1,326 research outputs found
Execution Integrity with In-Place Encryption
Instruction set randomization (ISR) was initially proposed with the main goal
of countering code-injection attacks. However, ISR seems to have lost its
appeal since code-injection attacks became less attractive because protection
mechanisms such as data execution prevention (DEP) as well as code-reuse
attacks became more prevalent.
In this paper, we show that ISR can be extended to also protect against
code-reuse attacks while at the same time offering security guarantees similar
to those of software diversity, control-flow integrity, and information hiding.
We present Scylla, a scheme that deploys a new technique for in-place code
encryption to hide the code layout of a randomized binary, and restricts the
control flow to a benign execution path. This allows us to i) implicitly
restrict control-flow targets to basic block entries without requiring the
extraction of a control-flow graph, ii) achieve execution integrity within
legitimate basic blocks, and iii) hide the underlying code layout under
malicious read access to the program. Our analysis demonstrates that Scylla is
capable of preventing state-of-the-art attacks such as just-in-time
return-oriented programming (JIT-ROP) and crash-resistant oriented programming
(CROP). We extensively evaluate our prototype implementation of Scylla and show
feasible performance overhead. We also provide details on how this overhead can
be significantly reduced with dedicated hardware support
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
M-SSE: an effective searchable symmetric encryption with enhanced security for mobile devices
Searchable Encryption (SE) allows mobile devices with limited computing and storage resources to outsource data to an untrusted cloud server. Users are able to search and retrieve the outsourced, however, it suffers from information and privacy leakage. The reason is that most of the previous works rely on the single cloud model, which allows that the cloud server get all the search information from users. In this paper, we present a new scheme M-SSE that achieves both forward and backward security based on a multi-cloud technique. The new scheme is secure against both adaptive file injection attack and size pattern attack by utilizing multiple cloud servers. Experiment results show that our scheme is effective compared with the other existing schemes
Order-Revealing Encryption: File-Injection Attack and Forward Security
Order-preserving encryption (OPE) and order-revealing encryption (ORE) are among the core ingredients for encrypted database (EDB) systems as secure cloud storage. In this work, we study the leakage of OPE and ORE and their forward security.
We propose generic yet powerful file-injection attacks (FIAs) on OPE/ORE, aimed at the situations of possessing order by and range queries. The FIA schemes only exploit the ideal leakage of OPE/ORE (in particular, no need of data denseness or frequency). We also improve its efficiency with the frequency statistics using a hierarchical idea such that the high-frequency values will be recovered more quickly. Compared with other attacks against OPE/ORE proposed in recent years, our FIA attacks rely upon less demanding conditions and are more effective for attacking the systems with the function of data sharing or transferring like encrypted email system. We executed some experiments on real datasets to test the performance, and the results show that our FIA attacks can cause an extreme hazard on most of the existing OPE and ORE schemes with high efficiency and 100% recovery rate.
In order to resist the perniciousness of FIA, we propose a practical compilation framework for achieving forward secure ORE. The compilation framework only uses some simple cryptographical tools like pseudo-random function, hash function and trapdoor permutation. It can transform most of the existing OPE/ORE schemes into forward secure ORE schemes, with the
goal of minimizing the extra burden incurred on computation and storage. We also present its security proof and execute some experiments to analyze its performance
An In-Depth Analysis on Efficiency and Vulnerabilities on a Cloud-Based Searchable Symmetric Encryption Solution
Searchable Symmetric Encryption (SSE) has come to be as an integral cryptographic approach in a world where digital privacy is essential. The capacity to search through encrypted data whilst maintaining its integrity meets the most important demand for security and confidentiality in a society that is increasingly dependent on cloud-based services and data storage. SSE offers efficient processing of queries over encrypted datasets, allowing entities to comply with data privacy rules while preserving database usability. Our research goes into this need, concentrating on the development and thorough testing of an SSE system based on Curtmola’s architecture and employing Advanced Encryption Standard (AES) in Cypher Block Chaining (CBC) mode. A primary goal of the research is to conduct a thorough evaluation of the security and performance of the system. In order to assess search performance, a variety of database settings were extensively tested, and the system's security was tested by simulating intricate threat scenarios such as count attacks and leakage abuse. The efficiency of operation and cryptographic robustness of the SSE system are critically examined by these reviews
Practical Volume-Based Attacks on Encrypted Databases
Recent years have seen an increased interest towards strong security
primitives for encrypted databases (such as oblivious protocols), that hide the
access patterns of query execution, and reveal only the volume of results.
However, recent work has shown that even volume leakage can enable the
reconstruction of entire columns in the database. Yet, existing attacks rely on
a set of assumptions that are unrealistic in practice: for example, they (i)
require a large number of queries to be issued by the user, or (ii) assume
certain distributions on the queries or underlying data (e.g., that the queries
are distributed uniformly at random, or that the database does not contain
missing values).
In this work, we present new attacks for recovering the content of individual
user queries, assuming no leakage from the system except the number of results
and avoiding the limiting assumptions above. Unlike prior attacks, our attacks
require only a single query to be issued by the user for recovering the
keyword. Furthermore, our attacks make no assumptions about the distribution of
issued queries or the underlying data. Instead, our key insight is to exploit
the behavior of real-world applications.
We start by surveying 11 applications to identify two key characteristics
that can be exploited by attackers: (i) file injection, and (ii) automatic
query replay. We present attacks that leverage these two properties in concert
with volume leakage, independent of the details of any encrypted database
system. Subsequently, we perform an attack on the real Gmail web client by
simulating a server-side adversary. Our attack on Gmail completes within a
matter of minutes, demonstrating the feasibility of our techniques. We also
present three ancillary attacks for situations when certain mitigation
strategies are employed.Comment: IEEE EuroS&P 202
FSPVDsse: A Forward Secure Publicly Verifiable Dynamic SSE scheme
A symmetric searchable encryption (SSE) scheme allows a client (data owner)
to search on encrypted data outsourced to an untrusted cloud server. The search
may either be a single keyword search or a complex query search like
conjunctive or Boolean keyword search. Information leakage is quite high for
dynamic SSE, where data might be updated. It has been proven that to avoid this
information leakage an SSE scheme with dynamic data must be forward private. A
dynamic SSE scheme is said to be forward private, if adding a keyword-document
pair does not reveal any information about the previous search result with that
keyword.
In SSE setting, the data owner has very low computation and storage power. In
this setting, though some schemes achieve forward privacy with
honest-but-curious cloud, it becomes difficult to achieve forward privacy when
the server is malicious, meaning that it can alter the data. Verifiable dynamic
SSE requires the server to give a proof of the result of the search query. The
data owner can verify this proof efficiently. In this paper, we have proposed a
generic publicly verifiable dynamic SSE (DSSE) scheme that makes any forward
private DSSE scheme verifiable without losing forward privacy. The proposed
scheme does not require any extra storage at owner-side and requires minimal
computational cost as well for the owner. Moreover, we have compared our scheme
with the existing results and show that our scheme is practical.Comment: 17 pages, Published in ProvSec 201
- …