Technische Universität Ilmenau CCSW 2013 Sander Wozniak

Slides:

Advertisements

Similar presentations

Multistage Sampling.

Advertisements

Lower Bounds for Local Search by Quantum Arguments Scott Aaronson.

1 On the Long-Run Behavior of Equation-Based Rate Control Milan Vojnović and Jean-Yves Le Boudec ACM SIGCOMM 2002, Pittsburgh, PA, August 19-23, 2002.

Optimizing Cost and Performance for Multihoming Nick Feamster CS 6250 Fall 2011.

Answering Approximate Queries over Autonomous Web Databases Xiangfu Meng, Z. M. Ma, and Li Yan College of Information Science and Engineering, Northeastern.

An analysis of Social Network-based Sybil defenses Bimal Viswanath § Ansley Post § Krishna Gummadi § Alan Mislove ¶ § MPI-SWS ¶ Northeastern University.

C. Mastroianni, D. Talia, O. Verta - A Super-Peer Model for Resource Discovery Services in Grids A Super-Peer Model for Building Resource Discovery Services.

A small taste of inferential statistics

Tests of Hypotheses Based on a Single Sample

Chapter 7 Sampling and Sampling Distributions

Querying Encrypted Data using Fully Homomorphic Encryption Murali Mani, UMFlint Talk given at CIDR, Jan 7,

Plan Recognition in Virtual Laboratories Ofra Amir and Yaakov (Kobi) Gal Ben-Gurion University of The Negev Department of Information Systems Engineering.

Learning to Suggest: A Machine Learning Framework for Ranking Query Suggestions Date: 2013/02/18 Author: Umut Ozertem, Olivier Chapelle, Pinar Donmez,

Virtual COMSATS Inferential Statistics Lecture-3

Chapter 4 Inference About Process Quality

CHAPTER 2 – DISCRETE DISTRIBUTIONS HÜSEYIN GÜLER MATHEMATICAL STATISTICS Discrete Distributions 1.

Scalable and Dynamic Quorum Systems Moni Naor & Udi Wieder The Weizmann Institute of Science.

12 th International Fall Workshop VISION, MODELING, AND VISUALIZATION 2007 November 7-9, 2007 Saarbrücken, Germany Estimating Natural Activity by Fitting.

Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Many-to-one Trapdoor Functions and their Relations to Public-key Cryptosystems M. Bellare S. Halevi A. Saha S. Vadhan.

Probabilistic Public Key Encryption with Equality Test Duncan S. Wong Department of Computer Science City University of Hong Kong Joint work with Guomin.

A Privacy Preserving Index for Range Queries

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

CS4432: Database Systems II

Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.

Hypothesis testing Another judgment method of sampling data.

Statistics Review – Part II Topics: – Hypothesis Testing – Paired Tests – Tests of variability 1.

Fast Algorithms For Hierarchical Range Histogram Constructions

A Sampling Distribution

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Generic Object Detection using Feature Maps Oscar Danielsson Stefan Carlsson

1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.

Experimental Evaluation

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

Sensitivity Evaluation of Subspace-based Damage Detection Technique Saeid Allahdadian Dr. Carlos Ventura PhD Student, The University of British Columbia,

Roger ZimmermannCOMPSAC 2004, September 30 Spatial Data Query Support in Peer-to-Peer Systems Roger Zimmermann, Wei-Shinn Ku, and Haojun Wang Computer.

Privacy Preserving Query Processing in Cloud Computing Wen Jie

An efficient distributed protocol for collective decision- making in combinatorial domains CMSS Feb , 2012 Minyi Li Intelligent Agent Technology.

1 Introduction to Estimation Chapter Concepts of Estimation The objective of estimation is to determine the value of a population parameter on the.

Trust-Aware Optimal Crowdsourcing With Budget Constraint Xiangyang Liu 1, He He 2, and John S. Baras 1 1 Institute for Systems Research and Department.

Identity-Based Secure Distributed Data Storage Schemes.

Towards Robust Indexing for Ranked Queries Dong Xin, Chen Chen, Jiawei Han Department of Computer Science University of Illinois at Urbana-Champaign VLDB.

VI. Evaluate Model Fit Basic questions that modelers must address are: How well does the model fit the data? Do changes to a model, such as reparameterization,

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Structure-Aware Sampling:

1 CS 391L: Machine Learning: Experimental Evaluation Raymond J. Mooney University of Texas at Austin.

Lecture 16 Section 8.1 Objectives: Testing Statistical Hypotheses − Stating hypotheses statements − Type I and II errors − Conducting a hypothesis test.

6.1 Inference for a Single Proportion  Statistical confidence  Confidence intervals  How confidence intervals behave.

By: Gang Zhou Computer Science Department University of Virginia 1 Medians and Beyond: New Aggregation Techniques for Sensor Networks CS851 Seminar Presentation.

1 Probability and Statistics Confidence Intervals.

Yi Jiang MS Thesis 1 Yi Jiang Dept. Of Electrical and Computer Engineering University of Florida, Gainesville, FL 32611, USA Array Signal Processing in.

