Lattice-Based Public Key Searchable Encryption from Experimental Perspectives

Public key Encryption with Keyword Search (PEKS) aims in mitigating the impacts of data privacy versus utilization dilemma by allowing {\em any user in the system} to send encrypted files to the server to be searched by a receiver. The receiver can retrieve the encrypted files containing specific keywords by providing the corresponding trapdoors of these keywords to the server. Despite their merits, the existing PEKS schemes introduce a high end-to-end delay that may hinder their adoption in practice. Moreover, they do not scale well for large security parameters and provide no post-quantum security promises. In this paper, we propose two novel lattice-based PEKS schemes that offer a high computational efficiency along with better security assurances than that of the existing alternatives. Specifically, our NTRU-PEKS scheme achieves 18 times lower end-to-end delay than the most efficient pairing-based alternatives. Our LWE-PEKS offers provable security in the standard model with a reduction to the worst-case lattice problems. We fully implemented our NTRU-PEKS scheme and benchmarked its performance as deployed on Amazon Web Services cloud infrastructures

Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era

Data and Applications Security and Privacy XXXI

The proceedings contain 30 papers. The special focus in this conference is on Data and Applications Security and Privacy. The topics include: Resilient reference monitor for distributed access control via moving target defense; preventing unauthorized data flows; object-tagged RBAC model for the hadoop ecosystem; identification of access control policy sentences from natural language policy documents; fast distributed evaluation of stateful attribute-based access control policies; Gaussian mixture models for classification and hypothesis tests under differential privacy; differentially private k skyband query answering through adaptive spatial decomposition; mutually private location proximity detection with access control; privacy-preserving community-aware trending topic detection in online social media; privacy-preserving outlier detection for data streams; undoing of privacy policies on Facebook; towards actionable mission impact assessment in the context of cloud computing; reducing security risks of clouds through virtual machine placement; firewall policies provisioning through sdn in the cloud; budget-constrained result integrity verification of outsourced data mining computations; searchable encryption to reduce encryption degradation in adjustably encrypted databases; efficient protocols for private database queries; toward group based user-attribute policies in azure-like access control systems; high-speed high security public key encryption with keyword search; keylogger detection using a decoy keyboard; the fallout of key compromise in a proxy-mediated key agreement protocol; improving resilience of behaviometric based continuous authentication with multiple accelerometers; a content-aware trust index for online review spam detection and securing web applications with predicate access control