COMPOSABLE AND ROBUST OUTSOURCED STORAGE
|
|
- Linda Miles
- 6 years ago
- Views:
Transcription
1 SESSION ID: CRYP-R14 COMPOSABLE AND ROBUST OUTSOURCED STORAGE Christian Badertscher and Ueli Maurer ETH Zurich, Switzerland
2 Motivation Server/Database Clients Write Read block 2
3 Outsourced Storage: Security Goals Server/Database In general: Insecure 3
4 Outsourced Storage: Security Goals Server/Database - Detect malicious modifications - Detect rollbacks of valid data blocks 4
5 Outsourced Storage: Security Goals Server/Database?? #i - Confidentiality of the content 5
6 Outsourced Storage: Security Goals Server/Database???? Alice s server memory should look like a black box to the server provider: - Leaks at most number of accesses - Hides access pattern and content - No undetected modifications possible 6
7 Applications of a Storage Abstraction Use the storage abstraction in cryptographic protocols Store and retrieve information Design and prove entire networked file systems Conduct a modular proof in a composable framework Assume an outsourced storage resource as hybrid Construct stronger from weaker resources 7
8 Composability 1 Insecure Secured Database 2 Application 8
9 Robustness Abort-on-Error is a common mechanism (eg, TLS sessions) 9
10 Robustness Abort-on-Error is a common mechanism (eg, TLS sessions) Different with outsourced storage Recovery, memory dump, In general: access whatever is there (eg, after a failure or security breach) Solutions: Distribute, Replicate, or: Robust Storage Protocols However: Robustness could compromise security! 10
11 Constructions C Server Storage Local Mem W S The real world 11
12 Constructions Protocol W Server Storage Local Mem S The real world 12
13 Constructions W W Protocol Server Storage S C Secure Storage S sim Local Mem The real world The ideal world 13
14 A New Model for Outsourced Storage We design a formal model for composable and robust outsourced storage We capture various client-side security provisions including composable retrievability guarantees We design robust schemes that ensure these guarantees and review the security of existing schemes 14
15 Basic Server-Memory Resource (Write, i, x) (Read, i) x n-2 n-1 n SMR 15
16 Basic Server-Memory Resource (Write, i, x) (Read, i) x n-2 n-1 n (Write, i, x) getaccesshistory (w,i 1,x 1 ),, (r,i k,x k ) SMR 16
17 Basic Server-Memory Resource Enable/Disable server write-access (Write, i, x) (Read, i) x n-2 n-1 n (Write, i, x) getaccesshistory (w,i 1,x 1 ),, (r,i k,x k ) SMR 17
18 Basic Server-Memory Resource Direct interaction with resources at interface W: Enable/Disable server write-access - Not a hard-coded adversarial (Write, capability i, x) - But this typical worstcase is also covered (Read, i) - Specific form of robustness is modeled x n-2 n-1 n SMR (Write, i, x) getaccesshistory (w,i 1,x 1 ),, (r,i k,x k ) 18
19 Authentic Server-Memory Resource Enable/Disable server write-access (Write, i, x) (Read, i) x / ε ε n-2 n-1 n (Delete, i) (Restore, i) getaccesshistory (w,i 1,x 1 ),, (r,i k,x k ) asmr 19
20 Confidential Server-Memory Resource Enable/Disable server write-access (Write, i, x) (Read, i) x / ε n-2 n-1 n (Delete, i) (Restore, i) getaccesshistory (w, i 1, ꓕ),, (r, i k, ꓕ) csmr 20
21 Secure Server-Memory Resource Enable/Disable server write-access ε (Write, i, x) (Read, i) with probability α n-2 n-1 n Set Corruption-Parameter α getaccesshistory # of accesses x otherwise ssmr 21
22 Secure Server-Memory Resource Guarantees: Enable/Disable server write-access ε - No targeted corruptions Uniform (Write, bad i, x) influence - No access pattern leakage (Read, i) n-2 n-1 n with probability α Set Corruption-Parameter α getaccesshistory # of accesses x otherwise ssmr 22
23 Auditable Server-Memory Resource Enable/Disable server write-access (Write, i, x) (Read, i) audit n-2 n-1 n TRUE if most recent memory FALSE otherwise 23
