Outsourced Private Information Retrieval with Pricing and Access Control

Huang, Yizhou

15 May 2013

We propose a scheme for outsourcing Private Information Retrieval (PIR) to untrusted servers while protecting the privacy of the database owner as well as that of the database clients. We observe that by layering PIR on top of an Oblivious RAM (ORAM) data layout, we provide the ability for the database owner to perform private writes, while database clients can perform private reads from the database even while the owner is offline. We can also enforce pricing and access control on a per-record basis for these reads. This extends the usual ORAM model by allowing multiple database readers without requiring trusted hardware; indeed, almost all of the computation in our scheme during reads is performed by untrusted cloud servers. Built on top of a simple ORAM protocol, we implement a real system as a proof of concept. Our system privately updates a 1 MB record in a 16 GB database with an average end-to-end overhead of 1.22 seconds and answers a PIR query within 3.5 seconds over a 2 GB database. We make an observation that the database owner can always conduct a private read as an ordinary database client, and the private write protocol does not have to provide a "read" functionality as a standard ORAM protocol does. Based on this observation, we propose a second construction with the same privacy guarantee, but much faster. We also implement a real system for this construction, which privately writes a 1 MB record in a 1 TB database with an amortized end-to-end response time of 313 ms. Our first construction demonstrates the fact that a standard ORAM protocol can be used for outsourcing PIR computations in a privacy-friendly manner, while our second construction shows that an ad-hoc modification of the standard ORAM protocol is possible for our purpose and allows more efficient record updates.

Privacy Enhancing Technology

Applied Cryptography

Computer Science

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

Clark, Jeremy

January 2011

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest.

electronic voting

applied cryptography

Computer Science

Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections

Clark, Jeremy

January 2011

End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest.

electronic voting

applied cryptography

Computer Science

Outsourced Private Information Retrieval with Pricing and Access Control

Huang, Yizhou

15 May 2013

We propose a scheme for outsourcing Private Information Retrieval (PIR) to untrusted servers while protecting the privacy of the database owner as well as that of the database clients. We observe that by layering PIR on top of an Oblivious RAM (ORAM) data layout, we provide the ability for the database owner to perform private writes, while database clients can perform private reads from the database even while the owner is offline. We can also enforce pricing and access control on a per-record basis for these reads. This extends the usual ORAM model by allowing multiple database readers without requiring trusted hardware; indeed, almost all of the computation in our scheme during reads is performed by untrusted cloud servers. Built on top of a simple ORAM protocol, we implement a real system as a proof of concept. Our system privately updates a 1 MB record in a 16 GB database with an average end-to-end overhead of 1.22 seconds and answers a PIR query within 3.5 seconds over a 2 GB database. We make an observation that the database owner can always conduct a private read as an ordinary database client, and the private write protocol does not have to provide a "read" functionality as a standard ORAM protocol does. Based on this observation, we propose a second construction with the same privacy guarantee, but much faster. We also implement a real system for this construction, which privately writes a 1 MB record in a 1 TB database with an amortized end-to-end response time of 313 ms. Our first construction demonstrates the fact that a standard ORAM protocol can be used for outsourcing PIR computations in a privacy-friendly manner, while our second construction shows that an ad-hoc modification of the standard ORAM protocol is possible for our purpose and allows more efficient record updates.

Privacy Enhancing Technology

Applied Cryptography

Computer Science

Cryptographic End-to-end Verification for Real-world Elections

Essex, Aleksander

January 2012

In this dissertation we study the problem of making electronic voting trustworthy through the use of cryptographic end-to-end (E2E) audits. In particular, we present a series of novel proposals for cryptographic election verification with a focus on real-world practicality. We begin by outlining fundamental requirements of E2E election verification, important properties for a real-world settings, and provide a review of previous and concurrent related work. Our research results are then presented across three parts. In the first part we examine how E2E election verification can be made more procedurally familiar to real-world voters and election administrators. We propose and implement an E2E add-on for conventional optical-scan based voting systems, and highlight our experiences running an election using this system in a United States municipality. In the second part we examine how E2E election verification can be made more conceptually and procedurally simple for election verifiers/auditors. We present a non-cryptographic E2E system based on physical document security assumptions as an educational tool. We extend this system to a cryptographic setting to show how the procedures of cryptographic election verification can be completed with relatively tiny software code bases, or by using common-place programs such as a desktop spreadsheet. We then present an approach that allows verifiers to conduct cryptographic audits without having to plan for it prior to an election. In the third part we examine how the methods in the first part can be extended to provide a level of privacy/distribution of trust similar to that of classical cryptographic voting protocols, while maintaining the (comparatively) intuitive optical-scan interface. To that end, we propose a novel paradigm for secure distributed document printing that allows optical-scan ballots to be printed in a way that still lets voters check their ballots have been counted, while keeping their voting preferences secret from election officials and everyone else. Finally we outline how the results obtained in each of the three parts can be combined to create a cryptographically end-to-end verifiable voting system that simultaneously offers a conventional optical-scan ballot, ballot secrecy assured by a distribution of trust, and a simple, cryptographically austere set of audit procedures.

