Vladimir Kolesnikov (Bell Labs) Steven M. Bellovin, Seung Geol Choi, Ben Fisch, Wesley George, Angelos Keromytis, Fernando Krell, Abishek Kumarasubramanian,

Slides:

Advertisements

Similar presentations

Constant-Round Private Database Queries Nenad Dedic and Payman Mohassel Boston UniversityUC Davis.

Advertisements

Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Gate Evaluation Secret Sharing and Secure Two-Party Computation Vladimir Kolesnikov University of Toronto

Formal Language, chapter 4, slide 1Copyright © 2007 by Adam Webber Chapter Four: DFA Applications.

Oblivious Branching Program Evaluation

Multimedia Database Systems

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.

SplitX: High-Performance Private Analytics Ruichuan Chen (Bell Labs / Alcatel-Lucent) Istemi Ekin Akkus (MPI-SWS) Paul Francis (MPI-SWS)

Amortizing Garbled Circuits Yan Huang, Jonathan Katz, Alex Malozemoff (UMD) Vlad Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion) Cut-and-Choose Yao-Based.

Vladimir Kolesnikov (Bell Labs) Tal Malkin (Columbia U), Payman Mohassel (U Calgary), Mike Rosulek (Oregon State), Yehuda Lindell (Bar-Ilan U) Kedar Namjoshi,

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Models and Security Requirements for IDS. Overview The system and attack model Security requirements for IDS –Sensitivity –Detection Analysis methodology.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

ISP 433/533 Week 2 IR Models.

How Should We Solve Search Problems Privately? Kobbi Nissim – BGU A. Beimel, T. Malkin, and E. Weinreb.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

1 Introduction to Secure Computation Benny Pinkas HP Labs, Princeton.

1 Secure Indexes Author ： Eu-Jin Goh Presented by Yi Cheng Lin.

Practical Private Computation and Zero- Knowledge Tools for Privacy-Preserving Distributed Data Mining Yitao Duan and John Canny

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Multi-Client Non-Interactive Verifiable Computation Seung Geol Choi (Columbia U.) Jonathan Katz (U. Maryland) Ranjit Kumaresan (Technion) Carlos Cid (Royal.

Blind Seer: Scalable Private DB Querying Columbia-Bell Labs work on IARPA SPAR project Vladimir Kolesnikov (Bell Labs), Tal Malkin (Columbia) Steve Bellovin,

How to play ANY mental game

Insert presenter logo here on slide master. See hidden slide 4 for directions  Session ID: Session Classification: SEUNG GEOL CHOI UNIVERSITY OF MARYLAND.

Introduction. 2COMPSCI Computer Science Fundamentals.

All Rights Reserved © Alcatel-Lucent 2006, 2007 Mistyping in Two-Factor Password- Assisted Key Exchange Vlad Kolesnikov (Bell Labs) Charles Rackoff(U.

Querying Structured Text in an XML Database By Xuemei Luo.

Algorithms Artur Ekert. Our golden sequence H H Circuit complexity n QUBITS B A A B B B B A # of gates (n) = size of the circuit (n) # of parallel units.

Pseudo-Random Pattern Generator Design for Column ‑ Matching BIST Petr Fišer Czech Technical University Dept. of Computer Science and Engineering.

GARBLED CIRCUITS CHECKING GARBLED CIRCUITS MORE EFFICIENT AND SECURE TWO-PARTY COMPUTATION Payman Mohassel Ben Riva University of Calgary Tel Aviv University.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

10/10/2012ISC239 Isabelle Bichindaritz1 Physical Database Design.

Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

1 Secure Multi-party Computation Minimizing Online Rounds Seung Geol Choi Columbia University Joint work with Ariel Elbaz(Columbia University) Tal Malkin(Columbia.

The Replica Location Service The Globus Project™ And The DataGrid Project Copyright (c) 2002 University of Chicago and The University of Southern California.

SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.

Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.

Secure Computation (Lecture 2) Arpita Patra. Vishwaroop of MPC.

Wei-Shinn Ku Slide 1 Auburn University Computer Science and Software Engineering Query Integrity Assurance of Location-based Services Accessing Outsourced.

Secure Computation Lecture Arpita Patra. Recap >> Improving the complexity of GMW > Step I: Offline: O(n 2 c AND ) OTs; Online: i.t., no crypto.

1 Information Retrieval LECTURE 1 : Introduction.

Hidden Access Control Policies with Hidden Credentials Keith Frikken, Mikhail Atallah, Jiangtao Li CERIAS and Department of Computer Sciences Purdue University.

Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.

UC/Garbled Searchable Symmetric Encryption Kaoru Kurosawa Ibaraki University, Japan.

Presented By Amarjit Datta

Efficient Private Matching and Set Intersection Mike Freedman, NYU Kobbi Nissim, MSR Benny Pinkas, HP Labs EUROCRYPT 2004.

Private Information Retrieval Based on the talk by Yuval Ishai, Eyal Kushilevitz, Tal Malkin.

Secure Data Outsourcing

Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.

Efficient Oblivious Transfer with Stateless Secure Tokens Alcatel-Lucent Bell Labs Vlad Kolesnikov.

Technion Haifa Research Labs Israel Institute of Technology Underapproximation for Model-Checking Based on Random Cryptographic Constructions Arie Matsliah.