24 Auditable Server-Memory Resource Enable/Disable server write-access - Can also (Write, i, x) 1 be a 2probabilistic 3 retrievability guarantee (Read, - i) Useful case: if server writeaccess is currently disabled audit n-2 n-1 n TRUE if most recent memory FALSE otherwise 24
25 Protocols Basic Authentic Confidential Secure 25
26 Protocols Basic Authentic Confidential Secure - Message-Authentication Codes + Authentication Trees (eg, Blum) 26
27 Protocols Basic Authentic Confidential Secure - Symmetric Encryption 27
28 Protocols Basic Authentic Confidential Secure - Strengthened Oblivious RAM (eg, Path-ORAM + Error Handling) 28
29 Protocols - Audits Basic Authentic Confidential Secure Basic & Auditable Authentic & Auditable Confidential & Auditable Secure & Auditable 29
30 Protocols - Audits Basic Authentic Confidential Secure Basic & Auditable Standard Techniques: - Erasure Codes - Random Sampling - Parameter Estimation - Hash-Based (under stronger assumptions) Authentic & Auditable Confidential & Auditable Secure & Auditable 30
31 Special Case: Achieving Secure Storage (Read, i) Protocol (i,x) Authentic & Confidential Server Memory Resource 31
32 Special Case: Achieving Secure Storage (Read, i) 1) Create pseudorandom access sequence to server locations 2) Re-structure part of memory (i,x) Authentic & Confidential Server Memory Resource 32
33 The Issue with Side-Channels Authentic & Confidential Server Memory Resource 1 Bob deletes part of the storage where he assumes that Alice stores her logical block i 33
34 The Issue with Side-Channels Authentic & Confidential Server Memory Resource 2 Assume Alice makes a sequence of requests ε ε 34
35 The Issue with Side-Channels Access 1: Fail Access 2: OK Authentic & Confidential Server Memory Resource ε ε 3 Assume Bob learns which requests by Alice failed to retrieve a block 35
36 The Issue with Side-Channels Authentic & Confidential Server Memory Resource (i,x) 4 If Alice s protocol allows Bob to guess correctly with some bias, then the error pattern reveals information on the access pattern! 36
37 Summary and Outlook We present a security model for outsourced storage following a modular approach building a hiearchy of storage resources We show how to achieve each of the storage resources with concrete protocols Our strongest notion provides a very high level of security and supports audits Existing protocols often fail to provide this level of security 37
38 CRYPTOGRAPHY: SECURE STORAGE Session-ID CRYP-R14
39 SESSION ID: CRYP-R14 SECURE DEDUPLICATION OF ENCRYPTED DATA: REFINED MODEL AND NEW CONSTRUCTIONS Jian Liu PhD Candidate Aalto University
40 Cloud Storage 40
41 Deduplication F F c 41
42 Secure Deduplication of Encrypted Data (SDoE)?? K B K A F F c 42
43 Convergent encryption? K K F F Convergent Encryption: eg, K = h(f) c Offline brute-force attack by a corrupt storage server J R Douceur, et al Reclaiming space from duplicate files in a serverless distributed file system In ICDCS 02 43
44 DupLESS: Independent Key Server Online brute-force attack by a corrupt storage server Who will run the independent key server? K B K A F B F A c Oblivious PRF Oblivious PRF K B = K A iff F A = F B M Bellare, S Keelveedhi, and T Ristenpart DupLESS: server-aided encryption for deduplicated storage USENIX 13 K B 44 K A
45 PAKE-based SDoE Attacks from malicous clients K B 13-bit 13-bit K A SK_A PK_A F B F A c PAKE-based Key Sharing K B = K A iff F A = F B J Liu, N Asokan, and P Pinkas Secure deduplication of Encrypted Data Without Additional Independent Servers CCS 15 K B 45 K A
46 Contributions Formal security model for SDoE Two single-server SDoE that are provable secure Realistic simulations 46
47 Password Authenticated Key Exchange (PAKE) PW B PW A PW B PW A Password Authenticated Key Exchange (PAKE) k B k A k B = k A iff PW B =PW A 48
48 c SDoE (1) F C = F*g K F, K H(F ) Password Authenticated Key Exchange (PAKE) H(F) K = e-k BR (k =s if F = F) k B k A k BL, k AL, S+k AR, S-K e F g K F g K g S-K = F g S = F g K if k AL = k BL e = S + k AR else e = r 49 S was uniformly chosen by Alice Ser can just drop this if deduplication happens Ser will keep F*gK for the first uploader, and K K for the following uploaders
