1,446 research outputs found
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
Chameleon: A Secure Cloud-Enabled and Queryable System with Elastic Properties
There are two dominant themes that have become increasingly more important in our
technological society. First, the recurrent use of cloud-based solutions which provide
infrastructures, computation platforms and storage as services. Secondly, the use of applicational
large logs for analytics and operational monitoring in critical systems. Moreover,
auditing activities, debugging of applications and inspection of events generated by errors
or potential unexpected operations - including those generated as alerts by intrusion
detection systems - are common situations where extensive logs must be analyzed, and
easy access is required. More often than not, a part of the generated logs can be deemed
as sensitive, requiring a privacy-enhancing and queryable solution.
In this dissertation, our main goal is to propose a novel approach of storing encrypted
critical data in an elastic and scalable cloud-based storage, focusing on handling JSONbased
ciphered documents. To this end, we make use of Searchable and Homomorphic
Encryption methods to allow operations on the ciphered documents. Additionally, our
solution allows for the user to be near oblivious to our system’s internals, providing
transparency while in use. The achieved end goal is a unified middleware system capable
of providing improved system usability, privacy, and rich querying over the data. This
previously mentioned objective is addressed while maintaining server-side auditable logs,
allowing for searchable capabilities by the log owner or authorized users, with integrity
and authenticity proofs.
Our proposed solution, named Chameleon, provides rich querying facilities on ciphered
data - including conjunctive keyword, ordering correlation and boolean queries
- while supporting field searching and nested aggregations. The aforementioned operations
allow our solution to provide data analytics upon ciphered JSON documents, using
Elasticsearch as our storage and search engine.O uso recorrente de soluções baseadas em nuvem tornaram-se cada vez mais importantes
na nossa sociedade. Tais soluções fornecem infraestruturas, computação e armazenamento
como serviços, para alem do uso de logs volumosos de sistemas e aplicações para
análise e monitoramento operacional em sistemas crĂticos. Atividades de auditoria, debugging
de aplicações ou inspeção de eventos gerados por erros ou possĂveis operações
inesperadas - incluindo alertas por sistemas de detecção de intrusão - são situações comuns
onde logs extensos devem ser analisados com facilidade. Frequentemente, parte dos
logs gerados podem ser considerados confidenciais, exigindo uma solução que permite
manter a confidencialidades dos dados durante procuras.
Nesta dissertação, o principal objetivo é propor uma nova abordagem de armazenar
logs crĂticos num armazenamento elástico e escalável baseado na cloud. A solução proposta
suporta documentos JSON encriptados, fazendo uso de Searchable Encryption e
métodos de criptografia homomórfica com provas de integridade e autenticação. O objetivo
alcançado é um sistema de middleware unificado capaz de fornecer privacidade,
integridade e autenticidade, mantendo registos auditáveis do lado do servidor e permitindo
pesquisas pelo proprietário dos logs ou usuários autorizados. A solução proposta,
Chameleon, visa fornecer recursos de consulta atuando em cima de dados cifrados - incluindo
queries conjuntivas, de ordenação e booleanas - suportando pesquisas de campo
e agregações aninhadas. As operações suportadas permitem à nossa solução suportar data
analytics sobre documentos JSON cifrados, utilizando o Elasticsearch como armazenamento
e motor de busca
SoK: Cryptographically Protected Database Search
Protected database search systems cryptographically isolate the roles of
reading from, writing to, and administering the database. This separation
limits unnecessary administrator access and protects data in the case of system
breaches. Since protected search was introduced in 2000, the area has grown
rapidly; systems are offered by academia, start-ups, and established companies.
However, there is no best protected search system or set of techniques.
Design of such systems is a balancing act between security, functionality,
performance, and usability. This challenge is made more difficult by ongoing
database specialization, as some users will want the functionality of SQL,
NoSQL, or NewSQL databases. This database evolution will continue, and the
protected search community should be able to quickly provide functionality
consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the
tradeoffs between different approaches. To address these challenges, we provide
the following contributions:
1) An identification of the important primitive operations across database
paradigms. We find there are a small number of base operations that can be used
and combined to support a large number of database paradigms.
2) An evaluation of the current state of protected search systems in
implementing these base operations. This evaluation describes the main
approaches and tradeoffs for each base operation. Furthermore, it puts
protected search in the context of unprotected search, identifying key gaps in
functionality.
3) An analysis of attacks against protected search for different base
queries.
4) A roadmap and tools for transforming a protected search system into a
protected database, including an open-source performance evaluation platform
and initial user opinions of protected search.Comment: 20 pages, to appear to IEEE Security and Privac
PaaSword: A Data Privacy and Context-aware Security Framework for Developing Secure Cloud Applications - Technical and Scientific Contributions
Most industries worldwide have entered a period of reaping the benefits and opportunities cloud offers. At the same time, many efforts are made to address engineering challenges for the secure development of cloud systems and software.With the majority of software engineering projects today relying on the cloud, the task to structure end-to-end secure-by-design cloud systems becomes challenging but at the same time mandatory. The PaaSword project has been commissioned to address security and data privacy in a holistic way by proposing a context-aware security-by-design framework to support software developers in constructing secure applications for the cloud. This chapter presents an overview of the PaaSword project results, including the scientific achievements as well as the description of the technical solution. The benefits offered by the framework are validated through two pilot implementations and conclusions are drawn based on the future research challenges which are discussed in a research agenda
Shared and searchable encrypted data for untrusted servers
Current security mechanisms are not suitable for organisations that outsource their data management to untrusted servers. Encrypting and decrypting sensitive data at the client side is the normal approach in this situation but has high communication and computation overheads if only a subset of the data is required, for example, selecting records in a database table based on a keyword search. New cryptographic schemes have been proposed that support encrypted queries over encrypted data. But they all depend on a single set of secret keys, which implies single user access or sharing keys among multiple users, with key revocation requiring costly data re-encryption. In this paper, we propose an encryption scheme where each authorised user in the system has his own keys to encrypt and decrypt data. The scheme supports keyword search which enables the server to return only the encrypted data that satisfies an encrypted query without decrypting it. We provide a concrete construction of the scheme and give formal proofs of its security. We also report on the results of our implementation
Towards more Secure and Efficient Password Databases
Password databases form one of the backbones of nowadays web applications.
