Results 1  10
of
51
An idealsecurity protocol for orderpreserving encoding
 In Proc. of the 34th IEEE Symposium on Security and Privacy
, 2013
"... Abstract—Orderpreserving encryption—an encryption scheme where the sort order of ciphertexts matches the sort order of the corresponding plaintexts—allows databases and other applications to process queries involving order over encrypted data efficiently. The ideal security guarantee for orderpres ..."
Abstract

Cited by 34 (4 self)
 Add to MetaCart
(Show Context)
Abstract—Orderpreserving encryption—an encryption scheme where the sort order of ciphertexts matches the sort order of the corresponding plaintexts—allows databases and other applications to process queries involving order over encrypted data efficiently. The ideal security guarantee for orderpreserving encryption put forth in the literature is for the ciphertexts to reveal no information about the plaintexts besides order. Even though more than a dozen schemes were proposed, all these schemes leak more information than order. This paper presents the first orderpreserving scheme that achieves ideal security. Our main technique is mutable ciphertexts, meaning that over time, the ciphertexts for a small number of plaintext values change, and we prove that mutable ciphertexts are needed for ideal security. Our resulting protocol is interactive, with a small number of interactions. We implemented our scheme and evaluated it on microbenchmarks and in the context of an encrypted MySQL database application. We show that in addition to providing ideal security, our scheme achieves 1–2 orders of magnitude higher performance than the stateoftheart orderpreserving encryption scheme, which is less secure than our scheme. Keywordsorderpreserving encryption, encoding I.
Processing Analytical Queries over Encrypted Data
"... MONOMI is a system for securely executing analytical workloads over sensitive data on an untrusted database server. MONOMI works by encrypting the entire database and running queries over the encrypted data. MONOMI introduces split client/server query execution, which can execute arbitrarily complex ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
(Show Context)
MONOMI is a system for securely executing analytical workloads over sensitive data on an untrusted database server. MONOMI works by encrypting the entire database and running queries over the encrypted data. MONOMI introduces split client/server query execution, which can execute arbitrarily complex queries over encrypted data, as well as several techniques that improve performance for such workloads, including perrow precomputation, spaceefficient encryption, grouped homomorphic addition, and prefiltering. Since these optimizations are good for some queries but not others, MONOMI introduces a designer for choosing an efficient physical design at the server for a given workload, and a planner to choose an efficient execution plan for a given query at runtime. A prototype of MONOMI running on top of Postgres can execute most of the queries from the TPCH benchmark with a median overhead of only 1.24 × (ranging from 1.03 × to 2.33×) compared to an unencrypted Postgres database where a compromised server would reveal all data. 1.
Orthogonal security with cipherbase
 Proc. of the 6th CIDR, Asilomar, CA
, 2013
"... This paper describes the design of the Cipherbase system. Cipherbase is a fullfledged SQL database system that achieves high performance and high data confidentiality by storing and processing strongly encrypted data. The Cipherbase system incorporates customized trusted hardware, extending Microso ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
This paper describes the design of the Cipherbase system. Cipherbase is a fullfledged SQL database system that achieves high performance and high data confidentiality by storing and processing strongly encrypted data. The Cipherbase system incorporates customized trusted hardware, extending Microsoft’s SQL Server for efficient execution of queries using both secure hardware and commodity servers. This paper presents the design of the Cipherbase secure hardware and its implementation using FPGAs. Furthermore, this paper shows how we addressed hardware / software codesign in the Cipherbase system.
