SlideShare a Scribd company logo

Tarik Moataz - Encrypted Search: from Research to Real-World Systems

CSNP
CSNP

Boston CSNP - January 2020

Technology
1 of 38
Download to read offline
Encrypted Search From Research to Real-World Systems Tarik Moataz CSNP Boston Chapter Jan 23rd 2020 AROKI
 SYSTEMS
A little bit about me… • Currently • Chief Technology Officer at Aroki Systems (https://aroki.com ) • Associate Director of the Encrypted Systems Lab at Brown University • Visiting Scientist at Brown University • Background • PhD in Computer Science with a focus on Encrypted Search • Some of my Projects: • Pixek - an e2e encrypted Photo App (https://pixek.com) • Clusion - an open source Encrypted Search Java Library 2
3
4 4% 14,717,618,286* *Since 2013 Aroki Systems https://aroki.com
Why so Few? 5 “…because it would have hurt Yahoo’s ability to index and search message data…” — J. Bonforte in NY Times Cost?Incompetence? Lazyness? Aroki Systems https://aroki.com
Once Upon a Time: No Encryption Memory App !6 TLS Full disk encryption Disk Adversary can see decrypted information in RAM Transparent database encryption Current Situation Aroki Systems https://aroki.com
Once Upon a Time: No Encryption Memory App !7 Disk Adversary sees nothing (Almost) Utopian Situation Aroki Systems https://aroki.com
Q:can we search on encrypted data? 8Aroki Systems https://aroki.com
9 Yes. Aroki Systems https://aroki.com
10 tk Encrypted Search Aroki Systems https://aroki.com
Cryptographic Building Blocks 11 Property-Preserving Encryption (PPE) Fully-Homomorphic Encryption (FHE) Functional Encryption (FE) Oblivious RAM (ORAM) Structured Encryption (STE) Aroki Systems https://aroki.com
Performance LeakageFunctionality 12Aroki Systems https://aroki.com
Evolution from 2000-2019 13 Property-Preserving Encryption (PPE) Oblivious RAM (ORAM) Structured Encryption (STE) DET‘06 OPE‘09 OPE proofs‘11 CryptDB‘12 MS Always Enc‘15 PPE attacks‘15 Snapshot PPE‘16 ORAM‘92 Tree-based ORAM ‘12 SSE‘00 Efficient SSE‘06 STE‘10 Boolean SSE’13 OXT; BlindSeer’14 SQL’17 Inference attacks’12 Path ORAM‘13 Volume attacks ‘19 OblivP2P‘16 CS2’12 Clusion; OpenSSE’16 Distribution-Hiding PPE‘18
Q:what is property-preserving encryption? 14Aroki Systems https://aroki.com
Property-Preserving Encryption (PPE) Maintains a well-defined relation between the original data •equality, order, orthogonality, prefix etc 15 Deterministic encryption [BBN06] =plaintext plaintext =Z2hqc2Rh Z2hqc2Rh Order preserving encryption [BCLO09] <16 20 <6372 18974 Prefix preserving encryption [BBKN01] ⎕Secure Security b2trbSxkZg b2trbSxkZgj2Rh⎕ Aroki Systems https://aroki.com
PPE-based Encrypted Search Encryption 16 Employee Age Salary Sam 35 120K Lilly 30 135K Harry 35 135K HR Employees Table Deterministic Encryption Employee Age Salary eXR5bmR Z2hqc2Rh cHF1ZmJk d2Vyd3Nl bHdrdWV5 aGV5ZGJz ZGZzZGV Z2hqc2Rh aGV5ZGJz Encrypted HR Employees Table Aroki Systems https://aroki.com
PPE-based Encrypted Search Search 17 SELECT * FROM Employees Where Salary = 135k Q = Q Employee Age Salary eXR5bmR Z2hqc2Rh cHF1ZmJk d2Vyd3Nl bHdrdWV5 aGV5ZGJz ZGZzZGV Z2hqc2Rh aGV5ZGJz Encrypted HR Employees Table SELECT * FROM Employees Where Salary = aGV5ZGJz Q = Deterministic Encryption Aroki Systems https://aroki.com
• Legacy-friendliness • No changes to backends • (Almost) Zero overhead • Only encryption and decryption added to the client-side processing • High functionality • DTE and OPE enable the evaluation of complex queries 18 But what about security? PPE-based Encrypted Search Pros & Cons Aroki Systems https://aroki.com
