Keyword search on encrypted data. Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance.

Slides:

Advertisements

Similar presentations

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Advertisements

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Introduction to Practical Cryptography Lecture 9 Searchable Encryption.

Searchable Symmetric Encryption :Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky.

INTRODUCTION PROBLEM FORMULATION FRAMEWORK AND PRIVACY REQUIREMENTS FOR MRSE PRIVACY-PRESERVING AND EFFICIENT MRSE PERFORMANCE ANALYSIS RELATED WORK CONCLUSION.

2 Your data is anywhere but not in your control Security breaches are recurrent – Weakest link: hardware, software, technicians, … You may trust the science.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

1 Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Chapter 5 Cryptography Protecting principals communication in systems.

Identity Based Encryption

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

A Designer’s Guide to KEMs Alex Dent

Efficient Conjunctive Keyword-Searchable Encryption,2007 Author: Eun-Kyung Ryu and Tsuyoshi Takagi Presenter: 顏志龍.

Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

Strongly Secure Certificateless Encryption Alexander W. Dent Information Security Group

1 Secure Indexes Author ： Eu-Jin Goh Presented by Yi Cheng Lin.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Building an Encrypted and Searchable Audit Log 11th Annual Network and Distributed Security Symposium (NDSS '04); 2004 February 5-6; San Diego; CA. Presented.

Public Key Encryption that Allows PIR Queries Dan Boneh 、 Eyal Kushilevitz 、 Rafail Ostrovsky and William E. Skeith Crypto 2007.

Encryption Schemes Second Pass Brice Toth 21 November 2001.

Introduction to Public Key Cryptography

Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.

Maps A map is an object that maps keys to values Each key can map to at most one value, and a map cannot contain duplicate keys KeyValue Map Examples Dictionaries:

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Chapter 2 Basic Encryption and Decryption. csci5233 computer security & integrity 2 Encryption / Decryption encrypted transmission AB plaintext ciphertext.

Cryptography Lecture 8 Stefan Dziembowski

Calculating Discrete Logarithms John Hawley Nicolette Nicolosi Ryan Rivard.

The Steganographic File System Ross Anderson, Roger Needlham, Adi Shamir Presented by: Pan Meng Presented by: Pan Meng.

AES Background and Mathematics CSCI 5857: Encoding and Encryption.

1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.

How to Update Documents Verifiably in Searchable Symmetric Encryption Kaoru Kurosawa and Yasuhiro Ohtaki Ibaraki University, Japan.

Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.

Computer and Network Security Rabie A. Ramadan Lecture 6.

Q: How do Ole and Lena get a shared private key? 1) Lena  LockmasterE keyLena ( ID Lena || ID Ole ) Example (Suppose Lena wants a key to shared with Ole.)

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

Secure Data Outsourcing. Outline  Motivation  Background  Research issues  Summary.

Shanti Bramhacharya and Nick McCarty. This paper deals with the vulnerability of RFIDs A Radio Frequency Identifier or RFID is a small device used to.

1 Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data Peishun Wang, Huaxiong Wang, and Josef Pieprzyk: SDM LNCS, vol.

Chapter 10 Hashing. The search time of each algorithm depend on the number n of elements of the collection S of the data. A searching technique called.

Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.

Network Security Lecture 18 Presented by: Dr. Munam Ali Shah.

Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.

Computer System Design Lab 1 Inverted Index Based Multi-Keyword Public-key Searchable Encryption with Strong Privacy Guarantee Bing Wang * Wei Song *†

When DRM Meets Restricted Multicast A Content Encryption Key Scheme for Restricted Multicast and DRM Min FENG and Bin ZHU Microsoft Research Asia.

DES Analysis and Attacks CSCI 5857: Encoding and Encryption.

Public Key Encryption with Keyword Search

Presented By Amarjit Datta

Tae-Joon Kim Jong yun Jun

Searching Over Encrypted Data Charalampos Papamanthou ECE and UMIACS University of Maryland, College Park Research Supported By.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

SSE-2 Step1: keygen(1 k ):s {0,1} k,output K=s Step2:Buildindex(K,D): 建立 table T, p=word bit+max bit R 假設 w 1 出現在 D 1,D 3 T[π s (w 1 ||1)]=D 1 T[π s (w.

Key Exchange in Systems VPN usually has two phases –Handshake protocol: key exchange between parties sets symmetric keys –Traffic protocol: communication.

Data Security and Privacy Keke Chen

Searchable Encryption in Cloud

Information Retrieval in Practice

Privacy Preserving Ranked Multi-Keyword

based on slides by Debra Cook

Building an Encrypted and Searchable Audit Log

Path Oram An Extremely Simple Oblivious RAM Protocol

Presentation transcript:

Keyword search on encrypted data

Keyword search problem  Linux utility: grep  Information retrieval Basic operation Advanced operations – relevance analysis and ranking Search engines highly complicated problem

New settings  Search data in the cloud  Filter encrypted s  Privacy preserving log retrieval

Basic techniques  Symmetric encryption  Public key encryption  Simple keyword matching  A little bit relevance evaluation

Secure keyword search with symmetric encryption  Paper: Song 2000 Seed is random, different for each Wi Key idea: Li and Ri are self- verifiable Advantage of XOR

How to set K?

 Setting of ki Ki = Fk’(Wi), k’ is secret User publishes W and k = Fk’(W) Server checks CiW  whether == CiW It reveals nothing if Ci is not the ciphertext for W. And Li is random for different Wi – server cannot find any information from Li.

Hidden search  In previous schemes, W is revealed  Weakness: each search will have to release k for W  Easy to collect information  Solution: encrypt Wi with an private key, then xor with  Still weaknesses Wi encryption should be deterministic Access pattern is leaked Linear scan over the whole doc collection

Typical method for speedy keyword based search  Using the “inverted index” Word -> doc1:pos, doc2:pos,… Or simply word -> doc1, doc2, … However, inverted index reveals the word frequency

Recent developments  Reza 2006 “Searchable symmetric encryption: improved definitions and efficient constructions” Completely solved this problem, with a solution indistinguishability under chosen ciphertext attack (IND-CCA)  Allow inverted index  Hide word frequency

setup  D – the set of documents {D1,…,Dn}  max - the maximum number of distinct words in a document  Li – the list of document IDs that contain the keyword w_i, plus some dummy entries to reach max  A – array contains all elements in Li (max * |D|)  T – table that contains the )

 Symmetric encryption function, encrypt words and document ids id(Dj) for wi entry is encoded as enc(wi||j) to make indistinguishable  Pseudo-random function f  Two pseudo-random permutation functions  : for mapping word to table entry : for mapping index to next node of Li to the index of array A

Building the index table T The key used to encrypt the node N i, to random values of the same size of the existing entries

 Generating Li with K i,0, We can decrypt all nodes in the list For the remaining max – |D(wi)| dummy nodes, store the doc id that Already appears in the first |D(wi)| entries. This can be done with the help of a look-up table I

Search  Generate the trapdoor  Search

Property  Each keyword search returns the same number of encrypted document ids – the attacker cannot distinguish word frequency

Search public-key encrypted data  Users who encrypt the data (with public key) can be different from the owner of the private key

Cyclic group  For example, if G = { g 0, g 1, g 2, g 3, g 4, g 5 } mod p is a group, then g 6 = g 0, and G is cyclic. p is the order g is the generator

Bilinear-map construction  Two groups G1 G2 of prime order p  A bilinear map : G1 X G1 -> G2  Properties: