VERIFIABLE SEARCHABLE SYMMETRIC ENCRYPTION


 Fay Stevenson
 2 years ago
 Views:
Transcription
1 VERIFIABLE SEARCHABLE SYMMETRIC ENCRYPTION BY ZACHARY A. KISSEL B.S. MERRIMACK COLLEGE (2005) M.S. NORTHEASTERN UNIVERSITY (2007) SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY COMPUTER SCIENCE UNIVERSITY OF MASSACHUSETTES LOWELL Signature of Author: Date: Signature of Dissertation Chair: Dr. Jie Wang Signatures of Other Dissertation Committee Members Committee Member Signature: Committee Member Signature: Committee Member Signature: Dr. Xinwen Fu Dr. Tingjian Ge Dr. Yan Luo
2 VERIFIABLE SEARCHABLE SYMMETRIC ENCRYPTION BY ZACHARY A. KISSEL ABSTRACT OF A DISSERTATION SUBMITTED TO THE FACULTY OF THE DEPARTMENT OF COMPUTER SCIENCE IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY COMPUTER SCIENCE UNIVERSITY OF MASSACHUSETTS LOWELL 2013 Dissertation Supervisor: Jie Wang, Ph.D. Professor and Chair, Department of Computer Science
3 Cloud storage has become increasingly prevalent in recent years. It provides a convenient platform for users to store data that can be accessed from anywhere at anytime without the cost of maintaining a storage infrastructure. However, cloud storage is inherently insecure, hindering general acceptance of the paradigm shift. To make use of storage services provided by a cloud, users would need to place their trust, at least implicitly, in the provider. There have been a number of attempts to alleviate the need for this trust through cryptographic methods. An immediate approach would be to encrypt each file before uploading it to the cloud. This approach, calls for a new searching mechanism over encrypted data stored in the cloud. This dissertation considers a solution to this problem using Symmetric Searchable Encryption (SSE). SSE allows users to offload search queries to the cloud. The cloud is then responsible for returning the encrypted files that match the search queries (also encrypted). Most previous work was focused on keyword search in the Honestbut Curious (HBC) cloud model, while some more recent work has considered searching on phrases. Recently, a new cloud model was introduced that supersedes the HBC model. This new model, called SemiHonest but Curious (SHBC), is less restrictive over the actions a cloud can take. In this dissertation, we present three systems that are secure under this new SHBC model. Two systems provide phrase search and the other provides hierarchical access control over keyword search. ii
4 Acknowledgements I would like to begin by thanking the person responsible most for the success of this dissertation, my advisor, Prof. Jie Wang. Prof. Wang provided me with the unique opportunity to look at the problems that interested me, providing encouragement and guidance as I progressed. I would also like to thank my committee members Professors Xinwen Fu, Tingjian Ge, and Yan Luo. Together, they provided helpful comments that improved this work. In particular, the article that became Chapter 5 was in preparation at the time of the proposal; their comments around investigating access control over searching validated the need to submit that work. While completing the last year of my PhD studies, I was fortunate to have the opportunity to join the faculty at Merrimack College as a visiting professor. This appointment gave me a chance to branch out in all facets of academia. I am most indebted to the friendships and hallway conversations with Lisa Michaud, Vance Poteat, and Chris Stuetzle. In particular, I wish to thank Chris Stuetzle for early reviews of the material that would become Chapter 3. I would also like to thank Vance Poteat for serving as a mentor for my transition from industry to teaching this year, and for sparking my interest in networking and security many years ago. I would like to thank my parents Dan and Deb for their continued love, support, and encouragement over all these years, specifically for demonstrating to me the most important lesson, with hard work there are no limits. To Wendy, thank you for sharing this journey with me. Thank you for all the encouragement and understanding for iii
5 all the hours and late nights it took to write this dissertation. iv
6 Contents List of Figures vii 1 Introduction Applications of Searchable Encryption Overview of Results Dissertation Structure Background Background on Probability Background on Cryptography PseudoRandom Primitives Symmetric Encryption Cryptographic Hash Functions Searchable Encryption Framework Index Data Structures Models of Clouds and Security Previous Work A First Solution Early Indexed Approaches Improved SSE Constructions Phrase Searching v
7 2.6.5 NonHBC Systems Verifiable Phrase Search Verifiable Encrypted Phrase Search Verifiable Keyword Search Verified Phrase Searching Correctness Conclusion Verifiable Phrase Search in a Single Phase Notations Notations Background Background on NextWord Indexing Secure Linked Lists Basic Construction Constructing an Encrypted NextWord Index An SSE Construction Security and Efficiency Adding Verification Discussion of Security Guarantees Conclusion Hierarchical Access Control Model Key Regression Construction of HACSSE and Security Security Guarantees of HACSSE Adding Revocation and Verification vi
8 5.4.1 Security Guarantees Conclusion Conclusion Results Future Work Bibliography 78 Biography 80 vii
9 List of Figures 2.1 A secure linked list on the set {D 1, D 3, D 5, D 6 } An example of a phase two table based index An example nextword index Example arrays A and N for = {w 1, w 2, w 3 }. The arcs represent a logical connection An annotated trie for dictionaries 1 = {cat, dog} and 2 = {car, do} Final trie based on Figure 5.1. The values P h denotes the parents hash value and l denotes the current nodes level Modification to the BuildIndex algorithm to add verification support to the trie The HVerify algorithm The HRevokeUser algorithm viii
