token PBS l 2 1 l 2 1 l 3 1. has 1 batch l 2 2. Update the queue l 1 ||2 l 2 ||1 3. Compute Token , l 1 ||2 l 1 ||2 4. Update queue l 2 ||1 � 38

  39. PBS Details Encrypted Dictionary EMM l 1 ||1 , Get PBS : l 1 ||2 l 1 ||2 l 2 ||1 l 3 ||1 Encrypted Dictionary EDX l 1 ||1 , Get EDX l 1 ||2 l 1 ||2 l 2 ||1 l 3 ||1 � 39

  40. PBS Details State 2 : , , l 1 Token PBS ⊥ 1 l 2 1 l 3 1. Compute Token , l 2 ||1 l 2 ||1 2. Update queue � 40

  41. PBS Details Encrypted Dictionary EMM l 1 ||1 , Get PBS : l 2 ||1 l 1 ||2 l 2 ||1 l 3 ||1 Encrypted Dictionary EMM l 1 ||1 , Get EDX l 1 ||2 l 2 ||1 l 2 ||1 l 3 ||1 � 41

  42. 
 
 
 PBS Latency • The worst-case query sequence of size t has latency • Real-world sequences have latency 
 with probability at least 
 where queries are drawn from a Zipf distribution and longer responses are mapped to less frequent labels � 42

  43. AZL RPBS PBS RBC CBC FZL � 43

  44. 
 
 AZL Analysis • Worst-case query complexity over queries • Comparison to ORAM simulation (Path-ORAM [SvDSFRD13]) 
 when Natural Assumption: and If response lengths are power –law distributed � 44

  45. Part 2* Suppressing Volume *joint work with Seny Kamara https://eprint.iacr.org/2018/978 � 45

  46. Leakage Suppression Through Compilation STE STE’ Compilation � 46

  47. Leakage Suppression Through Transformation STE’ DS ✓ ◆ Λ 0 = L S , L Q = patt 1 STE DS EDS Transform DS DS* ✓ ◆ Λ = L S , L Q = ( patt 1 , patt 2 ) � 47

  48. Q : is there any other approach to suppress leakage? � 48

  49. Suppression Data structure Black-box 
 Transformation Compilation against against unbounded bounded adversary adversary � 49

  50. Computationally-Secure Leakage Unbounded Adversary vs. Bounded Adversary � 50

  51. Leakage Suppression [KMO18] Through Transformation STE’ DS ✓ ◆ Λ 0 = L S , L Q = ( patt 1 , patt ⇤ ) STE DS EDS Transform DS DS* ✓ ◆ Λ = L S , L Q = ( patt 1 , patt 2 ) ⊥ patt ∗ ≃ � 51

  52. Q : can we suppress the response length pattern? � 52

Recommend

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1:

SAC Summer School 2019 Encrypted Search: Leakage Suppression Seny Kamara How Should we Handle Leakage? Approach #1: ORAM simulation Store and simulate data structure with ORAM General-purpose Zero-leakage (if data is transformed

1.29k views • 60 slides
LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov

LEAKAGE - RESILIENT PUBLIC - KEY ENCRYPTION FROM OBFUSCATION Dana Dachman-Soled, S. Dov Gordon, Feng-Hao Lui, Adam, ONeill, and Hong-Sheng Zhou O UTLINE OF T ALK Leakage Models for PKE Bounded, Continual, and Continual w/ Leakage on

1.05k views • 102 slides
Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 ,

Understanding and Mitigating Leakage-Abuse Attacks against Searchable Encryption Raphael Bost 1 , Pierre-Alain Fouque 2 , Brice Minaud 3 1 Direction Gnrale de lArmement - Matrise de lInformation 2 Universit de Rennes 1 3 INRIA &

836 views • 45 slides
Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer,

Side-Channel Plaintext-Recovery Attacks on Leakage-Resilient Encryption Thomas Unterluggauer, Mario Werner, and Stefan Mangard, IAIK, Graz University of Technology 30. March 2017 Content Differential power analysis for key recovery Re-keying

284 views • 24 slides
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and

Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore, India B. Qin and S. Liu LR-CCA Secure

580 views • 47 slides
Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model

Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model

Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model Sarvar Patel*, Giuseppe Persiano** and Kevin Yeo* *Google **University of Salerno Key k i was queried. Privacy-Preserving Storage Protocols Key k i

1.11k views • 81 slides
D U S T A N D O D O U R SUPPRESSION SYSTEMS D U S T A N D O D O U R SUPPRESSION SYSTEMS

D U S T A N D O D O U R SUPPRESSION SYSTEMS D U S T A N D O D O U R SUPPRESSION SYSTEMS

D U S T A N D O D O U R SUPPRESSION SYSTEMS D U S T A N D O D O U R SUPPRESSION SYSTEMS nice to meet you: the company power of simplicity: functional convenience living better: WLP improves the quality of your life working better: WLP