Adversarial Models in Encrypted Search Background 19 Snapshot Adversaries Take (multiple) snapshot(s) of the encrypted data •Device theft Persistent Adversaries Observe the entire state of the database including searches and updates •Machine compromise •Malicious host Active Adversaries Are persistent adversaries that CAN deviate from the protocol •File injection
PPE Security Snapshot Adversary 20 PPE attacks Inference Attacks [NKW15] • sorting attack • Cumulative attack ‘15 ‘16 ’17 ‘18 Extension 2 of Inference Attacks [GSNBR17] • non-crossing attack • w/ non-ideal OPE leakage attack • known plaintext/ciphertext attacks Extension 1 of Inference Attacks [DDC16] • inter-column correlation attack • intra+inter-column correlation attack • leakage attacks Extension 3 of Inference Attacks [BGCRS18] • non-crossing attack • w/ non-ideal OPE leakage attack • known plaintext/ciphertext attacks Up to 100% of data recovery in the weakest adversarial model Aroki Systems https://aroki.com
Q:what is structured encryption? 21Aroki Systems https://aroki.com
Structured Encryption (STE) [CK10] DS EDS Setup 1k, DSEDS, Token , qtk tk Query tk, EDSans ans !22Aroki Systems https://aroki.com
Setup 1k, DSEDS, Token , qtk Query tk, EDSans !23 DS EDS tk ans Structured Encryption (STE) [CK10] Setup Leakage
 LS Query Leakage
 LQ
24 File collection File1 File2 File3 File4 File5 File6 data crypto cryptosecurity data data data privacy privacy crypto data security privacy crypto File1 File3 File4 File6 File2 File4 File5 File2 File3 File6 Inverted index STE-based Encrypted Search Instance Aroki Systems https://aroki.com
25 STE-based Encrypted Search Instance STE 
 encryption data security privacy crypto File1 File3 File4 File6 File2 File4 File5 File2 File3 File6 Aroki Systems https://aroki.com
26 STE-based Encrypted Search Instance “data”Q = tk Think of the token as solution to a maze STE encryption “pt1”, “pt2”, “pt3", “pt4”tk = Aroki Systems https://aroki.com
• (Almost) Zero overhead • Optimal search • High functionality • Exact, range and Boolean search • Legacy-friendliness • Recently solved - was unsolved for almost 20 years 27 But what about security? STE-based Encrypted Search Pros & Cons Aroki Systems https://aroki.com
STE Security Snapshot Adversary 28 Encrypted data structure No query 1st query 2nd query … Aroki Systems https://aroki.com
STE Security Persistent Adversary 29 Encrypted data structure No query 1st query 2nd query … Note that the adversary does not learn the content, but the memory locations Aroki Systems https://aroki.com
STE Cryptanalysis 30 STE attacks Snapshot adversary ‘20 No known attack STE attacks Persistent adversary ‘12 IKK attack [IKK12] • Requires 95% knowledge of the user data ‘15 Count attack [CGPR15] • Requires 80% knowledge of the user data ‘16 Range attack [KKNO16] • Distribution assumptions STE attacks Active adversary ‘16 File injection [ZKP16] Query recovery - no data recovery
Tradeoffs: Performance vs. Security 31 Performance STE/SSE-based PPE-based FHE-based ORAM-based skFE-based pkFE-based Leakage Aroki Systems https://aroki.com
Tradeoffs: Functionality vs. Performance 32 SK-FE-based STE/SSE-based PPE-based FHE-based ORAM-based PK-FE-based Performance Functionality Aroki Systems https://aroki.com
Q:can encrypted search be deployed? 33Aroki Systems https://aroki.com
Why Isn’t Encrypted Search Deployed? 34
End-to-End Encryption Messaging / Video 35 messaging video Aroki Systems https://aroki.com
Q: what about databases? 36Aroki Systems https://aroki.com
37 PPE-based Always Encrypted End-to-End Encryption Databases STE-based (coming soon) AROKI
 SYSTEMS Aroki Systems https://aroki.com PPE-based + Trusted hardware 2019
Thank you! @arokisystems https://aroki.com