10 1 Chapter 1 Introduction Imagine for the moment that Alice has a large collection of documents, D, that she wishes to store in a distributed storage environment owned by Bob. Bob has been known to be nosy, which means Alice must encrypt all the documents in her document collection before uploading them to Bob s distributed storage environment. Assume, now, that Alice wants to read the documents in D that contain a certain word or phrase. What does she do? Trivially, she could ask Bob to send her all the files, decrypt them locally, and then search for the documents that contain the information she is looking for. Retrieving all the files and then decrypting them, however, will incur a great cost in both communication and time. It would be far more efficient, for Alice, if Bob could perform the search and only send the documents that match her query. Alice s problem is known as the searchable encryption problem. Song, Wagner, and Perrig offered the first glimpse of a solution to Alice s problem [1]. They introduced Searchable Symmetric Encryption (SSE). This new SSE construction allows for Alice to ask Bob to query the encrypted document collection for a specific word or phrase. Alice enables Bob to perform the search by providing Bob, at query time, with some special information known as a trapdoor. Bob then returns the results of the query to Alice. The guarantees that they provided are that
11 2 the queries remain unknown to the Bob (query privacy) and any information beyond the number of results and size of the encrypted documents is unknown to Bob (query result privacy). Though not its original intention, we can adapt the searchable encryption to cloud storage. We assume that a collection of encrypted documents, D, are stored in the cloud such that a search query can be executed over all the documents in the collection. The cloud is responsible for both executing the query and returning the results. We have the added security guarantee that the cloud should be unable to learn the nature of the query. If one uses only symmetric cryptography in the solution, the problem is called the Symmetric Searchable Encryption (SSE) problem. While there do exist asymmetric forms of searchable encryption [2], we will only consider the SSE problem,for it is more efficient in comparison to asymmetric solutions to the searchable encryption problem. 1.1 Applications of Searchable Encryption Searchable Encryption over phrases can be used to support a large number of diverse applications. For example, in human resource management, one may want to look for a series of phrases that assess the performance of an employee. In medical record management, a doctor may want to retrieve all records where a certain phrase of ailments occur next to each other. At an educational institution an instructor may want to search for student information based on phrases related to the course performance. All of these applications share the common need of querying for phrases that are not necessarily preknown. In the case we have access to a hierarchical access control mechanism on encrypted keyword search we have even more applications. For example, a company can outsource their data to the cloud and different employees can have different access. For
12 3 example, only members of the finance department should be able to search for financial information and only the members of the engineering department should be able to search for blueprint information. In the area of parental controls, envision a search engine where you do not have to forgo query privacy for filtering of explicit content. All the applications presented share common needs: confidentiality of data, query privacy, and query result privacy. Thus, they are perfect for the application of searchable encryption. 1.2 Overview of Results In this dissertation we provide efficient solutions to two problems in Symmetric Searchable Encryption. Both solutions exhibit the property of verifiability. By verifiability we mean the client, in an SSE scheme, can detect if the cloud has returned incomplete or inaccurate results. Therefore, the cloud should be allowed to fabricate results that are inconsistent with the truth about the document collection. This can be achieved by considering SSE solutions under the model developed by Chai and Gong in [3]. The model is called the SemiHonest but Curious model (SHBC). In this model, the cloud does the following: (1) honestly store data; (2) honestly execute the search operations or a fraction of them; (3) return a nonzero fraction of the query results honestly; and (4) try to learn as much information as possible. If a solution has the property of verifiability over its returned results, we say that we have a solution to the Verifiable SSE problem. Our first result is structured around providing a verifiable phrase search mechanism. This result is based on the two phase protocol presented in [4]. Given a phrase, p, the first phase finds all the documents in D that contain all the words in p. The second phase, using the results of the first, determines which documents in D contain all the words in p, ordered according to p.
13 4 Our second result, improving on our first result, presenting a single phase search protocol. This new single phase protocol reduces both communication complexity as well as reducing the work that must be performed by the client to do a successful search. Like our first result, the second result is also verifiable. In a second vein, we investigate an efficient verifiable searchable encryption scheme which provides access control over keywords that appear in a document collection. The most trivial access control is creating one group of users and allowing dynamic changes to the group. This problem has a good constructive solution provided by Curtmola et. al. in [5]. We demonstrate a hierarchical access control mechanism where we divide the users into numbered groups such that if a user in group i has the ability to successfully search for a particular search term, then any user in any group j > i can also successfully search for the same search term. 1.3 Dissertation Structure The remainder of this dissertation is structured as follows. In Chapter 2 we will discuss the cryptography, theory, and data structures needed to realize SSE. We will conclude this chapter with a discussion of existing work on SSE. In Chapter 3 we will present a verifiable phrase search SSE scheme. In Chapter 4 we will improve our system in Chapter 3 by introducing a single phase protocol. In Chapter 5 we will present a hierarchical access control mechanism for SSE. We conclude in Chapter 6 by discussing future directions based on the results presented.
