Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Slides:

Advertisements

Similar presentations

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Online Security Tuesday April 8, 2003 Maxence Crossley.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

CSCI 6962: Server-side Design and Programming

Programming Satan’s Computer

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

World Wide Web Hypertext model Use of hypertext in World Wide Web (WWW) WWW client-server model Use of TCP/IP protocols in WWW.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Types of Electronic Infection

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

Web Design and Development. World Wide Web  World Wide Web (WWW or W3), collection of globally distributed text and multimedia documents and files 

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.

Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.

Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites Paper by Sooel Son and Vitaly Shmatikov, The University of Texas.

Information Systems Design and Development Security Precautions Computing Science.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Guided by : VIPUL GAJJAR Prepared by: JIGAR KAKADIYA.

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

Security Outline Encryption Algorithms Authentication Protocols

Cryptographic Hash Function

Lecture 4 - Cryptography

Presentation transcript:

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu

Motivation Web application use servers to store and process confidential information. Problems – Anyone who gains access to the server can obtain all of the data stored there. Solution? – Give each user their own encryption key, encrypt a user’s data with that user’s key in the web browser, and store only encrypted data on the server.

Shortcomings 1.a compromised server could provide malicious code to the browser and extract the user’s key and data. 2.It does not provide data sharing between users. 3.It is often impractical that all of the application logic runs in a user’s web browser.

Mylar Goal: help the site owner protect the confidential data of users in the face of a malicious or compromised server operator. Computing over encrypted data Data sharing Verifying application code

Architecture Browser extension: Verify that the code of application has not been tampered with. Client-side library: Intercepts data sent to and from the server, and encrypts or decrypts that data. Server-side library: Performs computation over encrypted data at the server. IDP: Verify that a given public key belongs to a particular username.

Mylar for developers

Assumption – The web application will not send user data or keys to untrustworthy recipient, and cannot be tricked into doing so by exploiting bugs. – IDP correctly verifies each user’s identity when signing certificates. – The user checks the web browser’s security indicator and the URL of the web application they are using, before entering any sensitive data. Security overview – Verify the application code running in the browser – The client code encrypts the data marked sensitive before sending it to the server – Perform keyword search over documents encrypted with many different keys

Sharing data between users Access graph – Key chaining Certification graph

Computing the encrypted data Multi-key search – Only need to provide a single search token – Use delta to adjust one token to another. – Enable the server to compute token by itself. – For security, our scheme guarantees that the server does not learn the word being searched for, and does not learn the content of the documents.

Computing the encrypted data Cryptographic construction

Static Principals Access Control Certify Other Principals Similar to IDP Example: Student accounts are manually created by staff

User Principals creat_user(uname, password, auth_princ) auth_princ can be either static principal or IDP auth_princ helps generate certificate

Straw Man Solution when Sharing Data Rely on the server Compromised server tricks the client application into using the public key of an adversary Hard to prevent such attacks Wrapped keys stored at the server

Mylar Solution: Certification Graph One principle vouches for another Principles from the access graph together with some authority principals Certificate chains princ_lookup(name 1, name 2,…..,name k, root)

Data Integrity All encrypted data is authenticated with a MAC An adversary can still replace the ciphertext of one field with any other ciphertext encrypted using the same key Solution: an authentication set of fields MAC: the values of all fields in the set Chat room application: message body, client generated timestamp Roll back the whole authentication set to an earlier version, but cannot roll back a subset of an authentication set

Verifying Client-Side Code Same-origin policy Straw man solution: sign this code and verify the signature in the browser If an image is loaded in the context of an tag Loaded as a top-level page Developer inadvertently includes a malicious image file in the application

Two-Origin Signing The primary origin: top-level HTML file Signed by site owner’s private key Can be rolled back Secondary origin: all other files Image, CSS style sheets and Javascript code and so on Include a mylar_hash=h parameter in the query string, which prevents an adversary from tempering with that content or rolling it back to an earlier version.

Browser Extension Make use of Two-Origin Signing to verify that applications are properly signed The site owner’s public key is embedded in the X.509 certificate of the web server hosting the web application Decrypt the signature signed by web site owner’s Test whether hash(response) matches mylar_hash=h

Performance Evaluation Developer effort Performance overheads

Developer Effort Average lines of code added per application: 36 Little developer effort is required to protect a wide range of confidential data

Latency Overall, latency is acceptable and the application still feels responsive

Latency and Throughput Modest throughput overhead

Conclusion Keywords search over documents encrypted with different keys In the presence of an active adversary, share keys and encrypted data safely Verify Client-side application code Few changes to an application, and modest performance overheads Cannot guarantee data freshness, or correctness of query results.