Information Security Theory vs. Reality
|
|
- Sydney Wade
- 8 years ago
- Views:
Transcription
1 Information Security Theory vs. Reality , Winter 2011 Lecture 14: More on vulnerability and exploits, Fully homomorphic encryption Eran Tromer Slides credit: Vinod Vaikuntanathan (U. Toronto) 1
2 2 More on vulnerability exploitation
3 Case study: sudo format string vulnerability Report: 3
4 Case study: sudo format string vulnerability (cont.) Sourcecode: 4
5 Case study: sudo format string vulnerability (cont.) Sourcecode diff: 5
6 Case study: sudo format string vulnerability (cont.) Report: 6
7 Case study: MS buffer overrun Report: 7
8 Case study: MS buffer overrun (cont.) Report: 8
9 Case study: MS buffer overrun Report: 9
10 Understanding binary patches: BinDiff 10
11 Understanding binary patches: BinDiff (cont.) 11
12 Metasploit Framework Framework for vulnerability exploitation and penetration testing Capabilities Library of exploit codes Library of payloads (shells, VNC) Victim fingerprinting Opcode database (instruction addresses for various software versions) Exploit encoding (avoiding special character, intrustion and intrusion detection systems) Modular architecture, many add-ons Powerful scriptable command-line interface Convenient GUI and web interfaces 12
13 Metasploit Framework (cont.) Book: Kennedy, O Gorman, Kearns, Aharoni, Metasplit: The Penetration Tester s Guide (2011 edition) Numerous on-line tutorials Example: 13
14 Metasploit Framework: back to MS Demo: 14
15 Meanwhile, in theory-land Fully Homomorphic Encryption 15
16 16 of 32 The goal Delegate processing of data without giving away access to it
17 17 of 32 Example 1: Private Search Delegate PROCESSING of data without giving away ACCESS to it You: Encrypt the query, send to Google (Google does not know the key, cannot see the query) Google: Encrypted query Encrypted results (You decrypt and recover the search results)
18 18 of 32 Example 2: Private Cloud Computing Delegate PROCESSING of data without giving away ACCESS to it Encrypt x Enc(x), P Enc(P(x)) (Input: x) (Program: P)
19 19 of 32 Fully Homomorphic Encryption Encrypted x, Program P Encrypted P(x) Definition: (KeyGen, Enc, Dec, Eval) (as in regular public/private-key encryption) Correctness of Eval: For every input x, program P If c = Enc(PK, x) and c = Eval (PK, c, P), then Dec (SK, c ) = P(x). Compactness: Length of c independent of size of P Security = Semantic Security [GM82]
20 x Fully Homomorphic Encryption [Rivest-Adleman-Dertouzos 78] Enc(x) Knows nothing of x. Function f Eval: f, Enc(x) Enc(f(x)) homomorphic evaluation 20 of 32
21 21 of 32 Fully Homomorphic Encryption First Defined: Privacy homomorphism [RAD 78] their motivation: searching encrypted data
22 22 of 32 Fully Homomorphic Encryption First Defined: Privacy homomorphism [RAD 78] their motivation: searching encrypted data Limited Variants: RSA & El Gamal: multiplicatively homomorphic GM & Paillier: additively homomorphic X c* = c 1 c 2 c n = (m 1 m 2 m n ) e mod N c 1 = m 1 e c 2 = m 2 e c n = m n e
23 Fully Homomorphic Encryption First Defined: Privacy homomorphism [RAD 78] their motivation: searching encrypted data Limited Variants: RSA & El Gamal: multiplicatively homomorphic GM & Paillier: additively homomorphic BGN 05 & GHV 10: quadratic formulas NON-COMPACT homomorphic encryption: 23 of 32 Based on Yao garbled circuits SYY 99 & MGH 08: c* grows exp. with degree/depth IP 07 works for branching programs
24 Fully Homomorphic Encryption First Defined: Privacy homomorphism [RAD 78] their motivation: searching encrypted data Big Breakthrough: [Gentry09] First Construction of Fully Homomorphic Encryption using algebraic number theory & ideal lattices Full course last semester Today: an alternative construction [DGHV 10]: using just integer addition and multiplication 24 of 32 easier to understand, implement and improve
25 25 of 32 Constructing fully-homomoprhic encryption assuming hardness of approximate GCD
26 A Roadmap 1. Secret-key Somewhat Homomorphic Encryption (under the approximate GCD assumption) (a simple transformation) 2. Public-key Somewhat Homomorphic Encryption (under the approximate GCD assumption) (borrows from Gentry s techniques) Public-key FULLY Homomorphic Encryption (under approx GCD + sparse subset sum)