14 5 Chapter 2 Background Song, Wagner and Perrig posed the question [1]: Given an encrypted document, how does one search for a word in that document? They created a system known as Searchable Symmetric Encryption (SSE) to answer just this question. In this chapter we present all the background information necessary to understand SSE. We start by reviewing a few details from probability and cryptography. We proceed to discuss two formal models of clouds and the existing security models for SSE. We conclude by discussing the existing work in the area. 2.1 Background on Probability In order to understand modern cryptography, one needs a firm grasp on probability theory. In this section we will review the probability theory needed to understand Section 2.2. The ideas that must be understood are the notions of probability distributions, statistical distance, and computational indisguishability. We begin by discussing the idea of negligible functions. In cryptography we do not require that the adversary always fail, but that the adversary only succeeds with some very small nonzero probability. Formally, we call this small nonzero probability negligible, denoted by negl. This is an asymptotic notion which we formally define in
15 6 Definition Definition (Negligible Function [6]). A function f(n) is called negligible, if for all polynomial functions, poly (n), and for all n > n 0, we have f(n) < 1 poly(n). If the bound holds, we denote f(n) by negl (n). We are interested in making statements about probability distributions. Define a sample space S as the set of possible outcomes of some experiment and an event A as a subset of S. A probability distribution is defined as follows: Definition (Probability Distribution [7]). A probability distribution Pr ( ) on a sample space S is a mapping from events of S to real numbers satisfying the following axioms: 1. Pr (A) 0 for any event A. 2. Pr (S) = Pr (A B) = Pr (A) + Pr (B) for any two mutually exclusive events A and B. More generally, for any (finite or countably infinite) sequence of events A 1, A 2,... that are pairwise mutually exclusive, ( ) Pr A i = i i Pr (A i ). The notation Pr (A) also denotes the probability of event A. A random variable is a function X : S R, where S is a sample space. Given Definition and the notion of a random variable we can define the notion of a probability ensemble. A probability ensemble is a, possibly infinite, collection of probability distributions. Formally, we define them as follows: Definition (Probability Ensemble [6]). Let I be a countable set. A probability ensemble indexed by I is a collection of random variables {X i } i I.
16 7 Several cryptographic discussions rely on the notion of one probability distribution being computationally indistinguishable from another. What this means is that one cannot construct a probabilistic polynomialtime algorithm that can distinguish one distribution from another with more than a negligible probability. Given Definition we define computational indistinguishability formally as follows: Definition (Computational Indistinguishablility [6]). Two probability ensembles X = {X n } n N and Y = {Y n } n N are computationally indistinguishable, denoted X c Y, if for every probabilistic polynomialtime distinguisher D there exists a negligible function negl (n) such that Pr (D (1 n, X n ) = 1) Pr (D (1 n, Y n ) = 1) negl (n) where D (1 n, X n ) means to choose x according to distribution X n, and then run D (1 n, x). 2.2 Background on Cryptography Searchable Symmetric Encryption is based on several cryptographic primitives. The necessary primitives are pseudorandom generators, pseudorandom functions, pseudorandom permutations, symmetric key encryption, and cryptographic hash functions. For discussions of these primitives please see, for example, [8, 6, 9] PseudoRandom Primitives We consider a pseudorandom generator (PRG). A pseudorandom generator is a function provided with an nbit input that expands its input to a longer sequence in a way that the distribution generated by the pseudorandom generator is computationally indistinguishable from being truly random. The precise definition appears in
17 8 Definition Definition (PseudoRandom Generator [6]). Let l( ) be a polynomial and G a deterministic polynomialtime algorithm such that for any input s {0, 1} n, algorithm G outputs a string of length l(n). We say that G is a pseudorandom generator if the following two conditions hold: 1. For every n it holds that l(n) > n. 2. For any probabilistic polynomialtime distinguisher D, there exists a negligible function negl (n) such that Pr (D(r) = 1) Pr (D(G(s)) = 1) negl (n), where r is chosen uniformly at random from {0, 1} l(n), the seed, s, is chosen uniformly at random from {0, 1} n, and the probabilities are taken over the random coin tosses used by D and the choice of r and s. A stronger pseudorandom primitive comes in the form of a pseudorandom function (PRF). A pseudorandom function is a member of the family of functions where the behavior of one function, drawn randomly from the family, is computationally indistinguishable from any other random function. A family of functions as a set of keyed functions F : {0, 1} k {0, 1} n {0, 1} l, where k, n, l > 1. If k = n = l then we have a pseudorandom permutation (PRP). Formally, a pseudorandom function is defined by Definition Definition (PseudoRandom Function). A keyed function F : {0, 1} k {0, 1} n {0, 1} l is pseudorandom if for any probabilistic polynomialtime distinguisher D, given oracle access to F k = F (k, ), there exists a negligible function, negl(n) such that Pr ( D F K( ) (1 n ) = 1 ) Pr ( D f( ) (1 n ) = 1 ) negl (n),
18 9 where K R {0, 1} k is chosen uniformly at random and f is chosen uniformly at random from all functions that map {0, 1} n to {0, 1} l. If we have a family of length preserving functions, then we get a PRP. We say a function is length preserving if F (k, x) = x = k. Formally, this is given by Definition Definition (PseudoRandom Permutation [6]). Let F : {0, 1} {0, 1} {0, 1} be an efficient, lengthpreserving, keyed function. We say that F is a pseudorandom permutation if for any probabilistic polynomialtime distinguisher D, there exists a negligible function negl(n) such that Pr ( D F K ( ) (1 n ) = 1 ) Pr ( D f( ) (1 n ) = 1 ) negl (n), where K R {0, 1} n is chosen uniformly at random and f is chosen uniformly at random from the set of functions mapping {0, 1} n to {0, 1} n. Notationally, D f( ) ( ) means that D uses f as an oracle and D can query f a polynomial number of times Symmetric Encryption Given a set M known as the message space, a set C known as the ciphertext space, and a set K known as the key space we define symmetric encryption as a tuple (G, E, D) of probabilistic polynomialtime algorithms. G : 1 λ K: The key generation algorithm, takes a security parameter, 1 λ, and selects a key k K. E : M K C: The encryption algorithm takes a message and a key as input and outputs a string of ciphertext.