49 c SDoE (2) F C = F ÅH(K) F, K H(F ) Password Authenticated Key Exchange (PAKE) H(F) K = e Åk BR (k =s if F = F) k B k A k BL, k AL, S Å k AR, S ÅK e R ÅK, F ÅH(R ) (S ÅK) Å (K ÅR) = K ÅR, F ÅH(R) if k AL = k BL e = S Åk AR else e = r 50 S was uniformly chosen by Alice
50 Simulation - dataset Android application popularity: uploads, distinct Extend 5x by Synthetic Minority Over-sampling Technique (SMOTE) Model the real-world upload stream Assuming the upload requests of a single file follows normal distribution The number of copies of a file uploaded at time point t is The total number of files uploaded at time point t is y i = 1 s i 2p e- (t-u i ) 2 2s i 2 N(m,s 2 ) x i 51
51 Simulation Rate Limiting 52
52 Simulation Offline Rate 53
53 Deduplication percentage % Simulation Popularity threshold Deduplication percentage with different popularity thresholds Deduplication percentage with rate limit 50(50) and offline rate 05, no popularity threshold Popularity thresholds 54
54 Q & A 55
Message-Locked Encryption and Secure Deduplication
Message-Locked Encryption and Secure Deduplication Eurocrypt 2013 Mihir Bellare 1 Sriram Keelveedhi 1 Thomas Ristenpart 2 1 University of California, San Diego 2 University of Wisconsin-Madison 1 Deduplication
More informationSecure Deduplication of Encrypted Data: Refined Model and New Constructions
Secure Deduplication of Encrypted Data: Refined Model and New Constructions Jian Liu 1[0000 0001 6796 6828], Li Duan 2[0000 0002 8383 0776], Yong Li 3[0000 0002 6920 0663], N. Asokan 1[0000 0002 5093 9871]
More informationSecure Data Deduplication with Dynamic Ownership Management in Cloud Storage
Secure Data Deduplication with Dynamic Ownership Management in Cloud Storage Dr.S.Masood Ahamed 1, N.Mounika 2, N.vasavi 3, M.Vinitha Reddy 4 HOD, Department of Computer Science & Engineering,, Guru Nanak
More informationCSC 5930/9010 Modern Cryptography: Cryptographic Hashing
CSC 5930/9010 Modern Cryptography: Cryptographic Hashing Professor Henry Carter Fall 2018 Recap Message integrity guarantees that a message has not been modified by an adversary Definition requires that
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationOne-Time-Password-Authenticated Key Exchange
One-Time-Password-Authenticated Key Exchange Kenneth G. Paterson 1 and Douglas Stebila 2 1 Information Security Group Royal Holloway, University of London, Egham, Surrey, UK 2 Information Security Institute
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationCRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION
#RSAC SESSION ID: CRYP-W04 CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION Adam Shull Recent Ph.D. Graduate Indiana University Access revocation on the cloud #RSAC sk sk Enc Pub Sym pk k
More informationSimple Password-Hardened Encryption Services
Simple Password-Hardened Encryption Services Russell W. F. Lai 1, Christoph Egger 1, Manuel Reinert 2, Sherman S. M. Chow 3, Matteo Maffei 4, and Dominique Schröder 1 1 Friedrich-Alexander University Erlangen-Nuremberg
More informationSecure Data De-Duplication With Dynamic Ownership Management In Cloud Storage
Secure Data De-Duplication With Dynamic Ownership Management In Cloud Storage 1 A. Sumathi, PG Scholar, Department Of Computer Science And Engineering, Maha Barathi Engineering College, Chinna Salem, Villupuram,
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationSearchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced Allocations
Searchable Symmetric Encryption: Optimal Locality in Linear Space via Two-Dimensional Balanced Allocations Gilad Asharov Cornell-Tech Moni Naor Gil Segev Ido Shahaf (Hebrew University) Weizmann Hebrew
More informationMidgame Attacks. (and their consequences) Donghoon Chang 1 and Moti Yung 2. IIIT-Delhi, India. Google Inc. & Columbia U., USA
Midgame Attacks (and their consequences) Donghoon Chang 1 and Moti Yung 2 1 IIIT-Delhi, India 2 Google Inc. & Columbia U., USA Crypto is a Technical Science As technology moves, so should crypto designs