Secure Nearest Neighbor Revisited
"... Abstract—In this paper, we investigate the secure nearest neighbor (SNN) problem, in which a client issues an encrypted query point E(q) to a cloud service provider and asks for an encrypted data point in E(D) (the encrypted database) that is closest to the query point, without allowing the server t ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
Abstract—In this paper, we investigate the secure nearest neighbor (SNN) problem, in which a client issues an encrypted query point E(q) to a cloud service provider and asks for an encrypted data point in E(D) (the encrypted database) that is closest to the query point, without allowing the server to learn the plaintexts of the data or the query (and its result). We show that efficient attacks exist for existing SNN methods [21], [15], even though they were claimed to be secure in standard security models (such as indistinguishability under chosen plaintext or ciphertext attacks). We also establish a relationship between the SNN problem and the orderpreserving encryption (OPE) problem from the cryptography field [6], [5], and we show that SNN is at least as hard as OPE. Since it is impossible to construct secure OPE schemes in standard security models [6], [5], our results imply that one cannot expect to find the exact (encrypted) nearest neighbor based on only E(q) and E(D). Given this hardness result, we design new SNN methods by asking the server, given only E(q) and E(D), to return a relevant (encrypted) partition E(G) from E(D) (i.e., G ⊆ D), such that that E(G) is guaranteed to contain the answer for the SNN query. Our methods provide customizable tradeoff between efficiency and communication cost, and they are as secure as the encryption scheme E used to encrypt the query and the database, where E can be any wellestablished encryption schemes. I.
Multiinput functional encryption
"... We introduce the problem of MultiInput Functional Encryption, where a secret key SKf can correspond to an nary function f that takes multiple ciphertexts as input. Multiinput functional encryption is a general tool for computing on encrypting data which allows for mining aggregate information fro ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
We introduce the problem of MultiInput Functional Encryption, where a secret key SKf can correspond to an nary function f that takes multiple ciphertexts as input. Multiinput functional encryption is a general tool for computing on encrypting data which allows for mining aggregate information from several different data sources (rather than just a single source as in single input functional encryption). We show wide applications of this primitive to running SQL queries over encrypted database, noninteractive differentially private data release, delegation of computation, etc. We formulate both indistinguishabilitybased and simulationbased definitions of security for this notion, and show close connections with indistinguishability and virtual blackbox definitions of obfuscation. Assuming indistinguishability obfuscation for circuits, we present constructions achieving indistinguishability security for a large class of settings. We show how to modify this construction to achieve simulationbased security as well, in those settings where simulation security is possible. Assuming differinginputs obfuscation [Barak et al., FOCS’01], we also provide a construction with similar security guarantees as above, but where the keys and ciphertexts are compact.
doi:10.1145/2330667.2330691 CryptDB: Processing Queries on an Encrypted Database
"... Theft of private information is a significant problem for online applications. For example, a recent investigation found that at least eight million people’s medical records were stolen as a result of data breaches between 2009 ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Theft of private information is a significant problem for online applications. For example, a recent investigation found that at least eight million people’s medical records were stolen as a result of data breaches between 2009
Semantically Secure OrderRevealing Encryption: MultiInput Functional Encryption Without Obfuscation
"... Deciding “greaterthan” relations among data items just given their encryptions is at the heart of search algorithms on encrypted data, most notably, noninteractive binary search on encrypted data. Orderpreserving encryption provides one solution, but provably provides only limited security guaran ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Deciding “greaterthan” relations among data items just given their encryptions is at the heart of search algorithms on encrypted data, most notably, noninteractive binary search on encrypted data. Orderpreserving encryption provides one solution, but provably provides only limited security guarantees. Twoinput functional encryption is another approach, but requires the full power of obfuscation machinery and is currently not implementable. We construct the first implementable encryption system supporting greaterthan comparisons on encrypted data that provides the “bestpossible ” semantic security. In our scheme there is a public algorithm that given two ciphertexts as input, reveals the order of the corresponding plaintexts and nothing else. Our constructions are inspired by obfuscation techniques, but do not use obfuscation. For example, to compare two 16bit encrypted values (e.g., salaries or age) we only need a 9way multilinear map. More generally, comparing kbit values requires only a (k/2 + 1)way multilinear map. The required degree of multilinearity can be further reduced, but at the cost of increasing ciphertext size. Beyond comparisons, our results give an implementable secretkey multiinput functional encryption scheme for functionalities that can be expressed as (generalized) branching programs of polynomial length and width. Comparisons are a special case of this class, where for kbit inputs the branching program is of length k + 1 and width 4.
