Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers

Size: px
Start display at page:

Download "Verifiable Outsourced Computations Outsourcing Computations to Untrusted Servers"

Transcription

1 Outsourcing Computations to Untrusted Servers Security of Symmetric Ciphers in Network Protocols ICMS, May 26, 2015, Edinburgh

2 Problem Motivation

3 Problem Motivation

4 Problem Motivation

5 Problem Motivation

6 Problem Motivation

7 Problem Motivation

8 Table of Contents 1 Single-Client Verifiable Computation 2 3 4

9 Building Blocks Security Models Single-Client Verifiable Computation

10 Verifiable Computation Building Blocks Security Models Verifiable Computation Scheme Pre-processing: one-time stage in which client computes some auxiliary information associated with F Input Preparation: client prepares some auxiliary (public and private) information about x and sends public part σ x to S Output Computation: server computes a string σ y which encodes F (x) and returns it to the client Verification: from the value σ y, the client can compute the value F (x) and verify its correctness Gennaro, Gentry, Parno. Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers. Crypto 2010.

11 Requirements and Properties Building Blocks Security Models Efficiency: Input preperation and output verification must take less time than computing F from scratch Amortized notion of efficiency Privacy: Input and output privacy

12 Building Blocks Security Models Yao s Protocol for Two-party Computation Yao presented the first protocol for secure (two-party) computation A plain circuit is evaluated by setting values to its input gates for each gate: compute the value of the outgoing wire as a function of the wires going into the gate Secure computation no party should learn the values of any internal wires Yao s protocol compiler which takes a circuit and transforms it to a circuit which hides all information but the final output

13 An AND Gate Single-Client Verifiable Computation Building Blocks Security Models u v w

14 Building Blocks Security Models An AND Gate with Garbled Values u v w ku 0 kv 0 kw 0 ku 0 kv 1 kw 0 ku 1 kv 0 kw 0 ku 1 kv 1 kw 1 for each wire we choose two random labels ku, 0 ku 1 $ {0, 1} κ they represent the bit values 0 or 1

15 A Garbled AND Gate Building Blocks Security Models u v w ku 0 kv 0 E k 0 u (E k 0 v (kw 0 )) ku 0 kv 1 E k 0 u (E k 1 v (kw 0 )) ku 1 kv 0 E k 1 u (E k 0 v (kw 0 )) ku 1 kv 1 E k 1 u (E k 1 v (kw 1 )) The actual garbled gate is the permutation of the ciphertexts given k 0 u and k 1 v can only obtain k 0 w since rows are permuted, the party has no idea if it obtained a key for 0 or 1

16 Output Translation Building Blocks Security Models If the gate is an output gate, need to provide decryption of the output wire Keys known to the evaluator can decrypt only a single entry (random wire key) Output translation table: [(0, k 0 w ), (1, k 1 w )]

17 Building Blocks Security Models Repeated Evaluation of Garbled Circuit Yao s Garbled Circuit construction is not reusable Reusable garbled circuit scheme [GKPVZ13] Amortized efficiency notion: one expensive pre-processing and then we shall be able to outsource many evaluations for the same function Reusability by using FHE instead of revealing the key-labels associated with the input x, the client will encrypt those labels under the public key of a FHE scheme Rejection problem: if client detects malformed response then client terminates. Otherwise A learns an additional bit of information by sending another request

18 VC Scheme Single-Client Verifiable Computation Building Blocks Security Models 1 (PK, SK) KeyGen(F, κ) 2 (σ x, τ x ) ProbGen(SK, x) 3 σ y Compute(PK, σ x ) 4 y Verify(SK, σ y )

19 VC Scheme Single-Client Verifiable Computation Building Blocks Security Models 1 (PK, SK) KeyGen(F, κ) follow Yao s Garbled circuit construction compute for each gate the four ciphertexts PK is full set of ciphertexts; SK is full set of wire values 2 (σ x, τ x ) ProbGen(SK, x) 3 σ y Compute(PK, σ x ) 4 y Verify(SK, σ y )

20 VC Scheme Single-Client Verifiable Computation Building Blocks Security Models 1 (PK, SK) KeyGen(F, κ) 2 (σ x, τ x ) ProbGen(SK, x) run FHE KeyGen and pick wire values representing the binary expression of x encrypt the representation under the FHE public key client keeps FHE secret key private 3 σ y Compute(PK, σ x ) 4 y Verify(SK, σ y )

