76 research outputs found
Tight Tradeoffs in Searchable Symmetric Encryption
A searchable symmetric encryption (SSE) scheme enables a client to store data on an untrusted server while supporting keyword searches in a secure manner. Recent experiments have indicated that the practical relevance of such schemes heavily relies on the tradeoff between their space overhead, locality (the number of non-contiguous memory locations that the server accesses with each query), and read efficiency (the ratio between the number of bits the server reads with each query and the actual size of the answer). These experiments motivated Cash and Tessaro (EUROCRYPT \u2714) and Asharov et al. (STOC \u2716) to construct SSE schemes offering various such tradeoffs, and to prove lower bounds for natural SSE frameworks. Unfortunately, the best-possible tradeoff has not been identified, and there are substantial gaps between the existing schemes and lower bounds, indicating that a better understanding of SSE is needed.
We establish tight bounds on the tradeoff between the space overhead, locality and read efficiency of SSE schemes within two general frameworks that capture the memory access pattern underlying all existing schemes. First, we introduce the ``pad-and-split\u27\u27 framework, refining that of Cash and Tessaro while still capturing the same existing schemes. Within our framework we significantly strengthen their lower bound, proving that any scheme with locality must use space for databases of size . This is a tight lower bound, matching the tradeoff provided by the scheme of Demertzis and Papamanthou (SIGMOD \u2717) which is captured by our pad-and-split framework.
Then, within the ``statistical-independence\u27\u27 framework of Asharov et al. we show that their lower bound is essentially tight: We construct a scheme whose tradeoff matches their lower bound within an additive factor in its read efficiency, once again improving upon the existing schemes. Our scheme offers optimal space and locality, and nearly-optimal read efficiency that depends on the frequency of the queried keywords: For a keyword that is associated with document identifiers, the read efficiency is when retrieving its identifiers (where the term may be arbitrarily small, and is the lower bound proved by Asharov et al.). In particular, for any keyword that is associated with at most document identifiers (i.e., for any keyword that is not exceptionally common), we provide read efficiency when retrieving its identifiers
An In-Depth Analysis on Efficiency and Vulnerabilities on a Cloud-Based Searchable Symmetric Encryption Solution
Searchable Symmetric Encryption (SSE) has come to be as an integral cryptographic approach in a world where digital privacy is essential. The capacity to search through encrypted data whilst maintaining its integrity meets the most important demand for security and confidentiality in a society that is increasingly dependent on cloud-based services and data storage. SSE offers efficient processing of queries over encrypted datasets, allowing entities to comply with data privacy rules while preserving database usability. Our research goes into this need, concentrating on the development and thorough testing of an SSE system based on Curtmola’s architecture and employing Advanced Encryption Standard (AES) in Cypher Block Chaining (CBC) mode. A primary goal of the research is to conduct a thorough evaluation of the security and performance of the system. In order to assess search performance, a variety of database settings were extensively tested, and the system's security was tested by simulating intricate threat scenarios such as count attacks and leakage abuse. The efficiency of operation and cryptographic robustness of the SSE system are critically examined by these reviews
Security-Efficiency Tradeoffs in Searchable Encryption -- Lower Bounds and Optimal Constructions
Besides their security, the efficiency of searchable encryption schemes is a major criteria when it comes to their adoption: in order to replace an unencrypted database by a more secure construction, it must scale to the systems which rely on it. Unfortunately, the relationship between the efficiency and the security of searchable encryption has not been widely studied, and the minimum cost of some crucial security properties is still unclear.
In this paper, we present new lower bounds on the tradeoffs between the size of the client state, the efficiency and the security for searchable encryption schemes. These lower bounds target two kinds of schemes: schemes hiding the repetition of search queries, and forward-private dynamic schemes, for which updates are oblivious.
We also show that these lower bounds are tight, by either constructing schemes matching them, or by showing that even a small increase in the amount of leaked information allows for constructing schemes breaking the lower bounds
Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model
Encrypted multi-maps (EMMs) enable clients to outsource the storage of
a multi-map to a potentially untrusted server while maintaining the ability
to perform operations in a privacy-preserving manner. EMMs are an important
primitive as they are an integral building block for many practical applications
such as searchable encryption and encrypted databases.
In this work, we formally examine the tradeoffs between privacy and
efficiency for EMMs.