MrCrypt: Static Analysis for Secure Cloud Computations
"... In a common use case for cloud computing, clients upload data and computation to servers that are managed by a thirdparty infrastructure provider. We describe MrCrypt, a system that provides data confidentiality in this setting by executing client computations on encrypted data. MrCrypt statically a ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
In a common use case for cloud computing, clients upload data and computation to servers that are managed by a thirdparty infrastructure provider. We describe MrCrypt, a system that provides data confidentiality in this setting by executing client computations on encrypted data. MrCrypt statically analyzes a program to identify the set of operations on each input data column, in order to select an appropriate homomorphic encryption scheme for that column, and then transforms the program to operate over encrypted data. The encrypted data and transformed program are uploaded to the server and executed as usual, and the result of the computation is decrypted on the client side. We have implemented MrCrypt for Java and illustrate its practicality on three standard benchmark suites for the Hadoop MapReduce framework. We have also formalized the approach and proven several soundness and security guarantees. 1.
OrderPreserving Encryption Secure Beyond OneWayness
"... Semanticsecurity of individual bits under a ciphertext are fundamental notion in modern cryptography. In this work we present the first results about this fundamental problem for OrderPreserving Encryption (OPE): “what plaintext information can be semantically hidden by OPE encryptions?” While OPE ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Semanticsecurity of individual bits under a ciphertext are fundamental notion in modern cryptography. In this work we present the first results about this fundamental problem for OrderPreserving Encryption (OPE): “what plaintext information can be semantically hidden by OPE encryptions?” While OPE has gained much attention in recent years due to its usefulness in secure databases, any partialplaintext indistinguishability (semantic security) result for it was open. Here, we propose a new indistinguishabilitybased security notion for OPE, which can ensure secrecy of lower bits of a plaintext (under essentially a random ciphertext probing setting). We then propose a new scheme satisfying this security notion (while earlier schemes do not satisfy it!). We note that the known security notions tell us nothing about the above partial plaintext indistinguishability because they are limited to being onewaybased. In addition, we show that our security notion with specific parameters implies the known security notion called WOW, and further, our scheme achieves WOW with better parameters than earlier schemes.
Property Preserving Symmetric Encryption
"... Processing on encrypted data is a subject of rich investigation. Several new and exotic encryption schemes, supporting a diverse set of features, have been developed for this purpose. We consider encryption schemes that are suitable for applications such as data clustering on encrypted data. In suc ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Processing on encrypted data is a subject of rich investigation. Several new and exotic encryption schemes, supporting a diverse set of features, have been developed for this purpose. We consider encryption schemes that are suitable for applications such as data clustering on encrypted data. In such applications, the processing algorithm needs to learn certain properties about the encrypted data to make decisions. Often these decisions depend upon multiple data items, which might have been encrypted individually and independently. Current encryption schemes do not capture this setting where computation must be done on multiple ciphertexts to make a decision. In this work, we seek encryption schemes which allow public computation of a prespecified property P about the encrypted messages. That is, such schemes have an associated property P of fixed arity k, and a publicly computable algorithm Test, such that Test(ct1,..., ctk) = P (m1,..., mk), where cti is an encryption of mi for i = 1,..., k. Further, this requirement holds even if the ciphertexts ct1,..., ctk were generated individually and independently. We call such schemes property preserving encryption schemes. Property preserving encryption (PPEnc) makes most sense in the symmetric setting due to the requirement that Test is publicly computable. In this work, we present a thorough investigation of property preserving symmetric encryption. We start by formalizing several meaningful notions of security for PPEnc. Somewhat surprisingly, we show that there exists a hierarchy of security notions for PPEnc, indexed by integers η ∈ N, which does not collapse. We also present a symmetric PPEnc scheme for encrypting vectors in ZN of polynomial length. This construction supports the orthogonality property: for every two vectors (x, y) it is possible to publicly learn whether x · y = 0 mod p. Our scheme is based on bilinear groups of composite order.