21 VC Scheme Single-Client Verifiable Computation Building Blocks Security Models 1 (PK, SK) KeyGen(F, κ) 2 (σ x, τ x ) ProbGen(SK, x) 3 σ y Compute(PK, σ x ) server constructs appropriate decryption circuit repeatedly homomorphically evaluate with σ x (basically decrypting our way through the ciphertexts) it outputs wire w i corresponding to y = F (x) and homomorphically encrypts it with the FHE public key 4 y Verify(SK, σ y )

22 VC Scheme Single-Client Verifiable Computation Building Blocks Security Models 1 (PK, SK) KeyGen(F, κ) 2 (σ x, τ x ) ProbGen(SK, x) 3 σ y Compute(PK, σ x ) 4 y Verify(SK, σ y ) use FHE secret key to decrypt σ y obtaining w i use secret key to map the wire values to an output y if decryption fails, output

23 Security Models Single-Client Verifiable Computation Building Blocks Security Models Verifiability scheme is secure if malicious server cannot convince the verification algorithm to accept an incorrect output A gets oracle access to generate the encoding of multiple problem instances A does not learn whether the output was accepted or not Privacy input privacy defined on a typical indistinguishability argument that guarantees that no information about the inputs is leaked

24

25 - Overview Additional properties: Public Delegability - anyone can outsource a computation Public Verifiability - anyone can verify a result Construction is based on the use of KP-ABE

26 Publicly Verifiable Outsourced Computation Parno, Raykova, Vaikuntanathan. How to delegate and verify in Public: Verifiable Computation from. TCC 2012.

27 Publicly Verifiable Outsourced Computation Parno, Raykova, Vaikuntanathan. How to delegate and verify in Public: Verifiable Computation from. TCC 2012.

28 Publicly Verifiable Outsourced Computation Parno, Raykova, Vaikuntanathan. How to delegate and verify in Public: Verifiable Computation from. TCC 2012.

29 Publicly Verifiable Outsourced Computation Parno, Raykova, Vaikuntanathan. How to delegate and verify in Public: Verifiable Computation from. TCC 2012.

30 Publicly Verifiable Outsourced Computation Parno, Raykova, Vaikuntanathan. How to delegate and verify in Public: Verifiable Computation from. TCC 2012.

31 ABE is a public key, functional encryption primitive ABE allows decryption of a ciphertext iff some policy formula is satisfied Variants of ABE schemes: Key-policy (KP-ABE) Ciphertext-policy (CP-ABE) Dual-policy (DP-ABE)

32 Key-policy

33 Key-policy

34 Key-policy

35 Key-policy

36 Key-policy

37 Key-policy

38 Key-policy

39 Key-policy

40 Key-policy

41

42

43 Overview Single-Client Verifiable Computation Notion of Revocable Enable revocation of misbehaving servers Enable servers to compute multiple functions Alderman, Janson, Cid, Crampton. Revocation in Publicly Verifiable Outsourced Computation. Inscrypt 2014.

44 Construction Details RPVC extends the Parno et al. scheme that uses KP-ABE in a black-box manner Restrict attention to Boolean functions closed under complement; in particular the complexity class NC 1 Functions can be built from common operations such as AND, OR, NOT, equality and comparison operators, arithmetic operators and regular expressions

45 Technical Details Single-Client Verifiable Computation Assume the existence of a revocable KP-ABE scheme for a class of functions F that is closed under complement Make use of a signature scheme and a one-way function g Universes of attributes acceptable by the ABE scheme: U ID comprises attributes representing entity identifiers U time comprises attributes representing time periods issued by the time source T U F be a universe of attribute labels representing functions U attr form characteristic tuples for input values to outsourced computations

46 Input Data as Attributes Define attribute universe U = {A 1, A 2, A 3 } Read input data as a binary string Select attributes corresponding to 1 s in the binary string Example: X = 101 X = {A 1, A 3 }

47 Policy Label Single-Client Verifiable Computation Add a conjunctive clause with an attribute label Labels let us query keys for multiple functions Labels give us oracle access for Security Games We also add the function attribute to the attribute set representing the input data x f

48 Construction Overview Setup two independant ABE schemes Client encrypts two random messages m 0 and m 1 Server must attempt to decrypt d 0 using a key for F and d 1 with a key for F. Only one decryption will succeed Well-formed response θ F (x), comprising recovered plaintexts (d b, d 1 b ), satisfies the following, where RK F,x = b: { (m b, ), if F (x) = 1 (d b, d 1 b ) = (, m 1 b ), if F (x) = 0 Flipping b $ {0, 1} enables us to hide the structure and leads to blind verification