129 views • 9 slides
Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs,

Searchable Encryption, Leakage-Abuse Attacks, and Statistical Learning Theory Paul Grubbs, Marie-Sarah Lacharit, Brice Minaud, Kenny Paterson eprint 2019/011 and IEEE S&P 2019. (also eprint 2018/965, CCS 2018.) AriC crypto seminar, ENS

651 views • 48 slides
A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE

A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE

A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE A STRUCTURED L IFE by Kirk Gittings Note: Kirk Gittings has been photographing the prehistor- coast, but m aking a real living as an art photographer ic,

1.16k views • 8 slides
Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski,

Anonymous IBE, Leakage Resilience and Circular Security from New Assumptions Zvika Brakerski, Alex Lombardi, Gil Segev, and Vinod Vaikuntanathan Identity-Based Encryption [Sha84, BF03, Coc01] Identity-Based Encryption [Sha84, BF03, Coc01]

1.01k views • 64 slides
Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional

Digital Leakage Today Analog and Digital Leakage LTE interference Kendall Robinson Regional Account Director Arcom Digital < HOME Digital Leakage Outline Digital Leakage Traditional Leakage LTE Ingress and Egress issues

877 views • 68 slides
DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY:

DEFY: A Deniable, Encrypted File System for Log Structured Storage WRITTEN BY: PRESENTED BY: TIMOTHY PETERS NICHOLAS BURTON MARK GONDREE ZACHARY PETERSON What is encryption? Why hide encryption? Previous Work on the Matter u Anderson and

550 views • 39 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina

Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina

Garbled Circuits via Structured Encryption Seny Kamara Microsoft Research Lei Wei University of North Carolina Garbled Circuits Fundamental cryptographic primitive Possess many useful properties Homomorphic Functional General-purpose

918 views • 23 slides
Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice

Sophos and Diane Searchable Symmetric Encryption with (Very) Low Overhead Raphael Bost, Brice Minaud RHUL ISG seminar, November 24th 2016 Plan 1. Symmetric Searchable Encryption. 2. Leakage and Forward-Privacy. 3. Sophos and Diane schemes. 4.

479 views • 45 slides
Bayesian inference to evaluate information leakage in complex scenarios Carmela Troncoso

Bayesian inference to evaluate information leakage in complex scenarios Carmela Troncoso

Bayesian inference to evaluate information leakage in complex scenarios Carmela Troncoso Gradiant, Spain 17 th July 2013 GALICIAN RESEARCH AND DEVELOPMENT CENTER IN ADVANCED TELECOMMUNICATIONS Privacy beyond encryption Common belief: if I

726 views • 34 slides
Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research

Structured Encryption and Controlled Disclosure Melissa Chase Seny Kamara Microsoft Research Cloud Storage Security for Cloud Storage o Main concern: will my data be safe? o it will be encrypted o it will be authenticated o it will be backed

794 views • 42 slides
Breach-Resistant Structured Encryption Ghous Amjad, Seny Kamara & Tarik Moataz 2 Databases

Breach-Resistant Structured Encryption Ghous Amjad, Seny Kamara & Tarik Moataz 2 Databases

Breach-Resistant Structured Encryption Ghous Amjad, Seny Kamara & Tarik Moataz 2 Databases A database is an organized collection of data --- Wikipedia 3 Encrypted Database Enc K 4 Q : can we encrypt DBs even in use? 5 Efficiency

770 views • 44 slides
European Economic Response to Suppression U.S. Economic Response to Suppression (Initial

European Economic Response to Suppression U.S. Economic Response to Suppression (Initial

Chinese COVID-19 Cases Chinese Economic Response to Suppression European Economic Response to Suppression U.S. Economic Response to Suppression (Initial Claims) Barrons U.S. Equity Sectors, Week Ending 3/13 Barrons U.S.

631 views • 13 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech

DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech

A Key Management Scheme for DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013 This research was supported in part by the VT-MENA program of Egypt, and by NSF grant no. 1115839. Leakage-Resilient

636 views • 48 slides
The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water

The Water Detective Q-Leak is a sensitive leakage detector which can be placed anywhere water leakage can occur . To prevent leakage-related damages it sends an alert whenever water is detected. The device also visualizes its status on the online

234 views • 10 slides
Background Suppression with Trigger Neuro Team Suppression Simulation Background Algorithm

Background Suppression with Trigger Neuro Team Suppression Simulation Background Algorithm

Background Suppression with Trigger Neuro Team Suppression Simulation Background Algorithm NeuroTrigger Belle II the Belle II Neural Network Introduction Outline Mar 19, 2018 Max-Planck-Institut fr Physik Sebastian Skambraks Trigger

499 views • 39 slides
Voter Suppression in Georgia Slide 1: Title Slide Slide 2: Overview Slide 3: Voter Suppression

Voter Suppression in Georgia Slide 1: Title Slide Slide 2: Overview Slide 3: Voter Suppression

Voter Suppression in Georgia Slide 1: Title Slide Slide 2: Overview Slide 3: Voter Suppression Voter suppression is used to prevent people who are otherwise eligible to vote from exercising their right to vote. Voter suppression in the

71 views • 6 slides

More recommend