Recommended

Side by Side with Elasticsearch and Solr
Side by Side with Elasticsearch and SolrSide by Side with Elasticsearch and Solr
Side by Side with Elasticsearch and Solr
Sematext Group, Inc.
 
OSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian Harl
OSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian HarlOSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian Harl
OSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian Harl
NETWAYS
 
CryptoWall: How It Works
CryptoWall: How It WorksCryptoWall: How It Works
CryptoWall: How It Works
Tandhy Simanjuntak
 
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...
Priyanka Aash
 
Side by Side with Elasticsearch & Solr, Part 2
Side by Side with Elasticsearch & Solr, Part 2Side by Side with Elasticsearch & Solr, Part 2
Side by Side with Elasticsearch & Solr, Part 2
Sematext Group, Inc.
 
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
PROIDEA
 
Indexing Present1
Indexing Present1Indexing Present1
Indexing Present1
Nat Weerawan
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty
 

Recommended

Side by Side with Elasticsearch and Solr
Side by Side with Elasticsearch and SolrSide by Side with Elasticsearch and Solr
Side by Side with Elasticsearch and Solr
Sematext Group, Inc.
 
OSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian Harl
OSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian HarlOSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian Harl
OSMC 2010 | RRDCacheD - how to escape the I/O hell by Sebastian Harl
NETWAYS
 
CryptoWall: How It Works
CryptoWall: How It WorksCryptoWall: How It Works
CryptoWall: How It Works
Tandhy Simanjuntak
 
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...
Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Inf...
Priyanka Aash
 
Side by Side with Elasticsearch & Solr, Part 2
Side by Side with Elasticsearch & Solr, Part 2Side by Side with Elasticsearch & Solr, Part 2
Side by Side with Elasticsearch & Solr, Part 2
Sematext Group, Inc.
 
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
PROIDEA
 
Indexing Present1
Indexing Present1Indexing Present1
Indexing Present1
Nat Weerawan
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty
 
How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your Site
Patrick Laverty
 
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
Predix
 
Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015
a4202655
 
MongoDB and Spark
MongoDB and SparkMongoDB and Spark
MongoDB and Spark
Norberto Leite
 
MongoDB.local Dallas 2019: MongoDB and Spark
MongoDB.local Dallas 2019: MongoDB and SparkMongoDB.local Dallas 2019: MongoDB and Spark
MongoDB.local Dallas 2019: MongoDB and Spark
MongoDB
 
ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25
Getting value from IoT, Integration and Data Analytics
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
snyff
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic
 
Building Search for Bitbucket Cloud
Building Search for Bitbucket CloudBuilding Search for Bitbucket Cloud
Building Search for Bitbucket Cloud
Atlassian
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Autodiscovery or The long tail of open data
Autodiscovery or The long tail of open dataAutodiscovery or The long tail of open data
Autodiscovery or The long tail of open data
Connected Data World
 
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
Hyperleger Tokyo Meetup
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
Amazee Labs
 
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
オラクルエンジニア通信
 
Kyiv.py #16 october 2015
Kyiv.py #16 october 2015Kyiv.py #16 october 2015
Kyiv.py #16 october 2015
Andrii Soldatenko
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
INSIGHT FORENSIC
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
Leveraging Apache Spark and Delta Lake for Efficient Data Encryption at Scale
Leveraging Apache Spark and Delta Lake for Efficient Data Encryption at ScaleLeveraging Apache Spark and Delta Lake for Efficient Data Encryption at Scale
Leveraging Apache Spark and Delta Lake for Efficient Data Encryption at Scale
Databricks
 