computer science

security

applied cryptography

trustworthy elections

Computer Science

Cryptographic End-to-end Verification for Real-world Elections

Essex, Aleksander

January 2012

In this dissertation we study the problem of making electronic voting trustworthy through the use of cryptographic end-to-end (E2E) audits. In particular, we present a series of novel proposals for cryptographic election verification with a focus on real-world practicality. We begin by outlining fundamental requirements of E2E election verification, important properties for a real-world settings, and provide a review of previous and concurrent related work. Our research results are then presented across three parts. In the first part we examine how E2E election verification can be made more procedurally familiar to real-world voters and election administrators. We propose and implement an E2E add-on for conventional optical-scan based voting systems, and highlight our experiences running an election using this system in a United States municipality. In the second part we examine how E2E election verification can be made more conceptually and procedurally simple for election verifiers/auditors. We present a non-cryptographic E2E system based on physical document security assumptions as an educational tool. We extend this system to a cryptographic setting to show how the procedures of cryptographic election verification can be completed with relatively tiny software code bases, or by using common-place programs such as a desktop spreadsheet. We then present an approach that allows verifiers to conduct cryptographic audits without having to plan for it prior to an election. In the third part we examine how the methods in the first part can be extended to provide a level of privacy/distribution of trust similar to that of classical cryptographic voting protocols, while maintaining the (comparatively) intuitive optical-scan interface. To that end, we propose a novel paradigm for secure distributed document printing that allows optical-scan ballots to be printed in a way that still lets voters check their ballots have been counted, while keeping their voting preferences secret from election officials and everyone else. Finally we outline how the results obtained in each of the three parts can be combined to create a cryptographically end-to-end verifiable voting system that simultaneously offers a conventional optical-scan ballot, ballot secrecy assured by a distribution of trust, and a simple, cryptographically austere set of audit procedures.

computer science

security

applied cryptography

trustworthy elections

Computer Science

Privacy and Authentication in Emerging Network Applications

Li, He

07 January 2021

In this dissertation, we studied and addressed the privacy-preserving and authentication techniques for some network applications, where existing internet security solutions cannot address them straightforwardly due to different trust and attack models and possibly constrained resources. For example, in a centralized dynamic spectrum access (DSA) system, the spectrum resource licensees called incumbent users (IUs), have strong operational privacy requirements for the DSA service provider called spectrum access system (SAS), and hence SAS is required to perform spectrum computation without knowing IUs' operational information. This means SAS can at most be considered as a semi-trusted party which is honest but curious, and common anonymization and end-to-end encryption cannot address this issue, and dedicated solutions are required. Another example is that in an intra-vehicle Controller Area Network (CAN), the transmitter can only embed 64 bits of message and its authentication tag into on message frame, which makes it difficult to achieve message authentication in real-time with sufficient cryptographic strength. The focus of this dissertation is to fill the gap of existing solutions with stronger security notion and practicability. On the topic of privacy-preserving DSA systems, we firstly explored existing solutions and proposed a comparative study. We additionally proposed a new metric for evaluation and showed the advantages and disadvantages of existing solutions. We secondly studied the IU location privacy in 3.5GHz band ESC-based DSA system and proposed a novel scheme called PriDSA. PriDSA addresses malicious colluding SAS attack model through leveraging different and relatively lightweight cryptography primitive with novel design, granting stronger security notion and improved efficiency as well. We thirdly studied the operational privacy of both IU and secondary users (SUs) in a general centralized SAS based DSA system and proposed a novel framework called PeDSS. Through our novel design that integrates differential privacy with secure multi-party computation protocol, PeDSS exhibits great communication and computation overhead compared to existing solutions. On the topic of lightweight message authentication in resource-constrained networks, we firstly explored message authentication schemes with high cryptographic strength and low communication-overhead and proposed a novel scheme called CuMAC. CuMAC provides a flexible trade-off between authentication delay and cryptographic strength, through the embodiment of a novel concept that we refer to as accumulation of cryptographic strength. We secondly explored the possibility of achieving both high cryptographic strength and low authentication delay and proposed a variant of CuMAC called CuMAC/S. By employing the novel idea of message speculation, CuMAC/S achieves enables the accumulation of cryptographic strength while incurring minimal delay when the message speculation accuracy is high. / Doctor of Philosophy / The privacy-preserving and message authentication issues of some network applications are distinctive from common internet security due to different attack models and possibly constrained resources, and these security and privacy concerns cannot be addressed by applying existing internet security solutions straightforwardly. For example, in a centralized dynamic spectrum access (DSA) system, the spectrum resource licensees called incumbent users (IUs), have strong operational privacy requirements for the DSA service provider called spectrum access system (SAS), and hence SAS is required to perform spectrum computation without knowing IUs' operational information. This means SAS can at most be considered as a semi-trusted party which is honest but curious, and common anonymization and end-to-end encryption cannot address this issue, and dedicated solutions are required. Another example is that in an intra-vehicle Controller Area Network (CAN), the transmitter can only embed 64 bits of message and its authentication tag into on message frame, which makes it difficult to achieve message authentication in real-time with sufficient cryptographic strength. We addressed the privacy issue of DSA systems by proposing novel schemes incorporating efficient cryptographic primitives and various privacy-preserving techniques, achieving a greatly higher efficiency or stronger privacy-preserving level. We addressed the lightweight authentication issue of resource-constrained networks by employing the novel concept of security accumulation and message speculation, achieving high cryptographic strength, low communication overhead, and probable low latency.

