Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig.

Published bySheryl Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig."— Presentation transcript:

1 1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig

2 2 Motivation Why searches on encrypted data? –Searching on encrypted e-mails on mail servers –Searching on encrypted files on file servers –Searching on encrypted databases Why is this hard? –Perform computations on encrypted data is often hard –Usual tradeoffs: security and functionality Search query Download emails

3 3 Sequential Scan and Straw Man Example Search by sequential scan: W i -1 m bits WiWi W i+1 m bits … … W Search for W Naïve approach: E(W i –1 ) m bits E(W i ) m bits E(W i+1 ) m bits … … E(W) Search for W WW E(W)

4 4 Desired Properties Provable security –Provable secrecy: encryption scheme is provable secure –Controlled search: server cannot search for arbitrary word –Query isolation: search for one word does not leak information about other different words –Hidden queries: does not reveal the search words Efficiency – Low computation overhead – Low space and communication overhead – Low management overhead

5 5 The Key Idea W i -1 m bits WiWi W i+1 m bits … … S i -1 m bits SiSi S i+1 m bits … … C i -1 CiCi C i+1 … …  W i+1  Search for W i+1

6 6 Setup and Notations Document: sequence of fixed length words W i -1 m bits WiWi W i+1 m bits … … Pseudorandom Function F and key K : F K maps n bits to m-n bits Pseudorandom Generator G and seed: L  G ( seed ), L i  G i ( seed ) L i-1 n bits … … LiLi L i+1 n bits

7 7 Basic Scheme (Encryption) WiWi m bits LiLi n bits L i  G i (seed),  CiCi m bits RiRi m-n bits R i  F K ( L i )

8 8 Basic Scheme (Decryption) m bits n bits  m-n bits m bits WiWi LiLi RiRi CiCi n bits m-n bits C i,L C i,R L i  G i (seed), R i  F K ( L i ) LiLi RiRi  WiWi

9 9 Basic Scheme (Searches) Search for word W, give server W and K Check: R i ' = F K ( L i ' ) ? Yes  match, ( false positive rate = 1 / 2 m-n ) m bits n bits  m-n bits m bits WiWi LiLi RiRi CiCi W  Li'Li' Ri'Ri' n bitsm-n bits

10 10 Problems with Basic Scheme Queries are not hidden, server learns word Query isolation is not satisfied, server learns K and can search for arbitrary words

11 11 Hidden Queries LiLi n bits L i  G i (seed), RiRi m-n bits R i  F K ( L i ) WiWi m bits E(W i ) m bits E(.)  CiCi m bits

12 12 Controlled Searches and Query Isolation For hidden queries, server can search for word W if it knows E(W) Controlled searches on words Instead of R i  F K ( L i ), R i  F K i ( L i ), where K i = F' K ( W i ) Enhancements –Check for a word in a single chapter/section only –Check only for “word occurs at least once” in document –Check only for “word occurs at least N times” in document

13 13 Improved Security (Change K) LiLi n bits L i  G i (seed), RiRi m-n bits R i  F K i ( L i ) WiWi m bits E(W i ) m bits E(.) where K i = F' K ( E( W i ))  CiCi m bits

14 14 Final Scheme (Encryption) LiLi n bits L i  G i (seed),  CiCi m bits RiRi m-n bits R i  F K i ( L i ) WiWi m bits E(W i ) E(.) E 1 (W i ) E 2 (W i ) where K i = F' K ( E 1 ( W i ))

15 15 Final Scheme (Decryption) C i,L n bits C i,R m-n bits  LiLi E 1 (W i ) RiRi F k i (L i )  E 2 (W i ) LiLi n bits  CiCi m bits RiRi m-n bits WiWi m bits E(W i ) E(.) E 1 (W i ) E 2 (W i )

16 16 Advanced Search Queries Building blocks for advanced search queries W 1 and W 2, W 1 near W 2, W 1 immediately precedes W 2 Supports variable length words –Same provable security –Similar efficiency

17 17 Conclusion Provable security –Provable secrecy –Controlled search –Query isolation –Hidden queries Simple and efficient –O(n) stream cipher and block cipher operations per search –Almost no space and communication overhead –Easy to add documents –Convenient key management : user needs only one master key Embedding information in pseudorandom bit streams

18 18 Discussion Search is one operation on an abstract encrypted data type What other operations on abstract encrypted data types are possible?

19 19

20 20 LenE l ( W i )E r (W i ) x bitsn-x bitsm-n bits LiLi RiRi n bitsm–n bits  CiCi m bits L i = G i ( r ),R i = F ( K i, L i ) Variable length words encryption scheme

21 21 Related Work Secure file servers and memory protection M. Blaze et al, M. Blum et al, P. Devanbu et al. Multiparty computation O. Goldreich et al, R. Canetti et al. Private information retrieval B. Chor et al, C. Cachin et al, Y. Gertner et al.

Download ppt "1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig."

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
CpSc 3220 File and Database Processing Lecture 17 Indexed Files.

CpSc 3220 File and Database Processing Lecture 17 Indexed Files.
Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.

Xiutao Feng Institute of Software Chinese Academy of Sciences A Byte-Based Guess and Determine Attack on SOSEMANUK.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Introduction to Practical Cryptography Lecture 9 Searchable Encryption.

Introduction to Practical Cryptography Lecture 9 Searchable Encryption.
Negotiated Privacy CS551/851CRyptographyApplicationsBistro Mike McNett 30 March 2004 Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy.Negotiated.

Negotiated Privacy CS551/851CRyptographyApplicationsBistro Mike McNett 30 March 2004 Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy.Negotiated.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
BTrees & Bitmap Indexes

BTrees & Bitmap Indexes
Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date.

Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.
Daniel Moran & Marina Yatsina. Access control through encryption.

Daniel Moran & Marina Yatsina. Access control through encryption.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.

Practical Techniques for Searches on Encrypted Data Author:Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀汶承.
1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.

1 Secure Indexes Author : Eu-Jin Goh Presented by Yi Cheng Lin.
Information retrieval Finding relevant data using irrelevant keys Example: database of photographic images sorted by number, date. DBMS: Well structured.

Information retrieval Finding relevant data using irrelevant keys Example: database of photographic images sorted by number, date. DBMS: Well structured.

Similar presentations

Ads by Google