19 10 D : C K M: The decryption algorithm takes a string of ciphertext and a key as input and outputs the plaintext if, and only if, the ciphertext was encrypted with the key. Otherwise, is returned. There is one correctness guarantee, namely, D k (E k (m)) = m must hold for all keys k and messages m. Notationally, we will write the key used for encryption and decryption as a subscript of the function, not as an argument. The simplest, practical, security guarantee that a symmetric encryption scheme can exhibit is that of semantic security, meaning that an attacker is unable to learn anything about the plaintext except what is leaked by the ciphertext (e.g., length of the message). IN other words, the probability of finding the plaintext from teh ciphertext is no much differnt from gussing the plaintext without the ciphertext. Formally, this can be defined as follows: Definition (Semantic Security for Symmetric Encryption [6]). A symmetric encryption scheme (G, E, D) is semantically secure in the presence of an eavesdropper if for every probabilistic polynomialtime algorithm A, there exists a probabilistic polynomialtime algorithm A, such that for all efficientlysampleable distributions X = (X 1,...) and all polynomialtime computable functions f and h, there exists a negligible function negl (n) such that Pr (A (1 n, E k (m), h (m)) = f (m)) Pr (A (1 n, h (m)) = f (m)) negl (n), where m is chosen according to distribution X n, and the probabilities are taken over the choice of m and the key k, and any random coins used by A, A, and the encryption process. This definition is based on the pioneering work of Goldwasser and Micali [10]. From Goldwasser and Micali s work, Bellare, Desai, Jokipii, and Rogaway [11] defined semantic security for symmetric encryption systems
20 11 Using pseudorandom generators, pseudorandom functions, and pseudorandom permutations one can construct symmetric encryption schemes. Onetime pad encryption systems can be constructed from pseudorandom generators and block ciphers can be constructed from pseudorandom permutations or pseudorandom functions. In particular, block ciphers can be constructed using the LubyRackoff construction [12]. In the remainder of this dissertation we will consider a symmetric encryption system to be modeled as one of the pseudorandom primitives to exhibit its properties Cryptographic Hash Functions We define a hash family H as a family of surjective functions h s : {0, 1} n {0, 1} m for m < n. We say that the hash function, h s H, is collision resistant if it is hard to find different strings x 1, x 2 {0, 1} n that hash to the same value v {0, 1} m. We say that the hash function h s is preimage resistant if given the value h s (x), an attacker can recover x with negligible probability. Lastly, we say that the hash function h s is second preimage resistant if given a value x {0, 1} n, an attacker can find, with only negligible probability, an x {0, 1} n such that h s (x) = h s (x ). Cryptographic hash functions are a family of collision, preimage, and second preimage resistant hash functions which are used in many areas of cryptography. They consist of a pair of probabilistic polynomialtime functions (G, H). G is used to select, at random, a key s. This key is an index of the hash function in the family. The function h s : {0, 1} {0, 1} l(n) is drawn from H according to s. The range of h s (i.e., l(n)) must be less than, or equal to, the length of the message being hashed. Cryptographic hash functions can be constructed from block ciphers using the MerkleDamgård construction [13, 14]. Generally, the security of hash functions is modeled in two ways. The first is called the standard security model. In the standard model, one only uses the three properties of cryptographic hash functions stated above. The second model, called the
21 12 random oracle model, treats a hash function as a random oracle. This random oracle responds with a random value for each query. However, if a query is repeated the oracle will respond with the same value. This model was first proposed by Goldreich, Goldwasser, and Micali in 1985 [15]. 2.3 Searchable Encryption Framework We make use of the following notation for discussing the results of research into SSE. Let D = {D 1, D 2,..., D n } denote a collection of n encrypted documents in the cloud storage, Σ the alphabet over which characters from strings are drawn, and = {w 1, w 2,..., w d } a dictionary of d words drawn from Σ. We associate with each document in collection D a number used as an index. The function is denoted by id : D Z. Let D (w i ) denote the set of document identifiers that contain the word w i. We will use m 1 m 2 to denote the concatenation of message m 1 and m 2. For the remainder of this dissertation we will define our SSE systems following the rigorous framework of Curtmola, Garay, Kamara, and Ostrovsky in [5]. Their model consists of a tuple of four algorithms (Keygen, BuildIndex, Trapdoor, Search). These algorithms are defined as follows: Keygen ( 1 λ) : A probabilistic algorithm run by the owner to setup the scheme. It takes a security parameter λ, as input, and returns a secret key K. BuildIndex (K, D): A probabilistic algorithm run by the owner to generate the indexes. It takes a key K and a document collection D as input and returns an index I. Trapdoor (K, w): An algorithm run by the owner to generate a trapdoor T w, give a word w and a key K.