Every web application needs to store its users’ credentials (email and password) in
an efficient way, and in popular applications (Google, Facebook, Twitter, etc.) these
databases can grow to store millions of user credentials simultaneously. However,
despite their critical nature and susceptibility to targeted attacks, the techniques
used for securing password databases are still very rudimentary, opening the way to
devastating attacks. Just in the year of 2016, and as far as publicly disclosed, there
were more than 500 million passwords stolen in internet hacking attacks.
To solve this problem we commit to study several schemes like property-preserving
encryption schemes (e.g. deterministic encryption), encrypted data-structures that
support operations (e.g. searchable encryption), partially homomorphic encryption
schemes, and commodity trusted hardware (e.g. TPM and Intel SGX).
In this thesis we propose to make a summary of the most efficient and secure techniques
for password database management systems that exist today and recreating
them to accommodate a new and simple universal API.
We also propose SSPM(Simple Secure Password Management), a new password
database scheme that simultaneously improves efficiency and security of current
solutions existing in literature. SSPM is based on Searchable Symmetric Encryption
techniques, more specifically ciphered data structures, that allow efficient queries
with the minimum leak of access patterns. SSPM adapts these structures to work
with the necessary operation of password database schemes preserving the security
guarantees.
Furthermore, SSPM explores the use of trusted hardware to minimize the revelation
of access patterns during the execution of operations and protecting the storage
of cryptographic keys. Experimental results with real password databases shows us
that SSPM has a similar performance compared with the solutions used today in
the industry, while simultaneous increasing the offered security conditions
Practical Isolated Searchable Encryption in a Trusted Computing Environment
Cloud computing has become a standard computational paradigm due its numerous
advantages, including high availability, elasticity, and ubiquity. Both individual users and
companies are adopting more of its services, but not without loss of privacy and control.
Outsourcing data and computations to a remote server implies trusting its owners, a
problem many end-users are aware. Recent news have proven data stored on Cloud
servers is susceptible to leaks from the provider, third-party attackers, or even from
government surveillance programs, exposing users’ private data.
Different approaches to tackle these problems have surfaced throughout the years.
NaĂŻve solutions involve storing data encrypted on the server, decrypting it only on the
client-side. Yet, this imposes a high overhead on the client, rendering such schemes
impractical. Searchable Symmetric Encryption (SSE) has emerged as a novel research
topic in recent years, allowing efficient querying and updating over encrypted datastores
in Cloud servers, while retaining privacy guarantees. Still, despite relevant recent advances,
existing SSE schemes still make a critical trade-off between efficiency, security,
and query expressiveness, thus limiting their adoption as a viable technology, particularly
in large-scale scenarios.
New technologies providing Isolated Execution Environments (IEEs) may help improve
SSE literature. These technologies allow applications to be run remotely with
privacy guarantees, in isolation from other, possibly privileged, processes inside the CPU,
such as the operating system kernel. Prominent example technologies are Intel SGX and
ARM TrustZone, which are being made available in today’s commodity CPUs.
In this thesis we study these new trusted hardware technologies in depth, while exploring
their application to the problem of searching over encrypted data, primarily focusing
in SGX. In more detail, we study the application of IEEs in SSE schemes, improving their
efficiency, security, and query expressiveness.
We design, implement, and evaluate three new SSE schemes for different query types,
namely Boolean queries over text, similarity queries over image datastores, and multimodal
queries over text and images. These schemes can support queries combining different
media formats simultaneously, envisaging applications such as privacy-enhanced medical diagnosis and management of electronic-healthcare records, or confidential photograph
catalogues, running without the danger of privacy breaks in Cloud-based provisioned
services
Software Grand Exposure: SGX Cache Attacks Are Practical
Side-channel information leakage is a known limitation of SGX. Researchers
have demonstrated that secret-dependent information can be extracted from
enclave execution through page-fault access patterns. Consequently, various
recent research efforts are actively seeking countermeasures to SGX
side-channel attacks. It is widely assumed that SGX may be vulnerable to other
side channels, such as cache access pattern monitoring, as well. However, prior
to our work, the practicality and the extent of such information leakage was
not studied.
In this paper we demonstrate that cache-based attacks are indeed a serious
threat to the confidentiality of SGX-protected programs. Our goal was to design
an attack that is hard to mitigate using known defenses, and therefore we mount
our attack without interrupting enclave execution. This approach has major
technical challenges, since the existing cache monitoring techniques experience
significant noise if the victim process is not interrupted. We designed and
implemented novel attack techniques to reduce this noise by leveraging the
capabilities of the privileged adversary. Our attacks are able to recover
confidential information from SGX enclaves, which we illustrate in two example
cases: extraction of an entire RSA-2048 key during RSA decryption, and
detection of specific human genome sequences during genomic indexing. We show
that our attacks are more effective than previous cache attacks and harder to
mitigate than previous SGX side-channel attacks
- …