Currently, all known dynamic
EMMs with constant overhead
reveal if two operations
are performed on the same key or not that we denote as
the .
In our main result, we present strong evidence that the leakage of the
global key-equality pattern is inherent for
any dynamic EMM construction with efficiency.
In particular, we consider the slightly smaller leakage of
where leakage of
key-equality between update and query operations
is decoupled and the adversary only learns whether two operations of the
are performed on the same key or not. We show that
any EMM with at most decoupled key-equality pattern
leakage incurs overhead in the
.
This is tight as there exist ORAM-based constructions of EMMs with logarithmic slowdown that leak no more than the decoupled key-equality pattern (and actually, much less).
Furthermore, we present stronger lower bounds that
encrypted multi-maps leaking at most the decoupled key-equality pattern
but are able to perform one of either the update or query operations
in the plaintext still require overhead.
Finally, we extend our lower bounds to show that
dynamic, searchable encryption schemes
must also incur overhead even when one of either
the document updates or searches may be performed in the plaintext
Confidentiality-Preserving Publish/Subscribe: A Survey
Publish/subscribe (pub/sub) is an attractive communication paradigm for
large-scale distributed applications running across multiple administrative
domains. Pub/sub allows event-based information dissemination based on
constraints on the nature of the data rather than on pre-established
communication channels. It is a natural fit for deployment in untrusted
environments such as public clouds linking applications across multiple sites.
However, pub/sub in untrusted environments lead to major confidentiality
concerns stemming from the content-centric nature of the communications. This
survey classifies and analyzes different approaches to confidentiality
preservation for pub/sub, from applications of trust and access control models
to novel encryption techniques. It provides an overview of the current
challenges posed by confidentiality concerns and points to future research
directions in this promising field
Hermes: I/O-Efficient Forward-Secure Searchable Symmetric Encryption
Dynamic Symmetric Searchable Encryption (SSE) enables a user to outsource the storage of an encrypted database to an untrusted server, while retaining the ability to privately search and update the outsourced database. The performance bottleneck of SSE schemes typically comes from their I/O efficiency. Over the last few years, a line of work has substantially improved that bottleneck. However, all existing I/O-efficient SSE schemes have a common limitation: they are not forward-secure. Since the seminal work of Bost at CCS 2016, forward security has become a de facto standard in SSE. In the same article, Bost conjectures that forward security and I/O efficiency are incompatible. This explains the current status quo, where users are forced to make a difficult choice between security and efficiency.
The central contribution of this paper it to show that, contrary to what the status quo suggests, forward security and I/O efficiency can be realized simultaneously. This result is enabled by two new key techniques. First, we make use of a controlled amount of client buffering, combined with a deterministic update schedule. Second, we introduce the notion of SSE supporting dummy updates. In combination, those two techniques offer a new path to realizing forward security, which is compatible with I/O efficiency. Our new SSE scheme, Hermes, achieves sublogarithmic I/O efficiency , storage efficiency , with standard leakage, as well as backward and forward security. Practical experiments confirm that Hermes achieves excellent performance
Efficient privacy preserving predicate encryption with fine-grained searchable capability for cloud storage
With the fast development in Cloud storage technologies and ever increasing use of Cloud data centres, data privacy and confidentiality has become a must. Indeed, Cloud data centres store each time more sensitive data such as personal data, organizational and enterprise data, transactional data, etc. However, achieving confidentiality with flexible searchable capability is a challenging issue. In this article, we show how to construct an efficient predicate encryption with fine-grained searchable capability. Predicate Encryption (PEPE) can achieve more sophisticated and flexible functionality compared with traditional public key encryption. We propose an efficient predicate encryption scheme by utilizing the dual system encryption technique, which can also be proved to be IND-AH-CPA (indistinguishable under chosen plain-text attack for attribute-hiding) secure without random oracle. We also carefully analyse the relationship between predicate encryption and searchable encryption. To that end, we introduce a new notion of Public-Key Encryption with Fine-grained Keyword Search (PEFKSPEFKS). Our results show that an IND-AH-CPA secure PE scheme can be used to construct an IND-PEFKS-CPA (indistinguishable under chosen plain-text attack for public-key encryption with fine-grained keyword search) secure PEFKSPEFKS scheme. A new transformation of PE-to-PEFKS is also proposed and used to construct an efficient PEFKSPEFKS scheme based on the transformation from the proposed PEPE scheme. Finally, we design a new framework for supporting privacy preserving predicate encryption with fine-grained searchable capability for Cloud storage. Compared to most prominent frameworks, our framework satisfies more features altogether and can serve as a basis for developing such frameworks for Cloud data centres.Peer ReviewedPostprint (author's final draft
Encrypted Multi-Maps with Computationally-Secure Leakage
We initiate the study of structured encryption schemes with computationally-secure leakage. Specifically, we focus on the design of volume-hiding encrypted multi-maps; that is, of encrypted multi-maps that hide the response length to computationally-bounded adversaries. We describe the first volume-hiding STE schemes that do not rely on naive padding; that is, padding all tuples to the same length. Our first construction has efficient query complexity and storage but can be lossy. We show, however, that the information loss can be bounded with overwhelming probability for a large class of multi-maps (i.e., with lengths distributed according to a Zipf distribution). Our second construction is not lossy and can achieve storage overhead that is asymptotically better than naive padding for Zipf-distributed multi-maps. We also show how to further improve the storage when the multi-map is highly concentrated in the sense that it has a large number of tuples with a large intersection.