49 Setup Single-Client Verifiable Computation (PP, MK) RPVC.Setup(1 κ ) U = U attr U ID U time U F (MPK 0 ABE, MSK 0 ABE ) ABE.Setup(1κ, U) (MPK 1 ABE, MPK 1 ABE ) ABE.Setup(1κ, U) PP = (MPK 0 ABE, MPK 1 ABE, L Reg, T) MSK = (MSK 0 ABE, MSK 1 ABE, L Rev)

50 Register Single-Client Verifiable Computation SK S RPVC.Register(S, MK, PP) (SK Sig, VK Sig ) Sig.KeyGen(1 κ ) SK S = SK Sig L Reg [S][0] = VK Sig

51 Certify Single-Client Verifiable Computation EK F,S RPVC.Certify(S, F, MK, PP) SKABE 0 ABE.KeyGen(S, F f, MSK ABE 0, MPK ABE 0 ) SKABE 1 ABE.KeyGen(S, F f, MSK ABE 1, MPK ABE 1 ) UKL 0 Rev,t ABE.KeyUpdate(L Rev, t, MSKABE 0, MPK ABE 0 ) UKL 1 Rev,t ABE.KeyUpdate(L Rev, t, MSKABE 1, MPK ABE 1 ) Output: EK F,S = (SKABE 0, SK ABE 1, UK L 0 Rev,t, UK L 1 Rev,t )

52 ProbGen Single-Client Verifiable Computation (σ F,x, VK F,x, RK F,x ) RPVC.ProbGen(x, PK F, PP) (m 0, m 1 ) $ M M and b $ {0, 1} c b ABE.Encrypt(m b, (x f ), t, MPKABE 0 ) c 1 b ABE.Encrypt(m 1 b, (x f ), t, MPKABE 1 ) Output: σ F,x = (c b, c 1 b ), VK F,x = (g(m b ), g(m 1 b ), L Reg )

53 Compute Single-Client Verifiable Computation θ F (x) RPVC.Compute(σ F,x, EK F,S, SK S, PP) d b ABE.Decrypt(c b, SKABE 0, MPK ABE 0, UK L 0 Rev,t ) d 1 b ABE.Decrypt(c 1 b, SKABE 1, MPK ABE 1, UK L 1 Rev,t ) γ Sig.Sign((d b, d 1 b, S), SK S ) Output: θ F (x) = (d b, d 1 b, S, γ)

54 BVerif Single-Client Verifiable Computation (RT F,x, τ θf (x) ) RPVC.BVerif(θ F (x), VK F,x, PP) Sig.Verify((d b, d 1 b, S), γ, VK Sig ) accept g(m b ) = g(d b ) then (RT F,x = d b, τ θf (x) = (accept, S)) g(m 1 b ) = g(d 1 b ) then (RT F,x = d 1 b, τ θf (x) = (accept, S))

55 Retrieve Single-Client Verifiable Computation ŷ RPVC.Retrieve(τ θf (x), RT F,x, VK F,x, RK F,x, PP) If τ θf (x) = (accept, S) g(rt F,x ) = g(m 0 ) then ŷ = 1 g(rt F,x ) = g(m 1 ) then ŷ = 0 If τ θf (x) = (reject, S) then ŷ =

56 Revoke Single-Client Verifiable Computation {EK F,S } or RPVC.Revoke(τ θf (x), MK, PP) If τ θf (x) = (reject, S) UKL 0 F,t+1 ABE.KeyUpdate(L Rev, t + 1, MSKABE 0, MPK ABE 0 ) UKL 1 F,t+1 ABE.KeyUpdate(L Rev, t + 1, MSKABE 1, MPK ABE 1 ) Update EK F,S = (SKABE 0, SK ABE 1, UK L 0 Rev,t+1, UK L 1 Rev,t+1 )

57

58 Overview Single-Client Verifiable Computation Multi-client Non-interactive Verifiable Computation [CKKC13] Publicly Verifiable Delegation of Large Polynomials and Matrix Computations, with Application [FG12] Private Outsourcing of Polynomial Evaluation and Matrix Multiplication using Multilinear Maps [ZS13] Access Control in [AJCC15a] Memory Delegation [CKLR11] Hybrid [AJCC15b] Outsourcing Private RAM Computations [GHRW14]

59

60 Summary Single-Client Verifiable Computation Motivated the problem of Verifiable Computation Yao s Garbled Circuit construction provides one-time verifiability Publicly VC via Key-policy Revocation mechanism for PVC

61 Thank You Questions?

Computing on Encrypted Data

Computing on Encrypted Data Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy

More information

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data

Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data Secure Attribute Based Mechanism through Access cipher policy in Outsourced Cloud Data V.Abinaya PG Scholar Kalasalingam Institute of Technology Krishnankoil. V.Ramesh Assistant professor Kalasalingam

More information

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control.

Keywords: Authentication, Third party audit, cloud storage, cloud service provider, Access control. Volume 5, Issue 3, March 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Identity Based

More information

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA THE PUBLISHING HOUSE PROCEEDINGS OF THE ROMANIAN ACADEMY, Series A, OF THE ROMANIAN ACADEMY Volume 14, Number 1/2013, pp. 72 77 NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA Laurenţiu BURDUŞEL Politehnica

More information

Verifiable Delegation of Computation over Large Datasets

Verifiable Delegation of Computation over Large Datasets Verifiable Delegation of Computation over Large Datasets Siavosh Benabbas University of Toronto Rosario Gennaro IBM Research Yevgeniy Vahlis AT&T Cloud Computing Data D Code F Y F(D) Cloud could be malicious

More information

Concrete Attribute-Based Encryption Scheme with Verifiable Outsourced Decryption

Concrete Attribute-Based Encryption Scheme with Verifiable Outsourced Decryption Concrete Attribute-Based Encryption Scheme with Verifiable Outsourced Decryption Abstract: Charan 1, K Dinesh Kumar 2, D Arun Kumar Reddy 3 1 P.G Scholar, 2 Assistant Professor, 3 Associate Professor 1,2,3

More information

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve N.S. Jeya karthikka PG Scholar Sri Ramakrishna Engg Collg S.Bhaggiaraj Assistant Professor Sri Ramakrishna Engg Collg V.Sumathy

More information

Paillier Threshold Encryption Toolbox

Paillier Threshold Encryption Toolbox Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created

More information

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012 Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database

More information

Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud

Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud 1 Secure and Verifiable Policy Update Outsourcing for Big Data Access Control in the Cloud Kan Yang Associate Member IEEE Xiaohua Jia Fellow IEEE Kui Ren Senior Member IEEE Abstract Due to the high volume

More information

Outsourcing the Decryption of ABE Ciphertexts

Outsourcing the Decryption of ABE Ciphertexts Outsourcing the Decryption of ABE Ciphertexts Matthew Green and Susan Hohenberger Johns Hopkins University Brent Waters UT Austin Background A problem Securing records in a data-sharing environment E.g.,

More information

Categorical Heuristic for Attribute Based Encryption in the Cloud Server

Categorical Heuristic for Attribute Based Encryption in the Cloud Server Categorical Heuristic for Attribute Based Encryption in the Cloud Server R. Brindha 1, R. Rajagopal 2 1( M.E, Dept of CSE, Vivekanandha Institutes of Engineering and Technology for Women, Tiruchengode,

More information

Enforcing Role-Based Access Control for Secure Data Storage in the Cloud

Enforcing Role-Based Access Control for Secure Data Storage in the Cloud The Author 211. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions please email: journals.permissions@oup.com Advance Access publication

More information

Information Security Theory vs. Reality

Information Security Theory vs. Reality Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 14: More on vulnerability and exploits, Fully homomorphic encryption Eran Tromer Slides credit: Vinod Vaikuntanathan (U. Toronto)

More information

Multi-Input Functional Encryption for Unbounded Arity Functions

Multi-Input Functional Encryption for Unbounded Arity Functions Multi-Input Functional Encryption for Unbounded Arity Functions Saikrishna Badrinarayanan, Divya Gupta, Abhishek Jain, and Amit Sahai Abstract. The notion of multi-input functional encryption (MI-FE) was

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

CLOUD computing systems, in which the clients

CLOUD computing systems, in which the clients IEEE TRANSACTIONS ON CLOUD COMPUTING, VOL. X, NO. X, JANUARY 20XX 1 A Practical, Secure, and Verifiable Cloud Computing for Mobile Systems Sriram N. Premnath, Zygmunt J. Haas, Fellow, IEEE arxiv:1410.1389v1

More information

Homomorphic encryption and emerging technologies COSC412

Homomorphic encryption and emerging technologies COSC412 Homomorphic encryption and emerging technologies COSC412 Learning objectives Describe useful work that can be done on encrypted data Appreciate the overall way in which an example homomorphic encryption

More information

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD S.REVATHI B.HASEENA M.NOORUL IZZATH PG Student PG Student PG Student II- ME CSE II- ME CSE II- ME CSE Al-Ameen Engineering

More information

Anonymity and Time in Public-Key Encryption

Anonymity and Time in Public-Key Encryption Anonymity and Time in Public-Key Encryption Elizabeth Anne Quaglia Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group Department of Mathematics

More information

Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment

Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment Time-Based Proxy Re-encryption Scheme for Secure Data Sharing in a Cloud Environment Qin Liu a,b, Guojun Wang a,, Jie Wu b a School of Information Science and Engineering Central South Uversity Changsha,

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

Research Article Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation

Research Article Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation e Scientific World Journal, Article ID 413265, 7 pages http://dx.doi.org/10.1155/2014/413265 Research Article Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation Yi Sun, 1 Qiaoyan Wen,

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

A Fully Homomorphic Encryption Implementation on Cloud Computing

A Fully Homomorphic Encryption Implementation on Cloud Computing International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 8 (2014), pp. 811-816 International Research Publications House http://www. irphouse.com A Fully Homomorphic

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Non-interactive and Reusable Non-malleable Commitment Schemes

Non-interactive and Reusable Non-malleable Commitment Schemes Non-interactive and Reusable Non-malleable Commitment Schemes Ivan Damgård a Jens Groth b June 16, 2003 Abstract We consider non-malleable (NM) and universally composable (UC) commitment schemes in the

More information

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

Controlled Functional Encryption

Controlled Functional Encryption Controlled Functional Encryption Muhammad Naveed 1, Shashank Agrawal 1, Manoj Prabhakaran 1, Xiaofeng Wang 2, Erman Ayday 3, Jean-Pierre Hubaux 3 and Carl A. Gunter 1 1 University of Illinois at Urbana-Champaign

More information

Secure Deduplication of Encrypted Data without Additional Independent Servers

Secure Deduplication of Encrypted Data without Additional Independent Servers Secure Deduplication of Encrypted Data without Additional Independent Servers Jian Liu Aalto University jian.liu@aalto.fi N. Asokan Aalto University and University of Helsinki asokan@acm.org Benny Pinkas

More information

Data Sharing on Untrusted Storage with Attribute-Based Encryption

Data Sharing on Untrusted Storage with Attribute-Based Encryption Data Sharing on Untrusted Storage with Attribute-Based Encryption by Shucheng Yu A Dissertation Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE In partial fulfillment of the requirements

More information

ZIDS - A Privacy-Preserving Intrusion Detection System using Secure Two-Party Computation Protocols

ZIDS - A Privacy-Preserving Intrusion Detection System using Secure Two-Party Computation Protocols ZIDS - A Privacy-Preserving Intrusion Detection System using Secure Two-Party Computation Protocols Salman Niksefat 1, Babak Sadeghiyan 1, Payman Mohassel 2 and Saeed Sadeghian 2 1 Computer Engineering

More information

Role Based Encryption with Efficient Access Control in Cloud Storage

Role Based Encryption with Efficient Access Control in Cloud Storage Role Based Encryption with Efficient Access Control in Cloud Storage G. V. Bandewar 1, R. H. Borhade 2 1 Department of Information Technology, Sinhgad Technical Education Society s SKNCOE, Pune, India

More information

CS155. Cryptography Overview

CS155. Cryptography Overview CS155 Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable

More information

Lecture 3: One-Way Encryption, RSA Example

Lecture 3: One-Way Encryption, RSA Example ICS 180: Introduction to Cryptography April 13, 2004 Lecturer: Stanislaw Jarecki Lecture 3: One-Way Encryption, RSA Example 1 LECTURE SUMMARY We look at a different security property one might require

More information

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud

An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud Sanjay Madria Professor and Site Director for NSF I/UCRC Center on Net-Centric Software and Systems Missouri University

More information

Fine-Grained Access Control System based on Outsourced Attribute-based Encryption

Fine-Grained Access Control System based on Outsourced Attribute-based Encryption Fine-Grained Access Control System based on Outsourced Attribute-based Encryption Jin Li 1, Xiaofeng Chen 2, Jingwei Li 3, Chunfu Jia 3, Jianfeng Ma 4, Wenjing Lou 5 1 School of Computer Science and Educational

More information

Outsourcing the Decryption of ABE Ciphertexts

Outsourcing the Decryption of ABE Ciphertexts Outsourcing the Decryption of ABE Ciphertexts Matthew Green Johns Hopkins University Susan Hohenberger Johns Hopkins University Brent Waters University of Texas at Austin Abstract Attribute-based encryption

More information

Chosen-Ciphertext Security from Identity-Based Encryption

Chosen-Ciphertext Security from Identity-Based Encryption Chosen-Ciphertext Security from Identity-Based Encryption Dan Boneh Ran Canetti Shai Halevi Jonathan Katz Abstract We propose simple and efficient CCA-secure public-key encryption schemes (i.e., schemes

More information

Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries

Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries Blazing Fast 2PC in the Offline/Online Setting with Security for Malicious Adversaries Yehuda Lindell Ben Riva October 12, 2015 Abstract Recently, several new techniques were presented to dramatically

More information

Definitions for Predicate Encryption

Definitions for Predicate Encryption Definitions for Predicate Encryption Giuseppe Persiano Dipartimento di Informatica, Università di Salerno, Italy giuper@dia.unisa.it Thursday 12 th April, 2012 Cryptographic Proofs 1 Content Results on

More information

How to Run Turing Machines on Encrypted Data

How to Run Turing Machines on Encrypted Data How to Run Turing Machines on Encrypted Data Shafi Goldwasser Yael Kalai Raluca Ada Popa Vinod Vaikuntanathan Nickolai Zeldovich MIT CSAIL Microsoft Research University of Toronto Abstract. Algorithms

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage

Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage Abstract: Cloud computing is one of the emerge technologies. To protect the data and privacy of users the access

More information

VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

More information

Secure Data Exchange: A Marketplace in the Cloud

Secure Data Exchange: A Marketplace in the Cloud Secure Data Exchange: A Marketplace in the Cloud Ran Gilad-Bachrach 1, Kim Laine 1, Kristin Lauter 1, Peter Rindal 1,2, and Mike Rosulek 1,2 1 Microsoft Research, Redmond, USA 2 Oregon State University,

More information

Privacy Patterns in Public Clouds

Privacy Patterns in Public Clouds Privacy Patterns in Public Clouds Sashank Dara Security Technologies Group, Cisco Systems, Bangalore email: krishna.sashank@gmail.com January 25, 2014 Abstract Internet users typically consume a wide range

More information

3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback 3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

More information

OOo Digital Signatures. Malte Timmermann Technical Architect Sun Microsystems GmbH

OOo Digital Signatures. Malte Timmermann Technical Architect Sun Microsystems GmbH OOo Digital Signatures Malte Timmermann Technical Architect Sun Microsystems GmbH About the Speaker Technical Architect in OpenOffice.org/StarOffice development OOo/StarOffice developer since 1991/94 Main

More information

Whitewash: Outsourcing Garbled Circuit Generation for Mobile Devices

Whitewash: Outsourcing Garbled Circuit Generation for Mobile Devices Whitewash: Outsourcing Garbled Circuit Generation for Mobile Devices Henry Carter Georgia Institute of Technology carterh@gatech.edu Patrick Traynor Georgia Institute of Technology traynor@cc.gatech.edu

More information

A Hierarchical Distributed Authority based Model for Security and Integrity in Cloud Computing

A Hierarchical Distributed Authority based Model for Security and Integrity in Cloud Computing IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 12 June 2015 ISSN (online): 2349-784X A Hierarchical Distributed Authority based Model for Security and Integrity in Cloud

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results

Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results Ensuring Integrity in Cloud Computing via Homomorphic Digital Signatures: new tools and results Dario Catalano Dario Fiore Luca Nizzardo University of Catania Italy IMDEA Software Institute Madrid, Spain

More information

Authentication and Encryption: How to order them? Motivation

Authentication and Encryption: How to order them? Motivation Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in

More information

Attributed-based Access Control for Multi-Authority Systems in Cloud Storage

Attributed-based Access Control for Multi-Authority Systems in Cloud Storage 2012 32nd IEEE International Conference on Distributed Computing Systems Attributed-based Access Control for Multi-Authority Systems in Cloud Storage Kan Yang Department of Computer Science City University

More information

To Provide Security & Integrity for Storage Services in Cloud Computing

To Provide Security & Integrity for Storage Services in Cloud Computing To Provide Security & Integrity for Storage Services in Cloud Computing 1 vinothlakshmi.s Assistant Professor, Dept of IT, Bharath Unversity, Chennai, TamilNadu, India ABSTRACT: we propose in this paper

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Privacy and Security in Cloud Computing

Privacy and Security in Cloud Computing Réunion CAPPRIS 21 mars 2013 Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧnen Slide 1 Cloud computing Idea: Outsourcing Ø Huge distributed data centers Ø Offer storage and computation Benefit:

More information

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI Volume: 2, Issue: 7, 20-27 July 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Miss Rohini Vidhate Savitribai Phule Pune University. Mr. V. D. Shinde Savitribai

More information

Identity-based Encryption with Efficient Revocation

Identity-based Encryption with Efficient Revocation A preliminary version of this paper appears in Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2008, ACM Press, 2008. This is the full version. Identity-based Encryption

More information

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design. Privacy-Preserving Public Auditing For Secure Cloud Storage ABSTRACT: Using cloud storage, users can remotely store their data and enjoy the on-demand high-quality applications and services from a shared

More information

A PPENDIX G S IMPLIFIED DES

A PPENDIX G S IMPLIFIED DES A PPENDIX G S IMPLIFIED DES William Stallings opyright 2010 G.1 OVERVIEW...2! G.2 S-DES KEY GENERATION...3! G.3 S-DES ENRYPTION...4! Initial and Final Permutations...4! The Function f K...5! The Switch

More information

Secure Computation Martin Beck

Secure Computation Martin Beck Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties

More information

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

More information

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter Microsoft Research Redmond, WA, USA {benaloh,melissac,horvitz,klauter}@microsoft.com

More information

Scalable and secure sharing of data in cloud computing using attribute based encryption

Scalable and secure sharing of data in cloud computing using attribute based encryption Volume :2, Issue :4, 416-420 April 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Ghodake Shubhangi Joshi Priyanka Khobragade Pranjali Chandak Manjiri Scalable

More information

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

More information

Certificate Based Signature Schemes without Pairings or Random Oracles

Certificate Based Signature Schemes without Pairings or Random Oracles Certificate Based Signature Schemes without Pairings or Random Oracles p. 1/2 Certificate Based Signature Schemes without Pairings or Random Oracles Joseph K. Liu, Joonsang Baek, Willy Susilo and Jianying

More information

Data defense in unpredictable Cloud Using Access Control and Access Time

Data defense in unpredictable Cloud Using Access Control and Access Time International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 2 Issue 12 December. 2013 PP.29-34 Data defense in unpredictable Cloud Using Access Control

More information

Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data

Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Boosting Linearly-Homomorphic Encryption to Evaluate Degree-2 Functions on Encrypted Data Dario Catalano 1 and Dario Fiore 2 1 Dipartimento di Matematica e Informatica, Università di Catania, Italy. catalano@dmi.unict.it

More information

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE

EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE EFFICIENT AND SECURE ATTRIBUTE REVOCATION OF DATA IN MULTI-AUTHORITY CLOUD STORAGE Reshma Mary Abraham and P. Sriramya Computer Science Engineering, Saveetha University, Chennai, India E-Mail: reshmamaryabraham@gmail.com

More information

SELS: A Secure E-mail List Service *

SELS: A Secure E-mail List Service * SELS: A Secure E-mail List Service * Himanshu Khurana NCSA Work done with Adam Slagell and Rafael Bonilla * To appear in the Security Track of the ACM Symposium of Applied Computing (SAC), March 2005.

More information

Secure and Efficient Outsourcing of Sequence Comparisons

Secure and Efficient Outsourcing of Sequence Comparisons Secure and Efficient Outsourcing of Sequence Comparisons Marina Blanton 1, Mikhail J. Atallah 2, Keith B. Frikken 3, and Qutaibah Malluhi 4 1 Department of Computer Science and Engineering, University

More information

ScienceDirect. A Practical, Secure, and Verifiable Cloud Computing for Mobile Systems

ScienceDirect. A Practical, Secure, and Verifiable Cloud Computing for Mobile Systems Available online at www.sciencedirect.com ScienceDirect Procedia Computer Science 34 (2014 ) 474 483 The 11th International Conference on Mobile Systems and Pervasive Computing (MobiSPC-2014) A Practical,

More information

Fully homomorphic encryption equating to cloud security: An approach

Fully homomorphic encryption equating to cloud security: An approach IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Private Inference Control For Aggregate Database Queries

Private Inference Control For Aggregate Database Queries Private Inference Control For Aggregate Database Queries Geetha Jagannathan geetha@cs.rutgers.edu Rebecca N. Wright Rebecca.Wright@rutgers.edu Department of Computer Science Rutgers, State University of

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Security Policy for Oracle Advanced Security Option Cryptographic Module

Security Policy for Oracle Advanced Security Option Cryptographic Module Security Policy for Oracle Advanced Security Option Cryptographic Module Version 1.0 September 1999 Prepared by Oracle Corporation A. Scope of Document This document describes the security policy for the

More information

Secure Framework and Sparsity Structure of Linear Programming in Cloud Computing P.Shabana 1 *, P Praneel Kumar 2, K Jayachandra Reddy 3

Secure Framework and Sparsity Structure of Linear Programming in Cloud Computing P.Shabana 1 *, P Praneel Kumar 2, K Jayachandra Reddy 3 Proceedings of International Conference on Emerging Trends in Electrical, Communication and Information Technologies ICECIT, 2012 Secure Framework and Sparsity Structure of Linear Programming in Cloud

More information

Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure

Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure Secure Cloud Storage Hits Distributed String Equality Checking: More Efficient, Conceptually Simpler, and Provably Secure Fei Chen, Tao Xiang, Yuanyuan Yang, Cong Wang, Shengyu Zhang Department of Computer

