OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

Save this PDF as:

Size: px
Start display at page:

Transcription

1 OblivP2P: An Oblivious Peer-to-Peer Content Sharing System Yaoqi Jia, National University of Singapore; Tarik Moataz, Colorado State University and Telecom Bretagne; Shruti Tople and Prateek Saxena, National University of Singapore This paper is included in the Proceedings of the 25th USENIX Security Symposium August 10 12, 2016 Austin, TX ISBN Open access to the Proceedings of the 25th USENIX Security Symposium is sponsored by USENIX

10 Algorithm 2: OblivSel with seed-homomorphic PRG 1 ( σ, r) Gen(k, pos) set r =(r 1,,r m ) IT PIR.Query(q,L,pos); set σ =(σ 1,,σ m ), s.t., (σ 1,,σ m 1 ) \$ S m 1, and σ m = k m 1 i=1 σ i; block Select( σ, r,db) // Every peer P i compute Eshare i IT PIR.Compute(r i,db); set Dshare i = Eshare i G(σ i ); // Initiator compute Δ = m i=1 Dshare i; G(s 1 ) and G(s 2 ), then G(s 1 s 2 ) can be computed efficiently. That is, if the seeds are in a group (S, ), and outputs in (G, ), then for any s 1,s 2 S, G(s 1 s 2 )= G(s 1 ) G(s 2 ). We refer to [60] for more details. Decryption / Re-encryption using SH-PRG. Leveraging the property of SH-PRG, we explain the encryption, decryption and re-encryption of a block in our protocol. Every block in the tree is encrypted as Enc(k 1,block) =block + G(k 1 ). The decryption of the block can be then represented as block = Dec(k 1,Enc(k 1,block)) = block + G(k 1 ) G(k 1 ) For re-encrypting the encrypted block with a different key k 2, the tracker decrypts the encrypted block with a new secret key of the form k 1 k 2 such that, Dec(k 1 k 2,Enc(k 1,block)) = block + G(k 1 ) G(k 1 k 2 )=block + G(k 2 ) = Enc(k 2,block) OblivSel Instantiation In the following, we present an instantiation of OblivSel. We consider a set of L encrypted blocks. Each block block i is a vector of elements in a finite group G of order q. For every block, the key is generated at random from Z q. The tracker has to keep an association between the block key and its position. An algorithmic description is given in Algorithm 2. The tracker runs the Gen algorithm, which takes as inputs the secret key k with which the block is encrypted and the block s position pos, and outputs a secret shared value of the key, σ, as well as the IT-PIR queries, r. Every peer P i holds a copy of the L encrypted blocks and receives a share of the key, σ i, as well as its corresponding query, r i. Next, every peer runs locally an IT PIR.Compute on the encrypted blocks and outputs a share, Eshare i. After getting the encrypted share Eshare i, each peer subtracts the evaluation of the SH- PRG G on σ i from Eshare i (Eshare i G(σ i )) to get the decrypted share Dshare. Finally, initiator outputs the sum of all the Dshare i s received from the m peers to get the desired decrypted block. As long as there is one non-colluding peer among the m peers and G is a secure PRG, the scheme is position hiding. Highly Parallelizable. Notice that, in Algorithm 2, each of the m peers performs scalar multiplications proportional to the number of encrypted input blocks. The encrypted blocks can be further distributed to different peers such that each peer performs constant number of scalar multiplications. Given the availability of enough peers in the network, OblivSel is extremely parallelizable and therefore provides a constant time computation. OblivSel as a building block. OblivSel protocol can be used as a building block in our second and main OBLIVP2P-1. For fetching a block, an invocation of OblivSel is sufficient as it obliviously selects the requested block and returns it in plaintext to the initiator. Additional steps such as re-encrypting the block and adding it to stash are required to complete the fetch operation. The details of these steps are in Section 4.3. However, the eviction operation in ORAM poses an additional challenge. Conceptually, an eviction consists of block sorting, where the tracker re-orders the blocks in the path (and the stash). Fortunately, our protocol can perform eviction by several invocation of OblivSel primitive. Given the new position for each block, the P2P network can be instructed to invoke OblivSel recursively to output the new sorted path. The encryption of blocks has to be refreshed, but this is handled within OblivSel protocol itself when refreshing the key, using seed homomorphic PRG. We defer the concrete details of performing oblivious eviction to Section OBLIVP2P-1: Complete Design In a P2P protocol for a content sharing system the tracker is responsible for managing the sharing of resources among the peers in the network. To keep a consistent global view on the network, the tracker keeps some state information that we formally define below: Definition 4.4. P2P network s state consists of: (1) number of possible network connections per peer, and (2) a lookup associating a resource to a (set of) peer identifier. The tracker can store more information in the state depending on the P2P protocol instantiating the network. We start first by formalizing a P2P protocol. Definition 4.5. A P2P protocol is a tuple of four (possibly interactive) algorithms P2P = (Setup, Upload, Fetch, Sync) involving a tracker, T, and a set of peers, (P 1,,P n ), such that: s Setup(s,{pid}): run by the tracker T, takes as inputs a state s and a (possibly empty) set of peers identifiers {pid}, and outputs an updated state s. USENIX Association 25th USENIX Security Symposium 953

0x1A Great Papers in Computer Security

CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,

Secure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)

Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn

1 Achieving IND-CPA security

ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

Secure Multiparty Computation

CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation

Asymptotically Tight Bounds for Composing ORAM with PIR

Asymptotically Tight Bounds for Composing ORAM with PIR Ittai Abraham 1, Christopher W. Fletcher 2, Kartik Nayak 3, Benny Pinkas 4, and Ling Ren 5 1 VMware Research, Israel iabraham@vmware.com, 2 University

Introduction to Secure Multi-Party Computation

Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation

Protocols for Anonymous Communication

18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your

Proofs for Key Establishment Protocols

Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish

Attribute-based encryption with encryption and decryption outsourcing

Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing

Distributed Oblivious RAM for Secure Two-Party Computation

Distributed Oblivious RAM for Secure Two-Party Computation Steve Lu Rafail Ostrovsky Abstract Secure two-party computation protocol allows two players, Alice with secret input x and Bob with secret input

Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns

Burst ORAM: Minimizing ORAM Response Times for Bursty Access Patterns Jonathan Dautrich, University of California, Riverside; Emil Stefanov, University of California, Berkeley; Elaine Shi, University of

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich MIT CSAIL Abstract Private messaging over the Internet has proven

Dynamic Searchable Encryption via Blind Storage

Dynamic Searchable Encryption via Blind Storage Muhammad Naveed, Manoj Prabhakaran, Carl A. Gunter University of Illinois at Urbana-Champaign Abstract Dynamic Searchable Symmetric Encryption allows a client

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,

CNT Computer and Network Security: Privacy/Anonymity

CNT 5410 - Computer and Network Security: Privacy/Anonymity Professor Kevin Butler Fall 2015 When Confidentiality is Insufficient 2 Privacy!= Confidentiality Confidentiality refers to the property of the

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published

CS 395T. Formal Model for Secure Key Exchange

CS 395T Formal Model for Secure Key Exchange Main Idea: Compositionality Protocols don t run in a vacuum Security protocols are typically used as building blocks in a larger secure system For example,

Secure Two-Party Computation in Sublinear (Amortized) Time

Secure Two-Party omputation in Sublinear (Amortized) Time S. Dov Gordon olumbia University gordon@cs.columbia.edu Jonathan Katz University of Maryland jkatz@cs.umd.edu Fernando Krell olumbia University

CS 134 Winter Privacy and Anonymity

CS 134 Winter 2016 Privacy and Anonymity 1 Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation Yehuda Lindell Department of Computer Science and Applied Math, Weizmann Institute of Science, Rehovot, Israel. lindell@wisdom.weizmann.ac.il

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design

Secure Multi-Party Computation Without Agreement

Secure Multi-Party Computation Without Agreement Shafi Goldwasser Department of Computer Science The Weizmann Institute of Science Rehovot 76100, Israel. shafi@wisdom.weizmann.ac.il Yehuda Lindell IBM

Secure Computation of Functionalities based on Hamming Distance and its Application to Computing Document Similarity

Secure Computation of Functionalities based on Hamming Distance and its Application to Computing Document Similarity Ayman Jarrous 1 and Benny Pinkas 2,* 1 University of Haifa, Israel. 2 Bar Ilan University,

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 21, 2011 Overview What is Tor? Motivation Background Material How Tor Works Hidden Services Attacks Specific Attack

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols

DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES

DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES Dr. Jack Lange Computer Science Department University of Pittsburgh Fall 2015 Outline System Architectural Design Issues Centralized Architectures Application

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Port-Scanning Resistance in Tor Anonymity Network Presented By: Shane Pope (Shane.M.Pope@gmail.com) Dec 04, 2009 In partial fulfillment of the requirements for graduation with the Dean's Scholars Honors

Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM

Bucket ORAM: Single Online Roundtrip, Constant Bandwidth Oblivious RAM Christopher Fletcher MIT cwfletch@mit.edu Muhammad Naveed Cornell/UIUC naveed2@illinois.edu Elaine Shi Cornell elaine@cs.cornell.edu

Clock-Based Proxy Re-encryption Scheme in Unreliable Clouds

Clock-Based Proxy Re-encryption Scheme in Unreliable Clouds Qin Liu [1][2], Guojun Wang [1], and Jie Wu [2], [1] Central South University, China [2] Temple University, USA 1 Outline 1. 1. Introduction

CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks

CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks The material in these slides mainly comes from the paper CloudSky: A Controllable Data Self-Destruction System

Lectures 4+5: The (In)Security of Encrypted Search

Lectures 4+5: The (In)Security of Encrypted Search Contents 1 Overview 1 2 Data Structures 2 3 Syntax 3 4 Security 4 4.1 Formalizing Leaky Primitives.......................... 5 1 Overview In the first

Secure Multiparty Computation

Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare

Anonymous RAM. 1 Introduction. Michael Backes 1,2, Amir Herzberg 3, Aniket Kate 4, and Ivan Pryvalov 1

Anonymous RAM Michael Backes 1,2, Amir Herzberg 3, Aniket Kate 4, and Ivan Pryvalov 1 1 CISPA, Saarland University, Germany 2 MPI-SWS, Germany 3 Bar-Ilan University, Israel 4 Purdue University, USA Abstract.

Identification Schemes

Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):

Trojan-tolerant Hardware & Supply Chain Security in Practice

Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge

arxiv: v3 [cs.cr] 2 Oct 2017

Atom: Horizontally Scaling Strong Anonymity Albert Kwon MIT Henry Corrigan-Gibbs Stanford Srinivas Devadas MIT Bryan Ford EPFL arxiv:1612.07841v3 [cs.cr] 2 Oct 2017 Abstract Atom is an anonymous messaging

The Encoding Complexity of Network Coding

The Encoding Complexity of Network Coding Michael Langberg Alexander Sprintson Jehoshua Bruck California Institute of Technology Email: mikel,spalex,bruck @caltech.edu Abstract In the multicast network

Introduction to Secure Multi-Party Computation

CS 380S Introduction to Secure Multi-Party Computation Vitaly Shmatikov slide 1 Motivation General framework for describing computation between parties who do not trust each other Example: elections N

Reputation Management in P2P Systems

Reputation Management in P2P Systems Pradipta Mitra Nov 18, 2003 1 We will look at... Overview of P2P Systems Problems in P2P Systems Reputation Management Limited Reputation Sharing Simulation Results

Private Web Search with Malicious Adversaries

Private Web Search with Malicious Adversaries Yehuda Lindell and Erez Waisbard Department of Computer Science Bar-Ilan University, Israel {lindell,waisbard}@cs.biu.ac.il Abstract. Web search has become

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,

Efficient Content Authentication in Peer-to-peer Networks

Efficient Content Authentication in Peer-to-peer Networks Extended Abstract Roberto Tamassia 1 and Nikos Triandopoulos 2 1 Department of Computer Science, Brown University 2 Institute for Security Technology

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Anonymity With Tor The Onion Router Nathan S. Evans Christian Grothoff Technische Universität München July 5, 2012 It s a series of tubes. Ted Stevens Overview What is Tor? Motivation Background Material

Authenticating Pervasive Devices with Human Protocols

Authenticating Pervasive Devices with Human Protocols Presented by Xiaokun Mu Paper Authors: Ari Juels RSA Laboratories Stephen A. Weis Massachusetts Institute of Technology Authentication Problems It

Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems

Safely Measuring Tor Safely Measuring Tor, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016). Rob Jansen Center for High Assurance

Constant Communication ORAM with Small Blocksize

Constant Communication ORAM with Small Blocksize Tarik Moataz Colorado State University Telecom Bretagne, IMT tmoataz@cs.colostate.edu Travis Mayberry United States Naval Academy travism@ccs.neu.edu Erik-Oliver

Re-encryption, functional re-encryption, and multi-hop re-encryption: A framework for achieving obfuscation-based security

Re-encryption, functional re-encryption, and multi-hop re-encryption: A framework for achieving obfuscation-based security and instantiations from lattices Nishanth Chandran 1, Melissa Chase 1, Feng-Hao

On The Security Of Querying Encrypted Data

On The Security Of Querying Encrypted Data Arvind Arasu Microsoft Research arvinda@microsoft.com Raghav Kaushik Microsoft Research skaushi@microsoft.com Ravi Ramamurthy Microsoft Research ravirama@microsoft.com

Related-key Attacks on Triple-DES and DESX Variants

Related-key Attacks on Triple-DES and DESX Variants Raphael C.-W. han Department of Engineering, Swinburne Sarawak Institute of Technology, 1st Floor, State Complex, 93576 Kuching, Malaysia rphan@swinburne.edu.my

On the (In)security of Hash-based Oblivious RAM and a New Balancing Scheme

On the (In)security of Hash-based Oblivious RAM and a New Balancing Scheme Eyal Kushilevitz Steve Lu Rafail Ostrovsky Abstract With the gaining popularity of remote storage (e.g. in the Cloud), we consider

ANONYMOUS CONNECTIONS AND ONION ROUTING

I J C I T A E Serials Publications 6(1) 2012 : 31-37 ANONYMOUS CONNECTIONS AND ONION ROUTING NILESH MADHUKAR PATIL 1 AND CHELPA LINGAM 2 1 Lecturer, I. T. Dept., Rajiv Gandhi Institute of Technology, Mumbai

Private Web Search with Malicious Adversaries

Private Web Search with Malicious Adversaries Yehuda Lindell Erez Waisbard March 24, 20 Abstract Web search has become an integral part of our lives and we use it daily for business and pleasure. Unfortunately,

Symmetric Encryption 2: Integrity

http://wwmsite.wpengine.com/wp-content/uploads/2011/12/integrity-lion-300x222.jpg Symmetric Encryption 2: Integrity With material from Dave Levin, Jon Katz, David Brumley 1 Summing up (so far) Computational

Anonymity and Privacy

Computer Security Spring 2008 Anonymity and Privacy Aggelos Kiayias University of Connecticut Anonymity in networks Anonymous Credentials Anonymous Payments Anonymous E-mail and Routing E-voting Group,

Secure Multi-Party Computation. Lecture 13

Secure Multi-Party Computation Lecture 13 Must We Trust? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data

Micro-Architectural Attacks and Countermeasures

Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack

Cryptography: More Primitives

Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital

2 Secure Communication in Private Key Setting

CSA E0 235: Cryptography January 11, 2016 Instructor: Arpita Patra Scribe for Lecture 2 Submitted by: Jayam Modi 1 Discrete Probability Background Probability Distribution -A probability distribution over

Crypto Background & Concepts SGX Software Attestation

CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course

Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries

Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries Andrew Paverd Department of Computer Science University of Oxford andrew.paverd@cs.ox.ac.uk Andrew Martin Department

P 5 : A Protocol for Scalable Anonymous Communications

P 5 : A Protocol for Scalable Anonymous Communications 1 P 5 : A Protocol for Scalable Anonymous Communications Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan University of Maryland, College Park

Tor: An Anonymizing Overlay Network for TCP

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication?

PrivCount: A Distributed System for Safely Measuring Tor

PrivCount: A Distributed System for Safely Measuring Tor Rob Jansen Center for High Assurance Computer Systems Invited Talk, October 4 th, 2016 University of Oregon Department of Computer and Information

Achieving Privacy in Mesh Networks

Achieving Privacy in Mesh Networks Xiaoxin Wu Intel China Research Center Ltd Beijing, China xiaoxin.wu@intel.com Ninghui Li Department of Computer Science Purdue University West Lafayette, IN 47907-2086,

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

An Efficient Privacy-Preserving Ranked Keyword Search Method Cloud data owners prefer to outsource documents in an encrypted form for the purpose of privacy preserving. Therefore it is essential to develop

Introduction to Peer-to-Peer Systems

Introduction Introduction to Peer-to-Peer Systems Peer-to-peer (PP) systems have become extremely popular and contribute to vast amounts of Internet traffic PP basic definition: A PP system is a distributed

Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority

Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority Rafael Pass Massachusetts Institute of Technology pass@csail.mit.edu June 4, 2004 Abstract We show how to securely realize any

CS 43: Computer Networks BitTorrent & Content Distribution. Kevin Webb Swarthmore College September 28, 2017

CS 43: Computer Networks BitTorrent & Content Distribution Kevin Webb Swarthmore College September 28, 2017 Agenda BitTorrent Cooperative file transfers Briefly: Distributed Hash Tables Finding things

An Accountability Scheme for Oblivious RAMs

Computer Science Technical Reports Computer Science 2013 An Accountability Scheme for Oblivious RAMs Ka Yang Iowa State University Zhang Jinsheng Iowa State University, alexzjs@alumni.iastate.edu Zhang

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.

A Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:

A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. Zero Knowledge Protocols 3. Each statement is derived via the derivation rules.