More informationVTBPEKE: Verifier-based Tw o-basis Password Exponenti al Key Exchange
VTBPEKE: Verifier-based Tw o-basis Password Exponenti al Key Exchange IETF 101, London March, 2018 Guilin Wang (wang.guilin@huawei.com) www.huawei.com Content PAKE: Terminology, Challenges, Existing Solutions
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationA SURVEY ON MANAGING CLOUD STORAGE USING SECURE DEDUPLICATION
ISSN: 0976-3104 SPECIAL ISSUE: (Emerging Technologies in Networking and Security (ETNS) Keerthana et al. ARTICLE OPEN ACCESS A SURVEY ON MANAGING CLOUD STORAGE USING SECURE DEDUPLICATION K. Keerthana*,
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationIntroduction to Secure Multi-Party Computation
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More informationSearchable symmetric encryption (SSE) Tom Ristenpart CS 6431
Searchable symmetric encryption (SSE) Tom Ristenpart CS 6431 Outsourced storage settings Client wants to store data up on Dropbox High availability, synch across devices Server includes much value-add
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationHash Proof Systems and Password Protocols
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale supe rieure/psl & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA
More informationLecture 15: Public Key Encryption: I
CSE 594 : Modern Cryptography 03/28/2017 Lecture 15: Public Key Encryption: I Instructor: Omkant Pandey Scribe: Arun Ramachandran, Parkavi Sundaresan 1 Setting In Public-key Encryption (PKE), key used
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More informationAnonymous Password-based Authenticated Key Exchange
Joint Research Workshop on Ubiquitous Network Security Anonymous Password-based Authenticated Key Exchange Akihiro Yamamura, Duong Quang Viet and Hidema Tanaka NICT Security Fundamentals Group 1 Motivation:
More informationHow to (not) Share a Password:
How to (not) Share a Password: Privacy preserving protocols for finding heavy hitters with adversarial behavior Moni Naor Benny Pinkas Eyal Ronen Passwords First modern use in MIT's CTSS (1961) Passwords
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Michael J. Fischer Lecture 4 September 11, 2017 CPSC 467, Lecture 4 1/23 Analyzing Confidentiality of Cryptosystems Secret ballot elections Information protection Adversaries
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcement Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More information2018: Problem Set 1
crypt@b-it 2018 Problem Set 1 Mike Rosulek crypt@b-it 2018: Problem Set 1 1. Sometimes it is not clear whether certain behavior is an attack against a protocol. To decide whether something is an attack
More informationCS 395T. Formal Model for Secure Key Exchange
CS 395T Formal Model for Secure Key Exchange Main Idea: Compositionality Protocols don t run in a vacuum Security protocols are typically used as building blocks in a larger secure system For example,
More informationEncrypted databases. Tom Ristenpart CS 6431
Encrypted databases Tom Ristenpart CS 6431 Outsourced storage settings Client wants to store data up on Dropbox High availability, synch across devices Server includes much value-add functionality Keyword
More informationSecurity Protections for Mobile Agents
Stephen R. Tate Dept. of Computer Science and Engineering University of North Texas Talk describes joint work with Ke Xu and Vandana Gunupudi Research supported by the National Science Foundation class
More informationMore crypto and security
More crypto and security CSE 199, Projects/Research Individual enrollment Projects / research, individual or small group Implementation or theoretical Weekly one-on-one meetings, no lectures Course grade
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationLecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422
Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,
More informationOrder-Revealing Encryption:
