Presentation is loading. Please wait.

Presentation is loading. Please wait.

Functional Cryptography

Published byIngemar Jansson Modified over 6 years ago

Similar presentations

Presentation on theme: "Functional Cryptography"— Presentation transcript:

1 Functional Cryptography
Crypto is your Friend Dr Vincenzo Iovino Research Associate SnT, University of Luxembourg ApSIA FinTech R&D Innovation Conference January 19th 2016, Chambre de Commerce, Luxembourg

2 Protect Private Data Docs, s Payment Card Industry (PCI) Health Care The most important problem that cryptography faces is to protect private data belonging to individuals as well as to companies and governments. These include s, data of the payment card industry, health care data, and many other sensitive information. According to the new EU data regulation, anyone who touches or has access to your data, wherever they are based, is responsible in the case of a DATA BREACH. Old cryptography (here personified by the black and white face of Diffie) provides a partial solution in case of data breach: if the data are encrypted an hacker can not gain any useful information from the stolen data. Notwithstanding, in the era of Internet TWO DOT ZERO traditional crypto is becoming a limitation.

3 Cloud Computing To figure out the reason of such limitation, I will first present a short overview of an emerging paradigm of the Internet that is CLOUD COMPUTING. Nowadays many users, companies and governments are moving their data to the Cloud, and if you never heard about it be aware that if you own an android phone (like this) your contacts and s are stored in the Cloud! In cloud computing a user sends his data to the server, also called the Cloud. Later another possibly different user can request to the Cloud to retrieve some data or perform some computation on the data stored in the Cloud. If such user is authorized the Cloud returns the requested document or the result of the computation to the user. In a Secure Cloud System a malicious user should not be able to leak any information that is not entitled to access. We are not interested only in preventing an external attacker to leak information but we also want that internal users do not leak too much information: for instance, if the previous user is authorized to retrieve all s with subject FinTech, he should not be able to retrieve s with different subjects. Moreover in this model the CLOUD is not trusted; in fact the CLOUD is usually third-party service, like google or yahoo, to which individual, companies or governements delegated their data and the Cloud has NOT to leak too much information. It is not exaggeration to expect that in the near future a lot of sensitive information will be outsourced to the Cloud, and recently the City of Los Angeles announced plans to outsource all their data to Gooogle, the major cloud service. City of LA plans outsourcing all data to Google

4 FE: a new paradigm Pk SK TokFinTech
If data are encrypted how to access encrypted data? g. PCI Standards Idea: Need token to access data, e.g., MS Word files Pk TokFinTech SK Traditional crypto is not suitable for cloud computing. In fact, If data are encrypted with a standard Public-key Encryption scheme how to access encrypted data? Consider a scenario where an user first uploads to the Cloud his MS WORD documents where any file is encrypted with a traditional PKE scheme. Later the user wants to download only the documents containing the word FINTECH. But, being the data encrypted, the Cloud can not know which file has to return to the user. To allow the Cloud to access and compute over encrypted data the idea is to create a different TOKEN for any operation we want to support and hand this token to the Cloud. Using the PK of the system the User Gabriele encrypts his MS word files and send them to the Cloud. Later the User Vincenzo is given a Token for the tag FinTech and send it to the server who uses this token to SELECTIVELY DECRYPT only the encrypted documents containing the tag FINTECH, and thus can return to Vincenzo the results in the clear. Both Vincenzo and the server will only acquire information regarding documents containing the word FINTECH but no other information on any other files of Gabriele will be leaked.

5 Functional Encryption
PK PK MSK Token(f) f(m) f Token(f) Enc(m) In more detail the setting of FE is the following. There is a CA who sets-up a PK and a MSK. The PK is sent to Bob. Ant any point Alice can send a function f to the CA who returns her the Token for f. Later Bob holds a message m, encrypts it and sends it to Alice. Now Alice holds the token for f, the encryption of m, and can combine them to compute f(m), the evaluation of the function f on the message m. And the security should guarantee that this be the only information that Alice can compute. m m f(m))

6 Why Functional Encryption?
Best possible privacy: ? OR Fintech Dept. Salary > 10K Information leakage: employees in FinTech Dept. or with Salary > 10K but nothing else (e.g. the age, or exact amount of salary) Why Functional Encryption? Consider a company that outsourced to a Cloud server all the data of its employees in encrypted form, and let us assume that the head of the company wants to retrieve the data for all employees satisfying the following condition: Either the Employee is in the FinTech Department or His/her salary is >10KEURO. With traditional crypto the server is not able to answer such query unless you hand it the secret-key but in this case the server would be allowed it to decrypt everything. Instead, by using FE you hand the server only the token for this particular function. Not even the admin of server leak information!

7 Reconciling Privacy with business:
Benefits ? Reconciling Privacy with business: Cloud services make bu$in€$$ with data: e.g., Google shows personalized ads based on your s CRYPTO IS YOUR FRIEND Privacy clashes with business: If were encrypted, Google could not compute ads FE and Functional Cryptography turn out to have a nice economic twist. Cloud providers like Google make business with your data: for instance by showing personalized advertisments based on s in your inbox. In the world of traditional crypto privacy clashes with business: if s are encrypted Google can not compute advertisements! FE allows to reconcile Privacy with Business and to solve this conflict: s can be encrypted with FE and users can give Google the token to compute the advertisements. From the point of view of Google nothing changed: Google can still display advertisements as before But now the users have Privacy! In one take-away sentence: CRYPTO IS YOUR FRIEND FE resolves the conflict: can be encrypted and users give Google the token to compute ads

8 Function Privacy (Arriaga et al. ‘16) Deniability (Iovino et al. ‘16)
Future directions? Constructions of FE targeted towards real-world solutions and business Function Privacy (Arriaga et al. ‘16) A lot of theoretical research has been accomplished in recent years but few has been done to construct FE schemes targeted for real-world problems and in particular for BUSINESS, and there are a lot of ongoing works and future research directions.. Functional Cryptography offers new opportunities to find, fund, and found a new solid business Deniability (Iovino et al. ‘16) RAM programs Efficiency Multi-Inputs Mergeable Controlled HomFE …???

9 The speaker thanks the Fonds National de la Recherche (Luxembourg) to fund his research

10 for questions contact: iovino.vincenzo@uni.lu
We hope you find, in either part, enjoyment, some inspiration, and even possibly an interest in investment. I’ll now yield the floor to Prof. Etalle. [Intro to Prof Etalle]

Download ppt "Functional Cryptography"

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.

VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.

Certificateless encryption and its infrastructures Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Copyright ©: 1995-2011 SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Network Security – Special Topic on Skype Security.

Network Security – Special Topic on Skype Security.
Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE.

Protection of outsourced data MARIA ANGEL MARQUEZ ANDRADE.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Similar presentations

Ads by Google