75,662 research outputs found
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
A Review of the Energy Efficient and Secure Multicast Routing Protocols for Mobile Ad hoc Networks
This paper presents a thorough survey of recent work addressing energy
efficient multicast routing protocols and secure multicast routing protocols in
Mobile Ad hoc Networks (MANETs). There are so many issues and solutions which
witness the need of energy management and security in ad hoc wireless networks.
The objective of a multicast routing protocol for MANETs is to support the
propagation of data from a sender to all the receivers of a multicast group
while trying to use the available bandwidth efficiently in the presence of
frequent topology changes. Multicasting can improve the efficiency of the
wireless link when sending multiple copies of messages by exploiting the
inherent broadcast property of wireless transmission. Secure multicast routing
plays a significant role in MANETs. However, offering energy efficient and
secure multicast routing is a difficult and challenging task. In recent years,
various multicast routing protocols have been proposed for MANETs. These
protocols have distinguishing features and use different mechanismsComment: 15 page
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
Distributed Protocols at the Rescue for Trustworthy Online Voting
While online services emerge in all areas of life, the voting procedure in
many democracies remains paper-based as the security of current online voting
technology is highly disputed. We address the issue of trustworthy online
voting protocols and recall therefore their security concepts with its trust
assumptions. Inspired by the Bitcoin protocol, the prospects of distributed
online voting protocols are analysed. No trusted authority is assumed to ensure
ballot secrecy. Further, the integrity of the voting is enforced by all voters
themselves and without a weakest link, the protocol becomes more robust. We
introduce a taxonomy of notions of distribution in online voting protocols that
we apply on selected online voting protocols. Accordingly, blockchain-based
protocols seem to be promising for online voting due to their similarity with
paper-based protocols
SqORAM: Read-Optimized Sequential Write-Only Oblivious RAM
Oblivious RAM protocols (ORAMs) allow a client to access data from an
untrusted storage device without revealing the access patterns. Typically, the
ORAM adversary can observe both read and write accesses. Write-only ORAMs
target a more practical, {\em multi-snapshot adversary} only monitoring client
writes -- typical for plausible deniability and censorship-resilient systems.
This allows write-only ORAMs to achieve significantly-better asymptotic
performance. However, these apparent gains do not materialize in real
deployments primarily due to the random data placement strategies used to break
correlations between logical and physical namespaces, a required property for
write access privacy. Random access performs poorly on both rotational disks
and SSDs (often increasing wear significantly, and interfering with
wear-leveling mechanisms). In this work, we introduce SqORAM, a new
locality-preserving write-only ORAM that preserves write access privacy without
requiring random data access. Data blocks close to each other in the logical
domain land in close proximity on the physical media. Importantly, SqORAM
maintains this data locality property over time, significantly increasing read
throughput. A full Linux kernel-level implementation of SqORAM is 100x faster
than non locality-preserving solutions for standard workloads and is 60-100%
faster than the state-of-the-art for typical file system workloads
Octopus: A Secure and Anonymous DHT Lookup
Distributed Hash Table (DHT) lookup is a core technique in structured
peer-to-peer (P2P) networks. Its decentralized nature introduces security and
privacy vulnerabilities for applications built on top of them; we thus set out
to design a lookup mechanism achieving both security and anonymity, heretofore
an open problem. We present Octopus, a novel DHT lookup which provides strong
guarantees for both security and anonymity. Octopus uses attacker
identification mechanisms to discover and remove malicious nodes, severely
limiting an adversary's ability to carry out active attacks, and splits lookup
queries over separate anonymous paths and introduces dummy queries to achieve
high levels of anonymity. We analyze the security of Octopus by developing an
event-based simulator to show that the attacker discovery mechanisms can
rapidly identify malicious nodes with low error rate. We calculate the
anonymity of Octopus using probabilistic modeling and show that Octopus can
achieve near-optimal anonymity. We evaluate Octopus's efficiency on Planetlab
with 207 nodes and show that Octopus has reasonable lookup latency and
manageable communication overhead
- …