27 Secret-key Homomorphic Encryption Secret key: a large n 2 -bit odd number p (sec. param = n) To Encrypt a bit b: pick a random large multiple of p, say q p pick a random small even number 2 r (q ~ n 5 bits) (r ~ n bits) Ciphertext c = q p+2 r+b noise To Decrypt a ciphertext c: c (mod p) = 2 r+b (mod p) = 2 r+b read off the least significant bit 27
28 Secret-key Homomorphic Encryption How to Add and Multiply Encrypted Bits: Add/Mult two near-multiples of p gives a near-multiple of p. c 1 = q 1 p + (2 r 1 + b 1 ), c 2 = q 2 p + (2 r 2 + b 2 ) c 1 +c 2 = p (q 1 + q 2 ) + 2 (r 1 +r 2 ) + (b 1 +b 2 ) «p LSB = b 1 XOR b 2 c 1 c 2 = p (c 2 q 1 +c 1 q 2 -q 1 q 2 ) + 2 (r 1 r 2 +r 1 b 2 +r 2 b 1 ) + b 1 b 2 «p LSB = b 1 AND b 2 28
29 Problems Ciphertext grows with each operation Useless for many applications (cloud computing, searching encrypted ) Noise grows with each operation Consider c = qp+2r+b Enc(b) c (mod p) = r 2r+b lsb(r ) b 2r+b r 29 (q-1)p qp (q+1)p (q+2)p
30 Problems Ciphertext grows with each operation Useless for many applications (cloud computing, searching encrypted ) Noise grows with each operation Can perform limited number of hom. operations What we have: Somewhat Homomorphic Encryption 30
31 Public-key Homomorphic Encryption Secret key: an n 2 -bit odd number p Public key: [q 0 p+2r 0,q 1 p+2r 1,,q t p+2r t ] = (x 0,x 1,,x t ) t+1 encryptions of 0 Wlog, assume that x 0 is the largest of them To Decrypt a ciphertext c: c (mod p) = 2 r+b (mod p) = 2 r+b read off the least significant bit 31 Eval (as before)
32 Public-key Homomorphic Encryption Secret key: an n 2 -bit odd number p Public key: [q 0 p+2r 0,q 1 p+2r 1,,q t p+2r t ] = (x 0,x 1,,x t ) To Encrypt a bit b: pick random subset S c = xi + 2r + b (mod x 0 ) i S [1 t] 32 To Decrypt a ciphertext c: q c (mod p) = 2 r+b i r + (mod r p) = i 2 r+b c = p[ ] + 2[ ] + b (mod kx 0 (for x 0 ) a small k) i S read off the qleast i kq 0 significant r + bit r i kr 0 Eval (as(mult. before) of p) + ( small even noise) + b i S = p[ ] + 2[ ] + b i S i S
33 Public-key Ciphertext Homomorphic Size Reduction Encryption Secret key: an n 2 -bit odd number p Public key: [q 0 p+2r 0,q 1 p+2r 1,,q t p+2r t ] = (x 0,x 1,,x t ) To Encrypt a bit b: pick random subset S [1 t] Resulting ciphertext < x c = xi + 2r 0 + b (mod x 0 ) i S Underlying bit is the same (since x 0 has even noise) To Noise Decrypt does a ciphertext not increase c: by much (*) c (mod p) = 2 r+b (mod p) = 2 r+b read off the least significant bit 33 Eval: Reduce mod x 0 after each operation (*) additional tricks for mult
34 A Roadmap Secret-key Somewhat Homomorphic Encryption Public-key Somewhat Homomorphic Encryption Public-key FULLY Homomorphic Encryption
35 How Somewhat Homomorphic is this? Can evaluate (multi-variate) polynomials with m terms, and maximum degree d if d << n. 2 nd m 2 < p / 2 = 2 n / 2 or d ~ n f(x 1,, x t ) = x 1 x 2 x d + + x 2 x 5 x d-2 m terms Say, noise in Enc(x i ) < 2 n Final Noise ~ (2 n ) d + +(2 n ) d = m (2 n ) d 35
36 From Somewhat to Fully Theorem [Gentry 09]: Convert bootstrappable FHE. FHE = Can eval all fns. Somewhat Bootstrappable HE Augmented Decryption ckt. NAND Dec Dec 36 c 1 sk c 2 sk
37 Is our Scheme Bootstrappable? What functions can the scheme EVAL? (polynomials of degree < n) (?) Complexity of the (aug.) Decryption Circuit (degree ~ n 1.73 polynomial) Can be made bootstrappable Similar to Gentry 09 Caveat: Assume Hardness of Sparse Subset Sum 37
38 Security (of the somewhat homomorphic scheme) 38
39 The Approximate GCD Assumption Parameters of the Problem: Three numbers P,Q and R p q 1 p+r 1 p? (q 1 p+r 1,, q t p+r t ) q 1 [0 Q] Assumption: no PPT adversary r 1 [-R R] can guess the number p odd p [0 P] 39
40 p (q 1 p+r 1,, q t p+r t ) p? Assumption: no PPT adversary can guess the number p (proof = of security) Semantic Security [GM 82]: no PPT adversary can guess the bit b PK =(q 0 p+2r 0,{q i p+2r i }) Enc(b) =(qp+2r+b) 40
41 Progress in FHE Galactic Efficient [BV11a, BV11b, BGV11, GHS11, LTV11] asymptotically: nearly linear-time* algorithms practically: a few milliseconds for Enc, Dec [LNV11,GHS11] Strange assumptions Mild assumptions [BV11b, GH11, BGV11] Best Known [BGV11]: (leveled) FHE from worst-case hardness of n O(log n) -approx short vectors on lattices 41 *linear-time in the security parameter
42 42 sk 1, pk 1 Multi-key FHE x 1 Function f sk 2, pk 2 x 2
