1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig.

Slides:



Advertisements
Similar presentations
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Advertisements

CpSc 3220 File and Database Processing Lecture 17 Indexed Files.
Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Introduction to Practical Cryptography Lecture 9 Searchable Encryption.
Negotiated Privacy CS551/851CRyptographyApplicationsBistro Mike McNett 30 March 2004 Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy.Negotiated.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
BTrees & Bitmap Indexes
Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.
Daniel Moran & Marina Yatsina. Access control through encryption.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
Information retrieval Finding relevant data using irrelevant keys Example: database of photographic images sorted by number, date. DBMS: Well structured.
1 Constructing Pseudo-Random Permutations with a Prescribed Structure Moni Naor Weizmann Institute Omer Reingold AT&T Research.
CS 4432lecture #71 CS4432: Database Systems II Lecture #7 Professor Elke A. Rundensteiner.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.
Computer Security CS 426 Lecture 3
On Error Preserving Encryption Algorithms for Wireless Video Transmission Ali Saman Tosun and Wu-Chi Feng The Ohio State University Department of Computer.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
1.A file is organized logically as a sequence of records. 2. These records are mapped onto disk blocks. 3. Files are provided as a basic construct in operating.
Security and Protection of Information, Brno Using quasigroups for secure encoding of file system Eliška Ochodková, Václav Snášel
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Message Authentication  message authentication is concerned with: protecting the integrity of a message protecting the integrity of a message validating.
The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.
CSE3201/CSE4500 Information Retrieval Systems Signature Based Text Retrieval Systems.
One-Time Pad Or Vernam Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Cryptography, Authentication and Digital Signatures
Identity-Based Secure Distributed Data Storage Schemes.
Security: An Overview of Cryptographic Techniques /440 With slides from: Debabrata Dash, Nick Feamster, Gregory Kesden, Vyas Sekar and others.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
多媒體網路安全實驗室 Protecting the Privacy of Users in e-Commerce Environment Date: Reporter:Chien-Wen Huang Author: Chun-Hua Chen and Gwoboa Horng 出處:
Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.
Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, and Chen Zhang Purdue University June 7, 2005.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
1 Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data Peishun Wang, Huaxiong Wang, and Josef Pieprzyk: SDM LNCS, vol.
Chapter 11 Message Authentication and Hash Functions.
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.
Disk & File System Management Disk Allocation Free Space Management Directory Structure Naming Disk Scheduling Protection CSE 331 Operating Systems Design.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
Security March 9, Security What is security?  Techniques that control access to use a shared resource  Uses of shared resource must be authorized.
When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.
多媒體網路安全實驗室 Practical Searching Over Encrypted Data By Private Information Retrieval Date: Reporter: Chien-Wen Huang 出處: GLOBECOM 2010, 2010 IEEE.
Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,
Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.
Lecture 20 CSE 331 July 30, Longest path problem Given G, does there exist a simple path of length n-1 ?
Key Generation Protocol in IBC Author : Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.
CS4432: Database Systems II
SDSM IN MOBILE CLOUD COMPUTING By- ID NO-1069 K.C. SHARMILAADEVI Sethu Institute Of Tech IV year-ECE Department CEC Batch: AUG 2012.
1 Ullman et al. : Database System Principles Notes 4: Indexing.
หัวข้อบรรยาย Stream cipher RC4 WEP (in)security LFSR CSS (in)security.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Searchable Encryption in Cloud
Module 11: File Structure
Reporter:Chien-Wen Huang
Information Security and Management (Abstract) 5
based on slides by Debra Cook
Building an Encrypted and Searchable Audit Log
Cryptography Lecture 5.
Stream Cipher Structure
Presentation transcript:

1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig

2 Motivation Why searches on encrypted data? –Searching on encrypted s on mail servers –Searching on encrypted files on file servers –Searching on encrypted databases Why is this hard? –Perform computations on encrypted data is often hard –Usual tradeoffs: security and functionality Search query Download s

3 Sequential Scan and Straw Man Example Search by sequential scan: W i -1 m bits WiWi W i+1 m bits … … W Search for W Naïve approach: E(W i –1 ) m bits E(W i ) m bits E(W i+1 ) m bits … … E(W) Search for W WW E(W)