We achieve these results by leveraging computational assumptions. Not just for encryption but, more interestingly, to hide the volumes themselves. Our first construction achieves this using a pseudo-random function whereas our second construction achieves this by relying on the conjectured hardness of the planted densest subgraph problem which is a planted variant of the well-studied densest subgraph problem. This assumption was previously used to design public-key encryptions schemes (Applebaum et al., STOC \u2710) and to study the computational complexity of financial products (Arora et al., ICS \u2710)
On designing secure small-state stream ciphers against time-memory-data tradeoff attacks
A new generation of stream ciphers, small-state stream ciphers (SSCs), was born in 2015 with the introduction of the Sprout cipher. The new generation is based on using key bits not only in the initialization but also continuously in the keystream generation phase. The new idea allowed designing stream ciphers with significantly smaller area size and low power consumption. A distinguishing time-memory-data tradeoff (TMDTO) attack was successfully applied against all SSCs in 2017 by Hamann et al. [1]. They suggested using not only key bits but also initial value (IV) bits continuously in the keystream generation phase to strengthen SSCs against TMDTO attacks.
Then, Hamann and Krause [2] proposed a construction based on using only IV bits continuously in packet mode. They suggested an instantiation of an SSC and claimed that it is resistant to TMDTO attacks. We point out that storing IV bits imposes an overhead on cryptosystems that is not acceptable in many applications. More importantly, we show that the proposed SSC remains vulnerable to TMDTO attacks.
To resolve security threat, the current paper proposes constructions, based on storing key or IV bits, that are the first to provide full security against TMDTO attacks. It is possible to obtain parameters for secure SSCs based on these suggested constructions. Our constructions are a fruitful research direction in stream ciphers
Locality-Preserving Oblivious RAM
Oblivious RAMs, introduced by Goldreich and Ostrovsky [JACM\u2796], compile any RAM program into one that is ``memory oblivious\u27\u27, i.e., the access pattern to the memory is independent of the input. All previous ORAM schemes, however, completely break the locality of data accesses (for instance, by shuffling the data to pseudorandom positions in memory).
In this work, we initiate the study of locality-preserving ORAMs --- ORAMs that preserve locality of the accessed memory regions, while leaking only the lengths of contiguous memory regions accessed. Our main results demonstrate the existence of a locality-preserving ORAM with poly-logarithmic overhead both in terms of bandwidth and locality. We also study the tradeoff between locality, bandwidth and leakage, and show that any scheme that preserves locality and does not leak the lengths of the contiguous memory regions accessed, suffers from prohibitive bandwidth.
To the best of our knowledge, before our work, the only works combining locality and obliviousness were for symmetric searchable encryption [e.g., Cash and Tessaro (EUROCRYPT\u2714), Asharov et al. (STOC\u2716)].
Symmetric search encryption ensures obliviousness if each keyword is searched only once, whereas ORAM provides obliviousness to any input program. Thus, our work generalizes that line of work to the much more challenging task of preserving locality in ORAMs
- …