43 43 sk 1, pk 1 Multi-key FHE x 1 Dec y = Eval(f,c 1,c 2 ) Function f sk 2, pk 2 x 2 orrectness: Dec(sk 1,sk 2 y)=f(x 1,x 2 )
44 Fully homomorphic encryption: discussion Assumptions Mathematical Adversarial model Applicability Decryption? Keys? Alternative: multiparty computation When interaction is free What about integrity? Computationally-sound proofs, proof-carrying data 44
Computing on Encrypted Data
Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy
More informationNEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA
THE PUBLISHING HOUSE PROCEEDINGS OF THE ROMANIAN ACADEMY, Series A, OF THE ROMANIAN ACADEMY Volume 14, Number 1/2013, pp. 72 77 NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA Laurenţiu BURDUŞEL Politehnica
More informationBoosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data
Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Dario Catalano 1 and Dario Fiore 2 1 Dipartimento di Matematica e Informatica, Università di Catania, Italy. catalano@dmi.unict.it
More informationPrivacy, Security and Cloud
Privacy, Security and Cloud Giuseppe Di Luna July 2, 2012 Giuseppe Di Luna 2012 1 July 2, 2012 Giuseppe Di Luna 2012 2 July 2, 2012 Giuseppe Di Luna 2012 3 Security Concerns: Data leakage Data handling
More informationComputing Arbitrary Functions of Encrypted Data
Computing Arbitrary Functions of Encrypted Data Craig Gentry IBM T.J. Watson Research Center 19 Skyline Dr. Hawthorne, NY cbgentry@us.ibm.com ABSTRACT Suppose that you want to delegate the ability to process
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationVerifiable Outsourced Computations Outsourcing Computations to Untrusted Servers
Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh Problem Motivation Problem Motivation Problem Motivation Problem Motivation
More informationQUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University
QUANTUM COMPUTERS AND CRYPTOGRAPHY Mark Zhandry Stanford University Classical Encryption pk m c = E(pk,m) sk m = D(sk,c) m??? Quantum Computing Attack pk m aka Post-quantum Crypto c = E(pk,m) sk m = D(sk,c)
More informationLecture 3: One-Way Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationSecure Computation Martin Beck
Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties
More informationHomomorphic Encryption Method Applied to Cloud Computing
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 15 (2014), pp. 1519-1530 International Research Publications House http://www. irphouse.com Homomorphic Encryption
More informationPublic Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers
Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers Jean-Sébastien Coron 1, David Naccache 2, and Mehdi Tibouchi 3 1 Université du Luxembourg jean-sebastien.coron@uni.lu
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationA FULLY HOMOMORPHIC ENCRYPTION SCHEME
A FULLY HOMOMORPHIC ENCRYPTION SCHEME A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
More informationMathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information
The : Keeping Eve The Eavesdropper Away From Your Credit Card Information Department of Mathematics North Dakota State University 16 September 2010 Science Cafe Introduction Disclaimer: is not an internet
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationCryptography for the Cloud
Cryptography for the Cloud ENS - CNRS - INRIA Cyber-Sécurité - SPECIF CNAM, Paris, France - November 7th, 2014 The Cloud Introduction 2 Access from Anywhere Introduction 3 Available for Everything One
More informationFactoring Algorithms
Institutionen för Informationsteknologi Lunds Tekniska Högskola Department of Information Technology Lund University Cryptology - Project 1 Factoring Algorithms The purpose of this project is to understand
More informationAn Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm
An Efficient Data Security in Cloud Computing Using the RSA Encryption Process Algorithm V.Masthanamma 1,G.Lakshmi Preya 2 UG Scholar, Department of Information Technology, Saveetha School of Engineering
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationHomomorphic encryption and emerging technologies COSC412
Homomorphic encryption and emerging technologies COSC412 Learning objectives Describe useful work that can be done on encrypted data Appreciate the overall way in which an example homomorphic encryption
