3 research outputs found
Lattice-Based Public Key Searchable Encryption from Experimental Perspectives
Public key Encryption with Keyword Search (PEKS) aims in mitigating the impacts of data privacy versus utilization dilemma by allowing {\em any user in the system} to send encrypted files to the server to be searched by a receiver. The receiver can retrieve the encrypted files containing specific keywords by providing the corresponding trapdoors of these keywords to the server. Despite their merits, the existing PEKS schemes introduce a high end-to-end delay that may hinder their adoption in practice. Moreover, they do not scale well for large security parameters and provide no post-quantum security promises. In this paper, we propose two novel lattice-based PEKS schemes that offer a high computational efficiency along with better security assurances than that of the existing alternatives. Specifically, our NTRU-PEKS scheme achieves 18 times lower end-to-end delay than the most efficient pairing-based alternatives. Our LWE-PEKS offers provable security in the standard model with a reduction to the worst-case lattice problems. We fully implemented our NTRU-PEKS scheme and benchmarked its performance as deployed on Amazon Web Services cloud infrastructures
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Data and Applications Security and Privacy XXXI
The proceedings contain 30 papers. The special focus in this conference is on Data and Applications Security and Privacy. The topics include: Resilient reference monitor for distributed access control via moving target defense; preventing unauthorized data flows; object-tagged RBAC model for the hadoop ecosystem; identification of access control policy sentences from natural language policy documents; fast distributed evaluation of stateful attribute-based access control policies; Gaussian mixture models for classification and hypothesis tests under differential privacy; differentially private k skyband query answering through adaptive spatial decomposition; mutually private location proximity detection with access control; privacy-preserving community-aware trending topic detection in online social media; privacy-preserving outlier detection for data streams; undoing of privacy policies on Facebook; towards actionable mission impact assessment in the context of cloud computing; reducing security risks of clouds through virtual machine placement; firewall policies provisioning through sdn in the cloud; budget-constrained result integrity verification of outsourced data mining computations; searchable encryption to reduce encryption degradation in adjustably encrypted databases; efficient protocols for private database queries; toward group based user-attribute policies in azure-like access control systems; high-speed high security public key encryption with keyword search; keylogger detection using a decoy keyboard; the fallout of key compromise in a proxy-mediated key agreement protocol; improving resilience of behaviometric based continuous authentication with multiple accelerometers; a content-aware trust index for online review spam detection and securing web applications with predicate access control