BRKSEC-3144.pdf
BRKSEC-3144.pdfBRKSEC-3144.pdf
BRKSEC-3144.pdf
HaitamSouissi1
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
sl2square
 
Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
 

More Related Content

Similar to Tarik Moataz - Encrypted Search: from Research to Real-World Systems

エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
Hyperleger Tokyo Meetup
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
Amazee Labs
 
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
オラクルエンジニア通信
 

Similar to Tarik Moataz - Encrypted Search: from Research to Real-World Systems (20)

How a Hacker Sees Your Site
How a Hacker Sees Your SiteHow a Hacker Sees Your Site
How a Hacker Sees Your Site
 
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)PEM1: Device Authentication in IIOT ( Predix Transform 2016)
PEM1: Device Authentication in IIOT ( Predix Transform 2016)
 
Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015
 
MongoDB and Spark
MongoDB and SparkMongoDB and Spark
MongoDB and Spark
 
MongoDB.local Dallas 2019: MongoDB and Spark
MongoDB.local Dallas 2019: MongoDB and SparkMongoDB.local Dallas 2019: MongoDB and Spark
MongoDB.local Dallas 2019: MongoDB and Spark
 
ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25ACM BPM and elasticsearch AMIS25
ACM BPM and elasticsearch AMIS25
 
JWT: jku x5u
JWT: jku x5uJWT: jku x5u
JWT: jku x5u
 
Sumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & ComplianceSumo Logic Cert Jam - Security & Compliance
Sumo Logic Cert Jam - Security & Compliance
 
Building Search for Bitbucket Cloud
Building Search for Bitbucket CloudBuilding Search for Bitbucket Cloud
Building Search for Bitbucket Cloud
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Autodiscovery or The long tail of open data
Autodiscovery or The long tail of open dataAutodiscovery or The long tail of open data
Autodiscovery or The long tail of open data
 
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
エンタープライズブロックチェーン基盤のひとつとしてのHyperledger Fabricの強みと課題
 
Logging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & KibanaLogging with Elasticsearch, Logstash & Kibana
Logging with Elasticsearch, Logstash & Kibana
 
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
[Oracle Innovation Summit Tokyo 2018] ブロックチェーンで切り拓く新たな世界
 
Kyiv.py #16 october 2015
Kyiv.py #16 october 2015Kyiv.py #16 october 2015
Kyiv.py #16 october 2015
 
(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope(130511) #fitalk network forensics and its role and scope
(130511) #fitalk network forensics and its role and scope
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
Leveraging Apache Spark and Delta Lake for Efficient Data Encryption at Scale
Leveraging Apache Spark and Delta Lake for Efficient Data Encryption at ScaleLeveraging Apache Spark and Delta Lake for Efficient Data Encryption at Scale
Leveraging Apache Spark and Delta Lake for Efficient Data Encryption at Scale
 
BRKSEC-3144.pdf
BRKSEC-3144.pdfBRKSEC-3144.pdf
BRKSEC-3144.pdf
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
 

More from CSNP

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
CSNP
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
CSNP
 

More from CSNP (12)

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of Passwords
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in Cryptography
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber Risk
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Tarik Moataz - Encrypted Search: from Research to Real-World Systems