4 Desired Properties Provable security –Provable secrecy: encryption scheme is provable secure –Controlled search: server cannot search for arbitrary word –Query isolation: search for one word does not leak information about other different words –Hidden queries: does not reveal the search words Efficiency – Low computation overhead – Low space and communication overhead – Low management overhead

5 The Key Idea W i -1 m bits WiWi W i+1 m bits … … S i -1 m bits SiSi S i+1 m bits … … C i -1 CiCi C i+1 … …  W i+1  Search for W i+1

6 Setup and Notations Document: sequence of fixed length words W i -1 m bits WiWi W i+1 m bits … … Pseudorandom Function F and key K : F K maps n bits to m-n bits Pseudorandom Generator G and seed: L  G ( seed ), L i  G i ( seed ) L i-1 n bits … … LiLi L i+1 n bits

7 Basic Scheme (Encryption) WiWi m bits LiLi n bits L i  G i (seed),  CiCi m bits RiRi m-n bits R i  F K ( L i )

8 Basic Scheme (Decryption) m bits n bits  m-n bits m bits WiWi LiLi RiRi CiCi n bits m-n bits C i,L C i,R L i  G i (seed), R i  F K ( L i ) LiLi RiRi  WiWi

9 Basic Scheme (Searches) Search for word W, give server W and K Check: R i ' = F K ( L i ' ) ? Yes  match, ( false positive rate = 1 / 2 m-n ) m bits n bits  m-n bits m bits WiWi LiLi RiRi CiCi W  Li'Li' Ri'Ri' n bitsm-n bits

10 Problems with Basic Scheme Queries are not hidden, server learns word Query isolation is not satisfied, server learns K and can search for arbitrary words

11 Hidden Queries LiLi n bits L i  G i (seed), RiRi m-n bits R i  F K ( L i ) WiWi m bits E(W i ) m bits E(.)  CiCi m bits

12 Controlled Searches and Query Isolation For hidden queries, server can search for word W if it knows E(W) Controlled searches on words Instead of R i  F K ( L i ), R i  F K i ( L i ), where K i = F' K ( W i ) Enhancements –Check for a word in a single chapter/section only –Check only for “word occurs at least once” in document –Check only for “word occurs at least N times” in document

13 Improved Security (Change K) LiLi n bits L i  G i (seed), RiRi m-n bits R i  F K i ( L i ) WiWi m bits E(W i ) m bits E(.) where K i = F' K ( E( W i ))  CiCi m bits

14 Final Scheme (Encryption) LiLi n bits L i  G i (seed),  CiCi m bits RiRi m-n bits R i  F K i ( L i ) WiWi m bits E(W i ) E(.) E 1 (W i ) E 2 (W i ) where K i = F' K ( E 1 ( W i ))

15 Final Scheme (Decryption) C i,L n bits C i,R m-n bits  LiLi E 1 (W i ) RiRi F k i (L i )  E 2 (W i ) LiLi n bits  CiCi m bits RiRi m-n bits WiWi m bits E(W i ) E(.) E 1 (W i ) E 2 (W i )

16 Advanced Search Queries Building blocks for advanced search queries W 1 and W 2, W 1 near W 2, W 1 immediately precedes W 2 Supports variable length words –Same provable security –Similar efficiency

17 Conclusion Provable security –Provable secrecy –Controlled search –Query isolation –Hidden queries Simple and efficient –O(n) stream cipher and block cipher operations per search –Almost no space and communication overhead –Easy to add documents –Convenient key management : user needs only one master key Embedding information in pseudorandom bit streams

18 Discussion Search is one operation on an abstract encrypted data type What other operations on abstract encrypted data types are possible?

19

20 LenE l ( W i )E r (W i ) x bitsn-x bitsm-n bits LiLi RiRi n bitsm–n bits  CiCi m bits L i = G i ( r ),R i = F ( K i, L i ) Variable length words encryption scheme

21 Related Work Secure file servers and memory protection M. Blaze et al, M. Blum et al, P. Devanbu et al. Multiparty computation O. Goldreich et al, R. Canetti et al. Private information retrieval B. Chor et al, C. Cachin et al, Y. Gertner et al.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.