22 13 Search (I, T w ): An algorithm, run by the cloud, that searches for a keyword in the document collection. It takes an index I and a trapdoor T w and returns the document identifiers for documents that contain word w. An index, I, is a data structure, or set of data structures, that tracks keywords and documents that contain those keywords. We note that in some chapters of this dissertation we will, in some cases, assume that the model will be using phrases p instead of words w. This will cause small modifications to both the Trapdoor and Search function inputs. There are two major forms of indexes used by SSE. They are the inverted index and the perdocument index. The inverted index structure, borrowed from the field of information retrieval, is a single data structure that is used to associate each keyword with the set of documents in the document collection that contain the word [16]. The perdocument index associates, with each document, a data structure that tracks the keywords stored in that document. 2.4 Index Data Structures In this section we will discuss two data structures that permeate the research. These data structures are used to construct both perdocument and inverted indexes. Indexes are required to provide two operations: Search and Insert with a third optional operation: Delete. The Search operation is used to determine if a search key occurs in the data structure. The Insert operation is used to add a new key, with its associated data, to the data structure. The Delete opertion is used to remove a key, and associated data, from the data, structure. We present two index structures in this section, the trie and the Bloom Filter. Devised by Fredkin [17], a tries is an index method, which supports three main operations: Insert, Search, and Delete; all take a word w Σ as input. A trie is a Σ {$} ary tree, where each node of the tree is labeled with an element of Σ {$}.
23 14 Moreover, a roottoleaf path through the tree denotes a word w Σ, which is terminated by a special character $ Σ. The Insert operation appends a $ to the input w. Starting at the root node of the tree, we use w to create a path. The first time we reach a node that does not have the current corresponding letter in w, we add a subpath as a child to the current node. Moreover, we label this subpath appropriately with the remaining letters of w, terminating the path with a $. We note that the insertion time with in the trie is O( w ). The Search operation uses input w as a path through the tree. The function first adds a $ to the path. If that path ends in a leaf, i.e., the path is a roottoleaf path, the search is successful. Otherwise, the word does not exist in the dictionary. We note that the search time with in the trie is Θ ( w ) in the worst case. The Delete operation uses input w as a path through the tree. This function will remove all nodes, in a bottom up fashion, according to the path given by w. There is an exception, a node will not be removed if it has children that do not match the symbol indicated by the previous level in w. We note that the Delete time in the trie is Θ ( w ). In this dissertation we will denote a trie by T and a node of the trie by T i,j, where i is the depth of the node and j the left to right placement of the node. We will denote the access to values stored in the node of T by T i,j [s], where s denotes the name of the field. Devised by B. H. Bloolm [18], a Bloom Filter is an index method, whch consists of a kbit vector and three hash functions h 1, h 2, and h 3 with range {1, 2,..., k} and supports two operations: Insert and Search. The Insert operations inserts input v by setting position h 1 (v), h 2 (v), and h 3 (v) in the kbit vector to 1. The Search operation determines if input v is in the filter. To do this it checks if all locations h 1 (v), h 2 (v), and h 3 (v) in the kbit vector are 1.
Verifiable Symmetric Searchable Encryption for Multiple Groups of Users
Verifiable Symmetric Searchable Encryption for Multiple Groups of Users Zachary A. Kissel and Jie Wang Department of Computer Science, University of Massachusetts Lowell, Lowell, MA, USA Abstract We present
More information1 Pseudorandom Permutations
Theoretical Foundations of Cryptography Lecture 9 Georgia Tech, Spring 2010 PRPs, Symmetric Encryption 1 Pseudorandom Permutations Instructor: Chris Peikert Scribe: Pushkar Tripathi In the first part of
More informationSearchable Symmetric Encryption: Improved Definitions and Efficient Constructions
Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions Reza Curtmola Juan Garay Seny Kamara Rafail Ostrovsky Abstract Searchable symmetric encryption (SSE) allows a party to
More informationLecture 5  CPA security, Pseudorandom functions
Lecture 5  CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture  PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationSecurity Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012
Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationMidterm Exam Solutions CS161 Computer Security, Spring 2008
Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext
More informationComputational Soundness of Symbolic Security and Implicit Complexity
Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 37, 2013 Overview
More informationA NOVEL APPROACH FOR MULTIKEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA
A NOVEL APPROACH FOR MULTIKEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA U.Pandi Priya 1, R.Padma Priya 2 1 Research Scholar, Department of Computer Science and Information Technology,
More information1 Construction of CCAsecure encryption
CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of secure encryption We now show how the MAC can be applied to obtain a secure encryption scheme.