  • 1. Encrypted Search From Research to Real-World Systems Tarik Moataz CSNP Boston Chapter Jan 23rd 2020 AROKI
 SYSTEMS
  • 2. A little bit about me… • Currently • Chief Technology Officer at Aroki Systems (https://aroki.com ) • Associate Director of the Encrypted Systems Lab at Brown University • Visiting Scientist at Brown University • Background • PhD in Computer Science with a focus on Encrypted Search • Some of my Projects: • Pixek - an e2e encrypted Photo App (https://pixek.com) • Clusion - an open source Encrypted Search Java Library 2
  • 3. 3
  • 5. Why so Few? 5 “…because it would have hurt Yahoo’s ability to index and search message data…” — J. Bonforte in NY Times Cost?Incompetence? Lazyness? Aroki Systems https://aroki.com
  • 6. Once Upon a Time: No Encryption Memory App !6 TLS Full disk encryption Disk Adversary can see decrypted information in RAM Transparent database encryption Current Situation Aroki Systems https://aroki.com
  • 7. Once Upon a Time: No Encryption Memory App !7 Disk Adversary sees nothing (Almost) Utopian Situation Aroki Systems https://aroki.com
  • 8. Q:can we search on encrypted data? 8Aroki Systems https://aroki.com
  • 11. Cryptographic Building Blocks 11 Property-Preserving Encryption (PPE) Fully-Homomorphic Encryption (FHE) Functional Encryption (FE) Oblivious RAM (ORAM) Structured Encryption (STE) Aroki Systems https://aroki.com
  • 13. Evolution from 2000-2019 13 Property-Preserving Encryption (PPE) Oblivious RAM (ORAM) Structured Encryption (STE) DET‘06 OPE‘09 OPE proofs‘11 CryptDB‘12 MS Always Enc‘15 PPE attacks‘15 Snapshot PPE‘16 ORAM‘92 Tree-based ORAM ‘12 SSE‘00 Efficient SSE‘06 STE‘10 Boolean SSE’13 OXT; BlindSeer’14 SQL’17 Inference attacks’12 Path ORAM‘13 Volume attacks ‘19 OblivP2P‘16 CS2’12 Clusion; OpenSSE’16 Distribution-Hiding PPE‘18
  • 14. Q:what is property-preserving encryption? 14Aroki Systems https://aroki.com
  • 15. Property-Preserving Encryption (PPE) Maintains a well-defined relation between the original data •equality, order, orthogonality, prefix etc 15 Deterministic encryption [BBN06] =plaintext plaintext =Z2hqc2Rh Z2hqc2Rh Order preserving encryption [BCLO09] <16 20 <6372 18974 Prefix preserving encryption [BBKN01] ⎕Secure Security b2trbSxkZg b2trbSxkZgj2Rh⎕ Aroki Systems https://aroki.com
  • 16. PPE-based Encrypted Search Encryption 16 Employee Age Salary Sam 35 120K Lilly 30 135K Harry 35 135K HR Employees Table Deterministic Encryption Employee Age Salary eXR5bmR Z2hqc2Rh cHF1ZmJk d2Vyd3Nl bHdrdWV5 aGV5ZGJz ZGZzZGV Z2hqc2Rh aGV5ZGJz Encrypted HR Employees Table Aroki Systems https://aroki.com
  • 17. PPE-based Encrypted Search Search 17 SELECT * FROM Employees Where Salary = 135k Q = Q Employee Age Salary eXR5bmR Z2hqc2Rh cHF1ZmJk d2Vyd3Nl bHdrdWV5 aGV5ZGJz ZGZzZGV Z2hqc2Rh aGV5ZGJz Encrypted HR Employees Table SELECT * FROM Employees Where Salary = aGV5ZGJz Q = Deterministic Encryption Aroki Systems https://aroki.com
  • 18. • Legacy-friendliness • No changes to backends • (Almost) Zero overhead • Only encryption and decryption added to the client-side processing • High functionality • DTE and OPE enable the evaluation of complex queries 18 But what about security? PPE-based Encrypted Search Pros & Cons Aroki Systems https://aroki.com
  • 19. Adversarial Models in Encrypted Search Background 19 Snapshot Adversaries Take (multiple) snapshot(s) of the encrypted data •Device theft Persistent Adversaries Observe the entire state of the database including searches and updates •Machine compromise •Malicious host Active Adversaries Are persistent adversaries that CAN deviate from the protocol •File injection