Improved OT Extension for Transferring Short Secrets Vladimir Kolesnikov (Bell Labs) Ranjit Kumaresan (Technion)

1© Nokia 2016 Overlaying Circuit Clauses for Secure Computation Sean Kennedy Vladimir Kolesnikov Gordon Wilfong Bell Labs.

Multi-Party Computation r n parties: P 1,…,P n  P i has input s i  Parties want to compute f(s 1,…,s n ) together  P i doesn’t want any information.

A Fixed-key Blockcipher

Topic 36: Zero-Knowledge Proofs

Searchable Encryption in Cloud

Vladimir Kolesnikov (Bell Labs), Tal Malkin (Columbia)

Committed MPC Multiparty Computation from Homomorphic Commitments

563.10: Bloom Cookies Web Search Personalization without User Tracking

Verifiable Oblivious Storage

Cryptographic protocols 2015, Lecture 14 Garbled Circuits

Privacy Preserving analytics Private Set Intersection(PSI)

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

MPC Scenario 1. “Privacy-protected contingency tables”

CRYP-F02 Actively Secure 1-out-of-N OT Extension with Application to Private Set Intersection Peter Scholl (University of Bristol) Michele Orrù (ENS Paris)

Presentation transcript:

Vladimir Kolesnikov (Bell Labs) Steven M. Bellovin, Seung Geol Choi, Ben Fisch, Wesley George, Angelos Keromytis, Fernando Krell, Abishek Kumarasubramanian, Tal Malkin, Vasilis Pappas and Binh Vo Practical Private DB Querying

2 | Columbia U / Bell Labs BLIND SEER BLoom-filter INDex SEarch of Encrypted Results BLIND SEER Как вы яхту назовете, Так она и поплывет. *The boat’s character is determined by her name.

3 Outline Problem High-level Approach Selected subtleties Motivation for MPC scenarios

4 Required features 100M records, 10TB DB Preserve query and data privacy Robust query support: select * where NAME=Bob AND AGE >20 Boolean query expressions (including at least three conjunctions) Range queries and inequalities for integer numeric, date/time, etc Matching of keywords ―close to a specified value (stemming) Text fields with many keywords (e.g. 100’s) Matching of values with wildcards Matching of values with a specified subsequence m-of-n conjunctions Ranking of results … Allowed up to 2-10x overhead compared to MySQL

5 COPYRIGHT © 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Blind Seer Architecture

6 Secure Computation: how to scale If OK to have some security loss (as efficiency tradeoff): Identify privacy-critical subroutines and implement them securely Insecure implementation of the rest Challenge: Understand and formalize security guarantees (hard problem)

7 Natural Trade Offs Deterministic encryption Because of scale, comparison of encrypted values used in search must be very fast. Not clear how to approach with probabilistic encryption Access patterns Seems quite expensive to avoid, so live with it.

8 Bloom Filter Constant-time querying Efficient storage (ca 10 bits per keyword) Fixed access pattern (same for both match and non-match) Encrypted BF: Same as BF, but objects are encrypted – need deterministic encryption

9 | Columbia U / Bell Labs Occluded BF Idea: Mask BF with a (pseudo-)random pad Let Client know the pad (via seed) Then Client and Server run SFE for computing match, where C inputs pad. GC is very efficient: gates per term, plus gates to implement formula. Query: C sends Enc(kw), S computes match OK for single keyword searches For formulas, need to hide terms matching

10 DB Search … DB records S … C … … … … Solution: Evaluate via Secure Computation

11 Security Guarantee We leak to S at most the following access patterns: - the query pattern of a set of queries (e.g., S can distinguish between simple and complex queries) - tree search pattern of each query - returned records access pattern

12 Subtlety 1: inexact data representation by BF A B C

13 Subtlety 1: inexact data representation by BF A B C

Result Set Size Indistinguishability Goal: hide from S whether there was a 0 or 1 match. S is an airline and C is gov’t querying for POI. Expect 0 hits S learning of a match can be disruptive. Def 1: Consider probability of bad event, prove it’s small Def 2: If distinguishable, guarantee that D’s confidence is not very high

Result Set Size Indistinguishability N paths

16 Malicious behavior in OT/Circuit generation Client Index Server Query Checker Client Query For results Client Query For Check Big potential for cheating

17 Malicious behavior in OT/Circuit generation Client Index Server Query Checker Garbled Query Check Circuit Garbled Universal Circuit Information to Synchronize keys Client does not learn the output of either the policy Or the result. Learns only garbled output

18 IS generates universal circuit which evaluates any circuit on any input. Circuit has a fixed tree pattern. The gates and inputs are unknown and provided by the client and IS AND of policy check circuit and universal circuit performed Inputs to PC and Evalualtion Circuits are cryptographically binded. (Malicious.. ) Universal Circuit

19 COPYRIGHT © 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Universal Query Circuit Transformation “Free” XOR gates!

20 Universal circuit for a small set of circuits (queries meeting policy) Here latency not very important. Throughput is important Often no opportunity for offline phase (queries arrive at same rate) GC batching in the hundreds of thousands Small shallow circuits (# of OTs similar to # gates) Fast server-aided malicious security (S does not know circuit) Practical MPC problems from Blind Seer