More informationIntroduction to Security Proof of Cryptosystems
Introduction to Security Proof of Cryptosystems D. J. Guan November 16, 2007 Abstract Provide proof of security is the most important work in the design of cryptosystems. Problem reduction is a tool to
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationSearchable encryption
RESEARCH MASTER S DEGREE IN COMPUTER SCIENCE Searchable encryption BIBLIOGRAPHICAL STUDY 26 January 2012 Tarik Moataz INTERNSHIP at AlcatelLucent Bell Labs Supervisors Cuppens Frédéric, SFIIS LabSTICC
More informationAn Efficiency Keyword Search Scheme to improve user experience for Encrypted Data in Cloud
, pp.246252 http://dx.doi.org/10.14257/astl.2014.49.45 An Efficiency Keyword Search Scheme to improve user experience for Encrypted Data in Cloud Jiangang Shu ab Xingming Sun ab Lu Zhou ab Jin Wang ab
More informationMESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC
MESSAGE AUTHENTICATION IN AN IDENTITYBASED ENCRYPTION SCHEME: 1KEYENCRYPTTHENMAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial
More informationLecture 15  Digital Signatures
Lecture 15  Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations  easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationLecture 9  Message Authentication Codes
Lecture 9  Message Authentication Codes Boaz Barak March 1, 2010 Reading: BonehShoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationCh.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis
Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography
More informationProvably Secure Cryptography: State of the Art and Industrial Applications
Provably Secure Cryptography: State of the Art and Industrial Applications Pascal Paillier Gemplus/R&D/ARSC/STD/Advanced Cryptographic Services FrenchJapanese Joint Symposium on Computer Security Outline
More informationPublic Key Encryption that Allows PIR Queries
Public Key Encryption that Allows PIR Queries Dan Boneh Eyal Kushilevitz Rafail Ostrovsky William E Skeith III Appeared at CRYPTO 2007: 5067 Abstract Consider the following problem: Alice wishes to maintain
More informationMaster s Thesis. Secure Indexes for Keyword Search in Cloud Storage. Supervisor Professor Hitoshi Aida ( ) !!!
Master s Thesis Secure Indexes for Keyword Search in Cloud Storage ( ) 2014 8 Supervisor Professor Hitoshi Aida ( ) Electrical Engineering and Information Systems Graduate School of Engineering The University
More informationRanked Search over Encrypted Cloud Data using Multiple Keywords
Ranked Search over Encrypted Cloud Data using Multiple Keywords [1] Nita Elizabeth Samuel, [2] Revathi B. R, [3] Sangeetha.M, [4] SreelekshmySelvin, [5] Dileep.V.K [1][2][3][4] LBS Institute of Technology
More informationNonBlackBox Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
NonBlackBox Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationLecture 3: OneWay Encryption, RSA Example
ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: OneWay Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require
More informationMessage Authentication Codes 133
Message Authentication Codes 133 CLAIM 4.8 Pr[Macforge A,Π (n) = 1 NewBlock] is negligible. We construct a probabilistic polynomialtime adversary A who attacks the fixedlength MAC Π and succeeds in
More informationMultiInput Functional Encryption for Unbounded Arity Functions
MultiInput Functional Encryption for Unbounded Arity Functions Saikrishna Badrinarayanan, Divya Gupta, Abhishek Jain, and Amit Sahai Abstract. The notion of multiinput functional encryption (MIFE) was
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationThe Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)
The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?) Hugo Krawczyk Abstract. We study the question of how to generically compose symmetric encryption and authentication
More informationDepartment Informatik. PrivacyPreserving Email Forensics. Technical Reports / ISSN 21915008. Frederik Armknecht, Andreas Dewald
Department Informatik Technical Reports / ISSN 21915008 Frederik Armknecht, Andreas Dewald PrivacyPreserving Email Forensics Technical Report CS201503 April 2015 Please cite as: Frederik Armknecht,
More informationCSA E0 235: Cryptography (29/03/2015) (Extra) Lecture 3
CSA E0 235: Cryptography (29/03/2015) Instructor: Arpita Patra (Extra) Lecture 3 Submitted by: Mayank Tiwari Review From our discussion of perfect secrecy, we know that the notion of perfect secrecy has
More informationUniversal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure PublicKey Encryption
Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure PublicKey Encryption Ronald Cramer Victor Shoup December 12, 2001 Abstract We present several new and fairly practical publickey
More informationSecure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment
Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,
More informationAn Efficient MultiKeyword Ranked Secure Search On Crypto Drive With Privacy Retaining
An Efficient MultiKeyword Ranked Secure Search On Crypto Drive With Privacy Retaining 1 B.Sahaya Emelda and 2 Mrs. P. Maria Jesi M.E.,Ph.D., 1 PG Student and 2 Associate Professor, Department of Computer
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBCMAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationKeyword Search over Shared Cloud Data without Secure Channel or Authority
Keyword Search over Shared Cloud Data without Secure Channel or Authority Yilun Wu, Jinshu Su, and Baochun Li College of Computer, National University of Defense Technology, Changsha, Hunan, China Department
More informationShared and Searchable Encrypted Data for Untrusted Servers
Shared and Searchable Encrypted Data for Untrusted Servers Changyu Dong 1, Giovanni Russello 2, Naranker Dulay 1 1 Department of Computing, 2 Security Area, Imperial College London, CreateNet, 180 Queen
