42 research outputs found
Measuring the Deployment Hiccups of DNSSEC
On May 5, 2010 the last step of the DNSSEC deployment on the 13 root servers was completed. DNSSEC is a set of security extensions on the traditional DNS protocol, that aim in preventing attacks based on the authenticity and integrity of the messages. Although the transition was completed without major faults, it is not clear whether problems of smaller scale occurred. In this paper we try to quantify the effects of that transition, using as many vantage points as possible. In order to achieve that, we deployed a distributed DNS monitoring infrastructure over the PlanetLab and gathered periodic DNS lookups, performed from each of the roughly 300 nodes, during the DNSSEC deployment on the last root name server. In addition, in order to broaden our view, we also collected data using the Tor anonymity network. After analyzing all the gathered data, we observed that around 4% of the monitored networks had an interesting DNS query failure pattern, which, to the best of our knowledge, was due to the transition
Dynamic Searchable Encryption with Access Control
We present a searchable encryption scheme for dynamic document collections in a multi-user scenario. Our scheme features fine-grained access control to search results, as well as access control to operations such as adding documents to the document
collection, or changing individual documents. The scheme features verifiability of search results. Our scheme also satisfies the forward privacy notion crucial for the security of dynamic searchable encryption schemes
Searchable Encryption with Optimal Locality: Achieving Sublogarithmic Read Efficiency
We propose the first linear-space searchable encryption scheme with constant locality and \emph{sublogarithmic} read efficiency, strictly improving the previously best known read efficiency bound (Asharov et al., STOC 2016) from to where for any fixed . Our scheme employs four different allocation algorithms for storing the keyword lists, depending on the size of the list considered each time. For our construction we develop (i) new probability bounds for the offline two-choice allocation problem; (ii) and a new I/O-efficient oblivious RAM with bandwidth overhead and zero failure probability, both of which can be of independent interest
Mitigation Techniques for Attacks on 1-Dimensional Databases that Support Range Queries
In recent years, a number of attacks have been developed that can reconstruct encrypted one-dimensional databases that support range queries under the persistent passive adversary model. These attacks allow an (honest but curious) adversary (such as the cloud provider) to find the order of the elements in the database and, in some cases, to even reconstruct the database itself.
In this paper we present two mitigation techniques to make it harder for the adversary to reconstruct the database. The first technique makes it impossible for an adversary to reconstruct the values stored in the database with an error smaller than , for chosen by the client. By fine-tuning , the user can increase the adversary\u27s error at will.
The second technique is targeted towards adversaries who have managed to learn the distribution of the queries issued. Such adversaries may be able to reconstruct most of the database after seeing a very small (i.e. poly-logarithmic) number of queries. To neutralize such adversaries, our technique turns the database to a circular buffer. All known techniques that exploit knowledge of distribution fail, and no technique can determine which record is first (or last) based on access pattern leakage
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Strengthening the Security of Encrypted Databases: Non-Transitive JOINs
Database management systems operating over encrypted data are gaining significant commercial interest. CryptDB is one such notable system supporting a variety SQL queries over encrypted data (Popa et al., SOSP \u2711). It is a practical system obtained by utilizing a number of encryption schemes, together with a new cryptographic primitive for supporting SQL\u27s join operator.
This new primitive, an adjustable join scheme, is an encoding scheme that enables to generate tokens corresponding to any two database columns for computing their join given only their encodings. Popa et al. presented a framework for modeling the security of adjustable join schemes, but it is not completely clear what types of potential adversarial behavior it captures. Most notably, CryptDB\u27s join operator is transitive, and this may reveal a significant amount of sensitive information.
In this work we put forward a strong and intuitive notion of security for adjustable join schemes, and argue that it indeed captures the security of such schemes: We introduce, in addition, natural simulation-based and indistinguishability-based notions (capturing the ``minimal leakage\u27\u27 of such schemes), and prove that our notion is positioned between their adaptive and non-adaptive variants.
Then, we construct an adjustable join scheme that satisfies our notion of security based on the linear assumption (or on the seemingly stronger matrix-DDH assumption for improved efficiency) in bilinear groups. Instantiating CryptDB with our scheme strengthens its security by providing a non-transitive join operator, while increasing the size of CryptDB\u27s encodings from one group element to four group elements based on the linear assumption (or two group elements based on the matrix-DDH assumption), and increasing the running time of the adjustment operation from that of computing one group exponentiation to that of computing four bilinear maps based on the linear assumption (or two bilinear maps based on the matrix-DDH assumption). Most importantly, however, the most critical and frequent operation underlying our scheme is comparison of single group elements as in CryptDB\u27s join scheme
Lower Bounds for Encrypted Multi-Maps and Searchable Encryption in the Leakage Cell Probe Model
Encrypted multi-maps (EMMs) enable clients to outsource the storage of
a multi-map to a potentially untrusted server while maintaining the ability
to perform operations in a privacy-preserving manner. EMMs are an important
primitive as they are an integral building block for many practical applications
such as searchable encryption and encrypted databases.
In this work, we formally examine the tradeoffs between privacy and
efficiency for EMMs.
Currently, all known dynamic
EMMs with constant overhead
reveal if two operations
are performed on the same key or not that we denote as
the .
In our main result, we present strong evidence that the leakage of the
global key-equality pattern is inherent for
any dynamic EMM construction with efficiency.
In particular, we consider the slightly smaller leakage of
where leakage of
key-equality between update and query operations
is decoupled and the adversary only learns whether two operations of the
are performed on the same key or not. We show that
any EMM with at most decoupled key-equality pattern
leakage incurs overhead in the
.
This is tight as there exist ORAM-based constructions of EMMs with logarithmic slowdown that leak no more than the decoupled key-equality pattern (and actually, much less).
Furthermore, we present stronger lower bounds that
encrypted multi-maps leaking at most the decoupled key-equality pattern
but are able to perform one of either the update or query operations
in the plaintext still require overhead.
Finally, we extend our lower bounds to show that
dynamic, searchable encryption schemes
must also incur overhead even when one of either
the document updates or searches may be performed in the plaintext