Secure Data Outsourcing

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

All Your Queries are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University.

Shadow Detection in Remotely Sensed Images Based on Self-Adaptive Feature Selection Jiahang Liu, Tao Fang, and Deren Li IEEE TRANSACTIONS ON GEOSCIENCE.

Practical Order-Revealing Encryption with Limited Leakage Nathan Chenette, Kevin Lewi, Stephen A. Weis, and David J. Wu Fast Software Encryption March,

Chapter 5 STATISTICAL INFERENCE: ESTIMATION AND HYPOTHESES TESTING

Boneh-Franklin Identity Based Encryption Scheme

A paper on Join Synopses for Approximate Query Answering

A Privacy-Preserving Index for Range Queries

December 4--8, Nonlinear Invariant Attack Practical Attack on Full SCREAM, iSCREAM, and Midori64 Name: Position: My research topics.

Lecture 15 Sections 7.3 – 7.5 Objectives:

CMSC 414 Computer and Network Security Lecture 3

Aiying Chen, Scott Patterson, Fabrice Bailleux and Ehab Bassily

Tutorial 9 Suppose that a random sample of size 10 is drawn from a normal distribution with mean 10 and variance 4. Find the following probabilities:

Range-Efficient Computation of F0 over Massive Data Streams

Cryptography Lecture 5.

Multiplicative data perturbation (2)

Presentation transcript:

Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes Technische Universität Ilmenau CCSW 2013 Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter Schaefer

Order-Preserving Encryption (OPE) Domain of plaintexts: Range of ciphertexts: For an encryption function an OPE scheme satisfies: Application in the context of cloud computing: Users may not fully trust their service providers Need to encrypt the outsourced data OPE enables efficient range queries in standard DBMS

OPE based on Order-Preserving Functions OPF-based Schemes: Rely on Order-Preserving Functions (OPFs) drawn from: OPE scheme based on a chosen OPF Choosing Order-Preserving Functions Standard model: “Ideal Object” (Boldyreva et al., 2009): OPFs are drawn uniformly at random In this work: alternative OPF construction schemes - Standard model for analysis

Weaknesses of the “Ideal Object” One-wayness of “ideal object” is not satisfying Existing research highlights the significance of the most likely plaintext (m.l.p.) of a given ciphertext Empiric frequency distributions for 108 OPFs: 10 to the power of 8

Disclosure-Resilience of OPE Given: OPF construction scheme Attacker model: and the plaintext space is known to adversaries Adversaries have limited additional information: Known ciphertexts Known/chosen plaintext-ciphertext pairs Given a challenge ciphertext , adversaries have to accurately estimate the plaintext producing is referred to as disclosure-resilient if it: provides a sufficient number of plaintexts producing maintains this property in case of disclosed information

Average Number of Significant Plaintexts Measures the number of plaintexts that an attacker has to consider as candidates for a challenge ciphertext Number of significant plaintexts for a ciphertext: Plaintext p Probability of being assigned to ciphertext c Threshold Weighted average over all ciphertexts: Note: this is not a quantile!

Average Expected Estimation Error Measures the error of a maximum-likelihood estimator using the most likely plaintexts of a challenge ciphertext Expected estimator error: Plaintext p Probability of being assigned to ciphertext c Weighted average over all ciphertexts: Error

Random Offset Addition Draw a random offset Encryption function: Disclosure-resilient for very few known ciphertexts No resilience against known plaintext-ciphertext pairs 108 OPFs Plaintext p Ciphertext c OPF2 OPF3 OPF1 OPF4 Random offset OPF5

Random Uniform Sampling Choose a splitting element: Random selection / median of the (sub)domain Randomly assign ciphertext to chosen plaintext Recursively sample subspaces 108 OPFs Splitting element p3 p1 Plaintext p Ciphertext c p2 c3 c1 c2

Random Subrange Selection Randomly decide whether to draw or first Lower bound first: ; Upper bound first: ; Sample OPF from subrange (alternative constr. scheme) Plaintext p Ciphertext c

Evaluation and Results Empiric evaluation using 108 randomly generated OPFs The suggested OPF construction schemes reduce the significance of specific plaintexts

Average Number of Significant Plaintexts 108 OPFs C: Known pairs strongly decrease ; offset add. ineffective ; subrange selection less effective A: Novel schemes increase ; offset addition and subrange selection most effective A B C D B: Disclosure of ciphertexts affects all approaches; novel schemes more effective than “ideal object” D: Chosen pairs render all schemes ineffective

Average Expected Estimation Error 108 OPFs confirms the results of ; subrange selection using the “ideal object” shows a smaller error (dominant peak of m.l.p.) A B C D

Conclusion & Outlook Conclusion Future work The suggested OPF construction schemes are able to reduce the significance of specific plaintexts when compared to the “ideal object” However, the resilience against the disclosure of additional information is not yet sufficient for practical applications Future work Consider the impact of an increasing range size Investigate alternative OPF construction schemes with high disclosure-resilience in case of well-informed adversaries