More informationYale University Department of Computer Science
Yale University Department of Computer Science On Backtracking Resistance in Pseudorandom Bit Generation (preliminary version) Michael J. Fischer Michael S. Paterson Ewa Syta YALEU/DCS/TR1466 October
More informationRanked Keyword Search Using RSE over Outsourced Cloud Data
Ranked Keyword Search Using RSE over Outsourced Cloud Data Payal Akriti 1, Ms. Preetha Mary Ann 2, D.Sarvanan 3 1 Final Year MCA, Sathyabama University, Tamilnadu, India 2&3 Assistant Professor, Sathyabama
More informationA Survey and Analysis of Solutions to the. Oblivious Memory Access Problem. Erin Elizabeth Chapman
A Survey and Analysis of Solutions to the Oblivious Memory Access Problem by Erin Elizabeth Chapman A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationIntroduction to Cryptography
Introduction to Cryptography Part 2: publickey cryptography JeanSébastien Coron January 2007 Publickey cryptography Invented by Diffie and Hellman in 1976. Revolutionized the field. Each user now has
More informationMTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic
More information1 Signatures vs. MACs
CS 120/ E177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. KatzLindell 10 1 Signatures vs. MACs Digital signatures
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationcryptography s642 computer security adam everspaugh
cryptography s642 adam everspaugh ace@cs.wisc.edu computer security today Cryptography intro Crypto primitives / Symmetric and asymmetric crypto / MACs / Digital signatures / Key exchange Provable security
More informationLecture 9. Lecturer: Yevgeniy Dodis Spring 2012
CSCIGA.3210001 MATHGA.2170001 Introduction to Cryptography Macrh 21, 2012 Lecture 9 Lecturer: Yevgeniy Dodis Spring 2012 Last time we introduced the concept of Pseudo Random Function Family (PRF),
More informationPrivacypreserving Ranked MultiKeyword Search Leveraging Polynomial Function in Cloud Computing
Privacypreserving Ranked MultiKeyword Search Leveraging Polynomial Function in Cloud Computing Yanzhi Ren, Yingying Chen, Jie Yang, Bin Xie 3 Department of ECE, Stevens Institute of Technology, Hoboken,
More informationTalk announcement please consider attending!
Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationPostQuantum Cryptography #4
PostQuantum Cryptography #4 Prof. Claude Crépeau McGill University http://crypto.cs.mcgill.ca/~crepeau/waterloo 185 ( 186 Attack scenarios Ciphertextonly attack: This is the most basic type of attack
More informationCryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur
Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)
More informationSYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1
SYMMETRIC ENCRYPTION Mihir Bellare UCSD 1 Syntax A symmetric encryption scheme SE = (K,E,D) consists of three algorithms: K and E may be randomized, but D must be deterministic. Mihir Bellare UCSD 2 Correct
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide
More informationProvableSecurity Analysis of Authenticated Encryption in Kerberos
ProvableSecurity Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 303320765
More informationBreaking Generalized DiffieHellman Modulo a Composite is no Easier than Factoring
Breaking Generalized DiffieHellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The DiffieHellman keyexchange protocol may naturally be extended to k > 2
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationPrivacy and Security in Cloud Computing
Réunion CAPPRIS 21 mars 2013 Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧnen Slide 1 Cloud computing Idea: Outsourcing Ø Huge distributed data centers Ø Offer storage and computation Benefit:
More informationChapter 4. Symmetric Encryption. 4.1 Symmetric encryption schemes
Chapter 4 Symmetric Encryption The symmetric setting considers two parties who share a key and will use this key to imbue communicated data with various security attributes. The main security goals are
More informationCOM S 687 Introduction to Cryptography October 19, 2006
COM S 687 Introduction to Cryptography October 19, 2006 Lecture 16: NonMalleability and Public Key Encryption Lecturer: Rafael Pass Scribe: Michael George 1 NonMalleability Until this point we have discussed
More informationSecurity over Cloud Data through Encryption Standards
Security over Cloud Data through Encryption Standards Santhi Baskaran 1, Surya A 2, Stephen Pius C 3, Sudesh Goud G 4 1 Professor, 2,3,4 Student, Department of Information Technology, Pondicherry Engineering
More informationNew Efficient Searchable Encryption Schemes from Bilinear Pairings
International Journal of Network Security, Vol.10, No.1, PP.25 31, Jan. 2010 25 New Efficient Searchable Encryption Schemes from Bilinear Pairings Chunxiang Gu and Yuefei Zhu (Corresponding author: Chunxiang
More informationLecture 13: Message Authentication Codes
Lecture 13: Message Authentication Codes Last modified 2015/02/02 In CCA security, the distinguisher can ask the library to decrypt arbitrary ciphertexts of its choosing. Now in addition to the ciphertexts
More informationAuthenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense
More informationIdentityBased Encryption from the Weil Pairing
Appears in SIAM J. of Computing, Vol. 32, No. 3, pp. 586615, 2003. An extended abstract of this paper appears in the Proceedings of Crypto 2001, volume 2139 of Lecture Notes in Computer Science, pages
More informationMAC. SKE in Practice. Lecture 5
MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve
More informationSecurity Analysis of DRBG Using HMAC in NIST SP 80090
Security Analysis of DRBG Using MAC in NIST SP 80090 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@ufukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur Lecture No. #06 Cryptanalysis of Classical Ciphers (Refer