More informationPrivacy-Preserving Aggregation of Time-Series Data
Privacy-Preserving Aggregation of Time-Series Data Elaine Shi PARC/UC Berkeley elaines@eecs.berkeley.edu Richard Chow PARC rchow@parc.com T-H. Hubert Chan The University of Hong Kong hubert@cs.hku.hk Dawn
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationResearch Article Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation
e Scientific World Journal, Article ID 413265, 7 pages http://dx.doi.org/10.1155/2014/413265 Research Article Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation Yi Sun, 1 Qiaoyan Wen,
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationFully Homomorphic Encryption Using Ideal Lattices
Fully Homomorphic Encryption Using Ideal Lattices Craig Gentry Stanford University and IBM Watson cgentry@cs.stanford.edu ABSTRACT We propose a fully homomorphic encryption scheme i.e., a scheme that allows
More informationComputing exponents modulo a number: Repeated squaring
Computing exponents modulo a number: Repeated squaring How do you compute (1415) 13 mod 2537 = 2182 using just a calculator? Or how do you check that 2 340 mod 341 = 1? You can do this using the method
More informationA Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem
A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem Jintai Ding, Xiang Xie, Xiaodong Lin University of Cincinnati Chinese Academy of Sciences Rutgers University Abstract.
More informationFully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages
Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages Zvika Brakerski 1 and Vinod Vaikuntanathan 2 1 Weizmann Institute of Science zvika.brakerski@weizmann.ac.il 2 Microsoft
More informationOn-the-Fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption
On-the-Fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption Adriana López-Alt New York University Eran Tromer Tel Aviv University Vinod Vaikuntanathan MIT Abstract We propose
More informationPrivate Searching On Streaming Data
Journal of Cryptology, Volume 20:4, pp. 397-430, October 2007. 1 Private Searching On Streaming Data Rafail Ostrovsky William E. Skeith III Abstract In this paper, we consider the problem of private searching
More informationPrivacy-Preserving Set Operations
Privacy-Preserving Set Operations Lea Kissner and Dawn Song Carnegie Mellon University Abstract In many important applications, a collection of mutually distrustful parties must perform private computation
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationFACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY
FACTORING LARGE NUMBERS, A GREAT WAY TO SPEND A BIRTHDAY LINDSEY R. BOSKO I would like to acknowledge the assistance of Dr. Michael Singer. His guidance and feedback were instrumental in completing this
More informationPost-Quantum Cryptography #4
Post-Quantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertext-only attack: This is the most basic type of attack
More informationStudy of algorithms for factoring integers and computing discrete logarithms
Study of algorithms for factoring integers and computing discrete logarithms First Indo-French Workshop on Cryptography and Related Topics (IFW 2007) June 11 13, 2007 Paris, France Dr. Abhijit Das Department
More informationElements of Applied Cryptography Public key encryption
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
More informationA Survey of Cloud Storage Security Research. Mar Kheng Kok Nanyang Polytechnic mar_kheng_kok@nyp.gov.sg
A Survey of Cloud Storage Security Research Mar Kheng Kok Nanyang Polytechnic mar_kheng_kok@nyp.gov.sg Presentation Outline Security concerns of cloud storage Data confidentiality in the cloud Data availability/integrity
More informationSecurity of Cloud Computing
Security of Cloud Computing Fabrizio Baiardi f.baiardi@unipi.it 1 Syllabus Cloud Computing Introduction Definitions Economic Reasons Service Model Deployment Model Supporting Technologies Virtualization
More informationCLOUD computing systems, in which the clients
IEEE TRANSACTIONS ON CLOUD COMPUTING, VOL. X, NO. X, JANUARY 20XX 1 A Practical, Secure, and Verifiable Cloud Computing for Mobile Systems Sriram N. Premnath, Zygmunt J. Haas, Fellow, IEEE arxiv:1410.1389v1
More informationAn Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud
An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud Sanjay Madria Professor and Site Director for NSF I/UCRC Center on Net-Centric Software and Systems Missouri University
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationFully homomorphic encryption equating to cloud security: An approach
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach
More informationControlled Functional Encryption
Controlled Functional Encryption Muhammad Naveed 1, Shashank Agrawal 1, Manoj Prabhakaran 1, Xiaofeng Wang 2, Erman Ayday 3, Jean-Pierre Hubaux 3 and Carl A. Gunter 1 1 University of Illinois at Urbana-Champaign
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical public-key
More informationLecture 13: Message Authentication Codes
Lecture 13: Message Authentication Codes Last modified 2015/02/02 In CCA security, the distinguisher can ask the library to decrypt arbitrary ciphertexts of its choosing. Now in addition to the ciphertexts
More informationExploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners
Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners Frank Li Richard Shin Vern Paxson Electrical Engineering and Computer Sciences University of California at Berkeley
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationRSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?
RSA Question 2 Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true? Bob chooses a random e (1 < e < Φ Bob ) such that gcd(e,φ Bob )=1. Then, d = e -1
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationAn End-to-End Security Architecture to Collect, Process and Share Wearable Medical Device Data
An End-to-End Security Architecture to Collect, Process and Share Wearable Medical Device Data Kurt Rohloff and Yuriy Polyakov School of Computer Science New Jersey Institute of Technology Newark, NJ 07102
More informationPublic Key Cryptography: RSA and Lots of Number Theory
Public Key Cryptography: RSA and Lots of Number Theory Public vs. Private-Key Cryptography We have just discussed traditional symmetric cryptography: Uses a single key shared between sender and receiver
More informationA Fully Homomorphic Encryption Implementation on Cloud Computing
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 8 (2014), pp. 811-816 International Research Publications House http://www. irphouse.com A Fully Homomorphic
More informationLecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay
Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Modern/Public-key cryptography started in 1976 with the publication of the following paper. W. Diffie
More informationHow To Protect Your Data From Attack
Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Page 1 Organization Lehrstuhl für Informatik 4 Lecture Lecture takes place on
More informationA Comprehensive Data Forwarding Technique under Cloud with Dynamic Notification
Research Journal of Applied Sciences, Engineering and Technology 7(14): 2946-2953, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: July 7, 2013 Accepted: August
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationLecture 13: Factoring Integers
CS 880: Quantum Information Processing 0/4/0 Lecture 3: Factoring Integers Instructor: Dieter van Melkebeek Scribe: Mark Wellons In this lecture, we review order finding and use this to develop a method
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET - University of Roma La Sapienza E-mail: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationVerifiable Delegation of Computation over Large Datasets
Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T Cloud Computing Data D Code F Y F(D) Cloud could be malicious
More information1 Domain Extension for MACs
CS 127/CSCI E-127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures Katz-Lindell Ÿ4.34.4 (2nd ed) and Ÿ12.0-12.3 (1st ed).
More informationA Fast Single Server Private Information Retrieval Protocol with Low Communication Cost
A Fast Single Server Private Information Retrieval Protocol with Low Communication Cost Changyu Dong 1 and Liqun Chen 2 1 Department of Computer and Information Sciences, University of Strathclyde, Glasgow,
More informationIdentity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming
More informationApplied Cryptography Public Key Algorithms
Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationCan Homomorphic Encryption be Practical?