Order-Revealing Encryption: How to Search on Encrypted Data David Wu Stanford University based on joint works with Nathan Chenette, Kevin Lewi, and Stephen A. Weis Searching on Encrypted Data The information
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 1 Data Integrity, Message Authentication Risk: an active adversary might change messages exchanged between Alice and Bob M Alice M M M Bob Eve
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationInternational Journal of Advance Engineering and Research Development IMPROVED RELIABILITY IN DISTRIBUTED DEDUPLICATION SYSTEMS
Scientific Journal of Impact Factor (SJIF): 3.134 e-issn (O): 2348-4470 p-issn (P): 2348-6406 International Journal of Advance Engineering and Research Development Volume 3, Issue 2, February -2016 IMPROVED
More informationHow to (not) Share a Password:
How to (not) Share a Password: Privacy preserving protocols for finding heavy hitters with adversarial behavior Moni Naor Benny Pinkas Eyal Ronen Passwords First modern use in MIT's CTSS (1961) Passwords
More informationCSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring and 6 February 2018
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong, Spring 2018 5 and 6 February 2018 Identification schemes are mechanisms for Alice to prove her identity to Bob They comprise a setup
More informationConcrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
More informationCSC 5930/9010 Cloud S & P: Cloud Primitives
CSC 5930/9010 Cloud S & P: Cloud Primitives Professor Henry Carter Spring 2017 Methodology Section This is the most important technical portion of a research paper Methodology sections differ widely depending
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationLOAD BALANCING AND DEDUPLICATION
LOAD BALANCING AND DEDUPLICATION Mr.Chinmay Chikode Mr.Mehadi Badri Mr.Mohit Sarai Ms.Kshitija Ubhe ABSTRACT Load Balancing is a method of distributing workload across multiple computing resources such
More informationPassword Based Authentication Key Exchange in the Three Party
Password Based Authentication Key Exchange in the Three Party Er.Nishi Madan¹, Er.Manvinder Singh Nayyar² ¹Assistant Professor, Computer Science & Engineering DAV University, Jalandhar, Punjab (India)
More informationOrder-Revealing Encryption:
Order-Revealing Encryption: How to Search on Encrypted Data Kevin Lewi and David J. Wu Stanford University Searching on Encrypted Data The information accessed from potentially exposed accounts "may have
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationRandomness Extractors. Secure Communication in Practice. Lecture 17
Randomness Extractors. Secure Communication in Practice Lecture 17 11:00-12:30 What is MPC? Manoj Monday 2:00-3:00 Zero Knowledge Muthu 3:30-5:00 Garbled Circuits Arpita Yuval Ishai Technion & UCLA 9:00-10:30
More informationPassword Authenticated Key Exchange by Juggling
A key exchange protocol without PKI Feng Hao Centre for Computational Science University College London Security Protocols Workshop 08 Outline 1 Introduction 2 Related work 3 Our Solution 4 Evaluation
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationDefining Encryption. Lecture 2. Simulation & Indistinguishability
Defining Encryption Lecture 2 Simulation & Indistinguishability Roadmap First, Symmetric Key Encryption Defining the problem We ll do it elaborately, so that it will be easy to see different levels of
More informationThe Challenges of Distributing Distributed Cryptography. Ari Juels Chief Scientist, RSA
The Challenges of Distributing Distributed Cryptography Ari Juels Chief Scientist, RSA What is this new and mysterious technology? Hint: It s 20+ years old. R. Ostrovsky and M. Yung. How to withstand
More informationENCRYPTED DATA MANAGEMENT WITH DEDUPLICATION IN CLOUD COMPUTING
ENCRYPTED DATA MANAGEMENT WITH DEDUPLICATION IN CLOUD COMPUTING S KEERTHI 1*, MADHAVA REDDY A 2* 1. II.M.Tech, Dept of CSE, AM Reddy Memorial College of Engineering & Technology, Petlurivaripalem. 2. Assoc.
More informationMTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems
More information1 A Tale of Two Lovers
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.
More informationHomework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.
Homework 2: Symmetric Crypto February 17, 2015 Submission policy. information: This assignment MUST be submitted as a PDF via websubmit and MUST include the following 1. List of collaborators 2. List of
More informationDevice-Enhanced Password Protocols with Optimal Online-Offline Protection
Device-Enhanced Password Protocols with Optimal Online-Offline Protection Stanislaw Jarecki Hugo Krawczyk Maliheh Shirvanian Nitesh Saxena March 29, 2017 Abstract We introduce a setting that we call Device-Enhanced
More informationImproving data integrity on cloud storage services
International Journal of Engineering Science Invention Volume 2 Issue 2 ǁ February. 2013 Improving data integrity on cloud storage services Miss. M.Sowparnika 1, Prof. R. Dheenadayalu 2 1 (Department of
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationCryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu
More informationModelling the Security of Key Exchange
Modelling the Security of Key Exchange Colin Boyd including joint work with Janaka Alawatugoda, Juan Gonzalez Nieto Department of Telematics, NTNU Workshop on Tools and Techniques for Security Analysis
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationGroup Key Establishment Protocols
Group Key Establishment Protocols Ruxandra F. Olimid EBSIS Summer School on Distributed Event Based Systems and Related Topics 2016 July 14, 2016 Sinaia, Romania Outline 1. Context and Motivation 2. Classifications
More informationRSA DISTRIBUTED CREDENTIAL PROTECTION
RSA DISTRIBUTED CREDENTIAL PROTECTION There is a security weakness lurking in many of today s best designed systems a primary point of compromise. Think about your own IT operations. Chances are that by
More informationCryptography. Lecture 12. Arpita Patra
Cryptography Lecture 12 Arpita Patra Digital Signatures q In PK setting, privacy is provided by PKE q Integrity/authenticity is provided by digital signatures (counterpart of MACs in PK world) q Definition:
More informationDevice-Enhanced Password Protocols with Optimal Online-Offline Protection
Device-Enhanced Password Protocols with Optimal Online-Offline Protection ABSTRACT Stanislaw Jarecki University of California Irvine stasio@ics.uci.edu Maliheh Shirvanian University of Alabama at Birmingham
More informationGeneric Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model
Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model Janaka Alawatugoda Department of Computer Engineering University of Peradeniya,
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationLecture 14 Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze. 1 A Note on Adaptively-Secure NIZK. 2 The Random Oracle Model
CMSC 858K Advanced Topics in Cryptography March 11, 2004 Lecturer: Jonathan Katz Lecture 14 Scribe(s): Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze 1 A Note on Adaptively-Secure NIZK A close look
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationThe Simplest Protocol for Oblivious Transfer
The Simplest Protocol for Oblivious Transfer Preliminary Report in MTAT.07.022 Research Seminar in Cryptography, Fall 2015 Author: Sander Siim Supervisor: Pille Pullonen December 15, 2015 Abstract This
More informationSecurity of Pseudo-Random Number Generators With Input
Security of Pseudo-Random Number Generators With Input Damien Vergnaud École normale supérieure INRIA PSL wr0ng April, 30th 2017 (with Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault & Daniel Wichs)
More informationCryptographically Sound Security Proofs for Basic and Public-key Kerberos
Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M. Backes 1, I. Cervesato 2, A. D. Jaggard 3, A. Scedrov 4, and J.-K. Tsay 4 1 Saarland University, 2 Carnegie Mellon
More informationAPPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1
APPLICATIONS AND PROTOCOLS Mihir Bellare UCSD 1 Some applications and protocols Internet Casino Commitment Shared coin flips Threshold cryptography Forward security Program obfuscation Zero-knowledge Certified
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 15 February 29, 2012 CPSC 467b, Lecture 15 1/65 Message Digest / Cryptographic Hash Functions Hash Function Constructions Extending
More informationDynamic Searchable Encryption via Blind Storage
Dynamic Searchable Encryption via Blind Storage Muhammad Naveed, Manoj Prabhakaran, Carl A. Gunter University of Illinois at Urbana-Champaign Abstract Dynamic Searchable Symmetric Encryption allows a client
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More information1. Diffie-Hellman Key Exchange
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives
More informationProofs for Key Establishment Protocols
Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish
More informationA secure two-phase data deduplication scheme
A secure two-phase data deduplication scheme Pierre Meye, Philippe Raipin, Frédéric Tronel, Emmanuelle Anceaume To cite this version: Pierre Meye, Philippe Raipin, Frédéric Tronel, Emmanuelle Anceaume.
More informationComputer Security Fall 2006 Joseph/Tygar MT 2 Solutions
CS 161 Computer Security Fall 2006 Joseph/Tygar MT 2 Solutions Problem 1. [Covert Channels] (30 points) (a) (5 points) Write down the Fiat-Shamir zero-knowledge protocol (as presented in class) where Alice
More informationCourse Business. Homework due today Final Exam Review on Monday, April 24 th Practice Final Exam Solutions Released Monday
Course Business Homework due today Final Exam Review on Monday, April 24 th Practice Final Exam Solutions Released Monday Final Exam on Monday, May 1 st (in this classroom) Adib will proctor I am traveling
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationKey-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud Software
Key-Insulated Symmetric Key Cryptography and Mitigating Attacks against Cryptographic Cloud Software Yevgeniy Dodis Dept. of Science New York University dodis@cs.nyu.edu Weiliang Luo Dept. of Science University
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationChapter 6 Random Number Generation
Chapter 6 Random Number Generation Requirements / application Pseudo-random bit generator Hardware and software solutions [NetSec/SysSec], WS 2007/2008 6.1 Requirements and Application Scenarios Security
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationVERIFIABLE SYMMETRIC SEARCHABLE ENCRYPTION
VERIFIABLE SYMMETRIC SEARCHABLE ENCRYPTION DATE 09/03/2016 SÉMINAIRE EMSEC - RAPHAEL BOST Searchable Encryption Outsource data securely keep search functionalities Generic Solutions We can use generic
More informationAttribute Based Encryption with Privacy Protection in Clouds
Attribute Based Encryption with Privacy Protection in Clouds Geetanjali. M 1, Saravanan. N 2 PG Student, Department of Information Technology, K.S.R College of Engineering, Tiruchengode, Tamilnadu, India
More informationWhat Can Be Proved About Security?
What Can Be Proved About Security? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in Centre for Artificial Intelligence and Robotics Bengaluru 23 rd
More informationSymmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University
Symmetric-Key Cryptography Part 1 Tom Shrimpton Portland State University Building a privacy-providing primitive I want my communication with Bob to be private -- Alice What kind of communication? SMS?
More informationS. Indirakumari, A. Thilagavathy
International Journal of Scientific Research in Computer Science, Engineering and Information Technology 2017 IJSRCSEIT Volume 2 Issue 2 ISSN : 2456-3307 A Secure Verifiable Storage Deduplication Scheme
More information