More informationParallel and Dynamic Searchable Symmetric Encryption
Parallel and Dynamic Searchable Symmetric Encryption Seny Kamara 1 and Charalampos Papamanthou 2 1 Microsoft Research, senyk@microsoft.com 2 UC Berkeley, cpap@cs.berkeley.edu Abstract. Searchable symmetric
More informationLecture 2: Complexity Theory Review and Interactive Proofs
600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography
More informationPrivacy Preserving String Matching for Cloud Computing
2015 IEEE 35th International Conference on Distributed Computing Systems Privacy Preserving String Matching for Cloud Computing Bruhadeshwar Bezawada,AlexX.Liu, Bargav Jayaraman, Ann L. Wang and Rui Li
More informationMultiUser Private Queries over Encrypted Databases
MultiUser Private Queries over Encrypted Databases Y.J. Yang* Institute for Infocomm Research, Singapore 138632 Email: yyang@i2r.astar.edu.sg *Corresponding author X.H. Ding School of Information Systems,
More informationCryptographic treatment of CryptDB s Adjustable Join
Cryptographic treatment of CryptDB s Adjustable Join Raluca Ada Popa and Nickolai Zeldovich MIT CSAIL March 25, 2012 1 Introduction In this document, we provide a cryptographic treatment of the adjustable
More informationLeakageResilient Authentication and Encryption from Symmetric Cryptographic Primitives
LeakageResilient Authentication and Encryption from Symmetric Cryptographic Primitives Olivier Pereira Université catholique de Louvain ICTEAM Crypto Group B1348, Belgium olivier.pereira@uclouvain.be
More informationProofs in Cryptography
Proofs in Cryptography Ananth Raghunathan Abstract We give a brief overview of proofs in cryptography at a beginners level. We briefly cover a general way to look at proofs in cryptography and briefly
More informationPrivate Searching On Streaming Data
Journal of Cryptology, Volume 20:4, pp. 397430, October 2007. 1 Private Searching On Streaming Data Rafail Ostrovsky William E. Skeith III Abstract In this paper, we consider the problem of private searching
More informationNetwork Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015
Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationError oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm
Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counterparts of the message authentication schemes in the public
More informationScalable Private Database Querying for Arbitrary Formulas
Scalable Private Database Querying for Arbitrary Formulas Vladimir Kolesnikov (Bell Labs) Seung Geol Choi, Angelos Keromytis, Fernando Krell, Tal Malkin, Vasilis Pappas and Binh Vo (Columbia) Wesley George
More informationChapter 12. Digital signatures. 12.1 Digital signature schemes
Chapter 12 Digital signatures In the public key setting, the primitive used to provide data integrity is a digital signature scheme. In this chapter we look at security notions and constructions for this
More informationVerifiable Delegation of Computation over Large Datasets
Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T Cloud Computing Data D Code F Y F(D) Cloud could be malicious
More informationSeclusion Search over Encrypted Data in Cloud Storage Services
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 3, March 2015,
More informationDemocratic Group Signatures on Example of Joint Ventures
Democratic Group Signatures on Example of Joint Ventures Mark Manulis HorstGörtz Institute RuhrUniversity of Bochum D44801, Germany EMail: mark.manulis@rub.de Abstract. In the presence of economic globalization
More informationChapter 2 TSAS: ThirdParty Storage Auditing Service
Chapter 2 TSAS: ThirdParty Storage Auditing Service Abstract In cloud storage systems, data owners host their data on cloud servers and users (data consumers) can access the data from cloud servers Due
More informationIntroduction to Modern Cryptography
Introduction to Modern Cryptography 3rd lecture: Computational Security of PrivateKey Encryption and Pseudorandomness some of these slides are copied from or heavily inspired by the University College
More informationKeywords: cloud computing, multiple keywords, service provider, search request, ranked search
Volume 5, Issue 1, January 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com A Survey on
More information1 Domain Extension for MACs
CS 127/CSCI E127: Introduction to Cryptography Prof. Salil Vadhan Fall 2013 Reading. Lecture Notes 17: MAC Domain Extension & Digital Signatures KatzLindell Ÿ4.34.4 (2nd ed) and Ÿ12.012.3 (1st ed).
More informationThe Complexity of Online Memory Checking
The Complexity of Online Memory Checking Moni Naor Guy N. Rothblum Abstract We consider the problem of storing a large file on a remote and unreliable server. To verify that the file has not been corrupted,
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationSecure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm
Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm Twinkle Graf.F 1, Mrs.Prema.P 2 1 (M.E CSE, Dhanalakshmi College of Engineering, Chennai, India) 2 (Asst. Professor
More informationComments on "public integrity auditing for dynamic data sharing with multiuser modification"
University of Wollongong Research Online Faculty of Engineering and Information Sciences  Papers Faculty of Engineering and Information Sciences 2016 Comments on "public integrity auditing for dynamic
More informationDeveloping and Investigation of a New Technique Combining Message Authentication and Encryption
Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas ElQawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.
More information36 Toward Realizing PrivacyPreserving IPTraceback
36 Toward Realizing PrivacyPreserving IPTraceback The IPtraceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More information