Can Homomorphic Encryption be Practical? Kristin Lauter Microsoft Research klauter@microsoft.com Michael Naehrig Microsoft Research mnaehrig@microsoft.com Vinod Vaikuntanathan Microsoft Research vinod@microsoft.com
More informationAn Application of the Goldwasser-Micali Cryptosystem to Biometric Authentication
The 12th Australasian Conference on Information Security and Privacy (ACISP 07). (2 4 july 2007, Townsville, Queensland, Australia) J. Pieprzyk Ed. Springer-Verlag, LNCS????, pages??????. An Application
More informationTackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich
Introduction is a Negative Goal No way for adversary to violate security policy Difficult to achieve: many avenues of attack 1 Example: Confidential Database Application server Database server Approach:
More informationDigital Object Identifier 10.1109/MSP.2012.2219653 Date of publication: 5 December 2012
[ R. (Inald) L. Lagendijk, Zekeriya Erkin, and auro Barni ] Encrypted Signal Processing for Privacy Protection [ Conveying the utility of homomorphic encryption and multiparty computation] In recent years,
More informationCryptoVerif Tutorial
CryptoVerif Tutorial Bruno Blanchet INRIA Paris-Rocquencourt bruno.blanchet@inria.fr November 2014 Bruno Blanchet (INRIA) CryptoVerif Tutorial November 2014 1 / 14 Exercise 1: preliminary definition SUF-CMA
More informationCloud and Mobile Computing
Cloud and Mobile Computing Protect Privacy in Offloading Yung-Hsiang Lu Electrical and Computer Engineering Purdue University Technological Trends Mobile systems become primary computing platforms for
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationDiscrete Mathematics, Chapter 4: Number Theory and Cryptography
Discrete Mathematics, Chapter 4: Number Theory and Cryptography Richard Mayr University of Edinburgh, UK Richard Mayr (University of Edinburgh, UK) Discrete Mathematics. Chapter 4 1 / 35 Outline 1 Divisibility
More informationEPiC: Efficient Privacy-Preserving Counting for MapReduce
EPiC: Efficient Privacy-Preserving Counting for MapReduce Abstract. In the face of an untrusted cloud infrastructure, outsourced data needs to be protected. We present EPiC, a practical protocol for the
More informationPrivate Inference Control For Aggregate Database Queries
Private Inference Control For Aggregate Database Queries Geetha Jagannathan geetha@cs.rutgers.edu Rebecca N. Wright Rebecca.Wright@rutgers.edu Department of Computer Science Rutgers, State University of
More informationAuthentication and Encryption: How to order them? Motivation
Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in
More informationVerifying a Secret-Ballot Election with Cryptography
Verifying a Secret-Ballot Election with Cryptography Ben Adida PhD Thesis Defense Thesis Committee Ronald L. Rivest, Srini Devadas, Shafi Goldwasser 22 June 2006 Ostraka (sea shells) http://darkwing.uoregon.edu/~klio/im/gr/ath/athen%20-%20ostraka.jpg
More informationQuantum Computing Lecture 7. Quantum Factoring. Anuj Dawar
Quantum Computing Lecture 7 Quantum Factoring Anuj Dawar Quantum Factoring A polynomial time quantum algorithm for factoring numbers was published by Peter Shor in 1994. polynomial time here means that
More informationMulti-Input Functional Encryption for Unbounded Arity Functions
Multi-Input Functional Encryption for Unbounded Arity Functions Saikrishna Badrinarayanan, Divya Gupta, Abhishek Jain, and Amit Sahai Abstract. The notion of multi-input functional encryption (MI-FE) was
More informationDIGITAL SIGNATURES 1/1
DIGITAL SIGNATURES 1/1 Signing by hand COSMO ALICE ALICE Pay Bob $100 Cosmo Alice Alice Bank =? no Don t yes pay Bob 2/1 Signing electronically Bank Internet SIGFILE } {{ } 101 1 ALICE Pay Bob $100 scan
More informationHow to Run Turing Machines on Encrypted Data
How to Run Turing Machines on Encrypted Data Shafi Goldwasser Yael Kalai Raluca Ada Popa Vinod Vaikuntanathan Nickolai Zeldovich MIT CSAIL Microsoft Research University of Toronto Abstract. Algorithms
More informationQuantum Computers vs. Computers Security. @veorq http://aumasson.jp
Quantum Computers vs. Computers Security @veorq http://aumasson.jp Schrodinger equation Entanglement Bell states EPR pairs Wave functions Uncertainty principle Tensor products Unitary matrices Hilbert
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationSecure Data Storage on the Cloud using Homomorphic Encryption
Secure Data Storage on the Cloud using Homomorphic Encryption Manoj Kumar Mohanty Department of Computer Science and Engineering National Institute of Technology Rourkela Rourkela 769 008, India Secure
More informationShor s algorithm and secret sharing
Shor s algorithm and secret sharing Libor Nentvich: QC 23 April 2007: Shor s algorithm and secret sharing 1/41 Goals: 1 To explain why the factoring is important. 2 To describe the oldest and most successful
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More information