More information

1 Signatures vs. MACs

1 Signatures vs. MACs CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures

More information

Cryptography for the Cloud

Cryptography for the Cloud Cryptography for the Cloud ENS - CNRS - INRIA Cyber-Sécurité - SPECIF CNAM, Paris, France - November 7th, 2014 The Cloud Introduction 2 Access from Anywhere Introduction 3 Available for Everything One

More information

Ensuring Data Storage Security in Cloud Computing

Ensuring Data Storage Security in Cloud Computing Ensuring Data Storage Security in Cloud Computing Cong Wang 1, Qian Wang 1, Kui Ren 1, and Wenjing Lou 2 1 ECE Department, Illinois Institute of Technology 2 ECE Department, Worcester Polytechnic Institute

More information

Whitewash: Securely Outsourcing Garbled Circuit Generation

Whitewash: Securely Outsourcing Garbled Circuit Generation Whitewash: Securely Outsourcing Garbled Circuit Generation MSR Workshop on Applied Multi-Party Computation February 2014 Henry Hank Carter, Charles Lever, Patrick Traynor SMC on mobile devices Mobile devices

More information

Shared and Searchable Encrypted Data for Untrusted Servers

Shared and Searchable Encrypted Data for Untrusted Servers Shared and Searchable Encrypted Data for Untrusted Servers Changyu Dong 1, Giovanni Russello 2, Naranker Dulay 1 1 Department of Computing, 2 Security Area, Imperial College London, Create-Net, 180 Queen

More information

Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners

Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners Frank Li Richard Shin Vern Paxson Electrical Engineering and Computer Sciences University of California at Berkeley

More information

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud

An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud An Efficient Security Based Multi Owner Data Sharing for Un-Trusted Groups Using Broadcast Encryption Techniques in Cloud T.Vijayalakshmi 1, Balika J Chelliah 2,S.Alagumani 3 and Dr.J.Jagadeesan 4 1 PG

More information

Security of Cloud Computing

Security of Cloud Computing Security of Cloud Computing Fabrizio Baiardi f.baiardi@unipi.it 1 Syllabus Cloud Computing Introduction Definitions Economic Reasons Service Model Deployment Model Supporting Technologies Virtualization

More information

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella

Signature Schemes. CSG 252 Fall 2006. Riccardo Pucella Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by

More information

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers

More information

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS MODULE 13 ELECTRONIC COMMERCE OBJECTIVE QUESTIONS There are 4 alternative answers to each question. One of them is correct. Pick the correct answer. Do not guess. A key is given at the end of the module

More information

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records

Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Patient Controlled Encryption: Ensuring Privacy of Electronic Medical Records Josh Benaloh, Melissa Chase, Eric Horvitz, and Kristin Lauter Microsoft Research Redmond, WA, USA {benaloh,melissac,horvitz,klauter}@microsoft.com

More information

Constant-Round Leakage-Resilient Zero-Knowledge Arguments of Knowledge for NP

Constant-Round Leakage-Resilient Zero-Knowledge Arguments of Knowledge for NP Constant-Round Leakage-Resilient Zero-Knowledge Arguments of Knowledge for NP Hongda Li, Qihua Niu, Guifang Huang 1 The Data Assurance and Communication Security Research Center 2 State Key Lab of Information

More information

On the Achievability of Simulation-Based Security for Functional Encryption

On the Achievability of Simulation-Based Security for Functional Encryption On the Achievability of Simulation-Based Security for Functional Encryption Angelo De Caro 1, Vincenzo Iovino 2, Abhishek Jain 3, Adam O Neill 4, Omer Paneth 4, and Giuseppe Persiano 2 1 NTT Secure Platform

More information

Properties of Secure Network Communication

Properties of Secure Network Communication Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,

More information

Private Inference Control

Private Inference Control Private Inference Control David Woodruff MIT dpwood@mit.edu Jessica Staddon Palo Alto Research Center staddon@parc.com Abstract Access control can be used to ensure that database queries pertaining to

More information

Developing and Investigation of a New Technique Combining Message Authentication and Encryption

Developing and Investigation of a New Technique Combining Message Authentication and Encryption Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas El-Qawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.

More information

Batch Decryption of Encrypted Short Messages and Its Application on Concurrent SSL Handshakes

Batch Decryption of Encrypted Short Messages and Its Application on Concurrent SSL Handshakes Batch Decryption of ncrypted Short Messages and Its Application on Concurrent SSL Handshakes Yongdong Wu and Feng Bao System and Security Department Institute for Infocomm Research 21, Heng Mui Keng Terrace,

More information