  • 20. PPE Security Snapshot Adversary 20 PPE attacks Inference Attacks [NKW15] • sorting attack • Cumulative attack ‘15 ‘16 ’17 ‘18 Extension 2 of Inference Attacks [GSNBR17] • non-crossing attack • w/ non-ideal OPE leakage attack • known plaintext/ciphertext attacks Extension 1 of Inference Attacks [DDC16] • inter-column correlation attack • intra+inter-column correlation attack • leakage attacks Extension 3 of Inference Attacks [BGCRS18] • non-crossing attack • w/ non-ideal OPE leakage attack • known plaintext/ciphertext attacks Up to 100% of data recovery in the weakest adversarial model Aroki Systems https://aroki.com
  • 21. Q:what is structured encryption? 21Aroki Systems https://aroki.com
  • 22. Structured Encryption (STE) [CK10] DS EDS Setup 1k, DSEDS, Token , qtk tk Query tk, EDSans ans !22Aroki Systems https://aroki.com
  • 23. Setup 1k, DSEDS, Token , qtk Query tk, EDSans !23 DS EDS tk ans Structured Encryption (STE) [CK10] Setup Leakage
 LS Query Leakage
 LQ
  • 24. 24 File collection File1 File2 File3 File4 File5 File6 data crypto cryptosecurity data data data privacy privacy crypto data security privacy crypto File1 File3 File4 File6 File2 File4 File5 File2 File3 File6 Inverted index STE-based Encrypted Search Instance Aroki Systems https://aroki.com
  • 25. 25 STE-based Encrypted Search Instance STE 
 encryption data security privacy crypto File1 File3 File4 File6 File2 File4 File5 File2 File3 File6 Aroki Systems https://aroki.com
  • 26. 26 STE-based Encrypted Search Instance “data”Q = tk Think of the token as solution to a maze STE encryption “pt1”, “pt2”, “pt3", “pt4”tk = Aroki Systems https://aroki.com
  • 27. • (Almost) Zero overhead • Optimal search • High functionality • Exact, range and Boolean search • Legacy-friendliness • Recently solved - was unsolved for almost 20 years 27 But what about security? STE-based Encrypted Search Pros & Cons Aroki Systems https://aroki.com
  • 28. STE Security Snapshot Adversary 28 Encrypted data structure No query 1st query 2nd query … Aroki Systems https://aroki.com
  • 29. STE Security Persistent Adversary 29 Encrypted data structure No query 1st query 2nd query … Note that the adversary does not learn the content, but the memory locations Aroki Systems https://aroki.com
  • 30. STE Cryptanalysis 30 STE attacks Snapshot adversary ‘20 No known attack STE attacks Persistent adversary ‘12 IKK attack [IKK12] • Requires 95% knowledge of the user data ‘15 Count attack [CGPR15] • Requires 80% knowledge of the user data ‘16 Range attack [KKNO16] • Distribution assumptions STE attacks Active adversary ‘16 File injection [ZKP16] Query recovery - no data recovery
  • 31. Tradeoffs: Performance vs. Security 31 Performance STE/SSE-based PPE-based FHE-based ORAM-based skFE-based pkFE-based Leakage Aroki Systems https://aroki.com
  • 32. Tradeoffs: Functionality vs. Performance 32 SK-FE-based STE/SSE-based PPE-based FHE-based ORAM-based PK-FE-based Performance Functionality Aroki Systems https://aroki.com
  • 33. Q:can encrypted search be deployed? 33Aroki Systems https://aroki.com
  • 34. Why Isn’t Encrypted Search Deployed? 34
  • 35. End-to-End Encryption Messaging / Video 35 messaging video Aroki Systems https://aroki.com
  • 36. Q: what about databases? 36Aroki Systems https://aroki.com
  • 37. 37 PPE-based Always Encrypted End-to-End Encryption Databases STE-based (coming soon) AROKI
 SYSTEMS Aroki Systems https://aroki.com PPE-based + Trusted hardware 2019