Atom. Horizontally Scaling Strong Anonymity. Albert Kwon Henry Corrigan-Gibbs 10/30/17, SOSP 17

Atom Horizontally Scaling Strong Anonymity Albert Kwon Henry Corrigan-Gibbs MIT Stanford Srinivas Devadas Bryan Ford MIT EPFL 10/30/17, SOSP 17 Motivation Anonymous bulletin board (broadcast) in the face

Perfectly Secure Oblivious RAM Without Random Oracles

Perfectly Secure Oblivious RAM Without Random Oracles Ivan Damgård, Sigurd Meldgaard, Jesper Buus Nielsen Department of Computer Science, Aarhus University Abstract. We present an algorithm for implementing

Cryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland

Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

On the Limits of Provable Anonymity

On the Limits of Provable Anonymity Nethanel Gelernter Department of Computer Science Bar Ilan University nethanel.gelernter@gmail.com Amir Herzberg Department of Computer Science Bar Ilan University amir.herzberg@gmail.com

Outsourcing Secure Two-Party Computation as a Black Box

Outsourcing Secure Two-Party Computation as a Black Box Henry Carter Georgia Institute of Technology carterh@gatech.edu Benjamin Mood University of Florida bmood@ufl.edu Kevin Butler University of Florida

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key

Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis

Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Masters Thesis Experimental Comparison of Byzantine Fault Tolerant Distributed Hash Tables submitted by Supriti

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS

Cryptographic proof of custody for incentivized file-sharing

Cryptographic proof of custody for incentivized file-sharing Pavel Kravchenko 1, Vlad Zamfir 2 1 Distributed Lab, pavel@distributedlab.com 2 Coinculture, vlad@coinculture.info Abstract. A cryptographic

Private Large-Scale Databases with Distributed Searchable Symmetric Encryption

Private Large-Scale Databases with Distributed Searchable Symmetric Encryption Yuval Ishai 1, Eyal Kushilevitz 2, Steve Lu 3, and Rafail Ostrovsky 4 1 Technion and UCLA, yuvali@cs.technion.ac.il 2 Technion,

ISSN: [Shubhangi* et al., 6(8): August, 2017] Impact Factor: 4.116

IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY DE-DUPLICABLE EFFECTIVE VALIDATION of CAPACITY for DYNAMIC USER ENVIRONMENT Dr. Shubhangi D C *1 & Pooja 2 *1 HOD, Department

Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority

Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority Rafael Pass Royal Institute of Technology Stockholm, Sweden rafael@nada.kth.se ABSTRACT We show how to securely realize any multi-party

On the Revocation of U-Prove Tokens

On the Revocation of U-Prove Tokens Christian Paquin, Microsoft Research September nd 04 U-Prove tokens provide many security and privacy benefits over conventional credential technologies such as X.509

The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who

1 The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who exchange messages from any third party. However, it does

Nemor: A Congestion-Aware Protocol for Anonymous Peer-based Content Distribution

Nemor: A Congestion-Aware Protocol for Anonymous Peer-based Content Distribution Abstract As content providers adopt peer-to-peer approaches for content sharing and distribution, they face new challenges

Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust

1 Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust Danfeng Yao, Member, IEEE, Roberto Tamassia, Member, IEEE, Seth Proctor, Member, IEEE Abstract In this

SETUP in secret sharing schemes using random values

SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:6034 6041 Published online 3 February 2017 in Wiley Online Library (wileyonlinelibrary.com)..1755 RESEARCH ARTICLE SETUP in secret sharing

HOP: Hardware makes Obfuscation Practical

HOP: Hardware makes Obfuscation Practical Kartik Nayak 1, Christopher W. Fletcher 2, Ling Ren 3, Nishanth Chandran 4, Satya Lokam 4, Elaine Shi 5, and Vipul Goyal 4 1 UMD kartik@cs.umd.edu 2 UIUC cwfletch@illinois.edu

Cryptanalysis of a fair anonymity for the tor network

Cryptanalysis of a fair anonymity for the tor network Amadou Moctar Kane KSecurity, BP 47136, Dakar, Senegal amadou1@gmailcom April 16, 2015 Abstract The aim of this paper is to present an attack upon

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov

Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov Outline 1. Introduction to Byzantine Fault Tolerance Problem 2. PBFT Algorithm a. Models and overview b. Three-phase protocol c. View-change

Data Integrity & Authentication. Message Authentication Codes (MACs)

Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran

Efficient Data Structures for Tamper-Evident Logging

Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances

11 Message Authentication Codes

11 Message Authentication Codes When you ve signed up for online services, you might have been asked to verify your email address. Typically the service will send you an email that contains a special activation

Welcome to CS 3516: Advanced Computer Networks Prof. Yanhua Li Time: 9:00am 9:50am M, T, R, and F Location: Fuller 320 Fall 2017 A-term 1 Some slides are originally from the course materials of the textbook