privacy-preserving technologies

dynamic spectrum sharing

lightweight authentication

applied cryptography.

Side Channel Leakage Analysis - Detection, Exploitation and Quantification

Ye, Xin

27 January 2015

Nearly twenty years ago the discovery of side channel attacks has warned the world that security is more than just a mathematical problem. Serious considerations need to be placed on the implementation and its physical media. Nowadays the ever-growing ubiquitous computing calls for in-pace development of security solutions. Although the physical security has attracted increasing public attention, side channel security remains as a problem that is far from being completely solved. An important problem is how much expertise is required by a side channel adversary. The essential interest is to explore whether detailed knowledge about implementation and leakage model are indispensable for a successful side channel attack. If such knowledge is not a prerequisite, attacks can be mounted by even inexperienced adversaries. Hence the threat from physical observables may be underestimated. Another urgent problem is how to secure a cryptographic system in the exposure of unavoidable leakage. Although many countermeasures have been developed, their effectiveness pends empirical verification and the side channel security needs to be evaluated systematically. The research in this dissertation focuses on two topics, leakage-model independent side channel analysis and security evaluation, which are described from three perspectives: leakage detection, exploitation and quantification. To free side channel analysis from the complicated procedure of leakage modeling, an observation to observation comparison approach is proposed. Several attacks presented in this work follow this approach. They exhibit efficient leakage detection and exploitation under various leakage models and implementations. More importantly, this achievement no longer relies on or even requires precise leakage modeling. For the security evaluation, a weak maximum likelihood approach is proposed. It provides a quantification of the loss of full key security due to the presence of side channel leakage. A constructive algorithm is developed following this approach. The algorithm can be used by security lab to measure the leakage resilience. It can also be used by a side channel adversary to determine whether limited side channel information suffices the full key recovery at affordable expense.

Side Channel Analysis

Leakage Analysis

Applied Cryptography

Embedded System Security Evaluation

GROUP KEY SCHEMES FOR SECURITY IN MOBILE AD HOC NETWORKS

Li, Depeng

06 April 2010

In dynamic peer group communications, security has been in high demand by many applications in recent years. One of the more popular mechanisms to satisfy these security requirements is the group key scheme in which the group key is to be shared by each group communication participant. However, how to establish and manage the group key efficiently in order to protect such communications imposes new challenges - especially when such schemes are to be deployed on resource-limited networks such as Mobile Ad hoc Networks (MANETs). The basic needs of such network settings require that the group key schemes must demonstrate not only high performance but also fault-tolerance. Furthermore, to encrypt group communication messages efficiently is essential. Therefore, it is anticipated that the contributions of this thesis will address the development of lightweight and high performance key management protocols for group communications while guaranteeing the same level of security as other approaches. These contributions are listed below: First, two efficient individual rekey schemes, in which most group members process one-way hash functions and other members perform Diffie-Hellman operations, are proposed to obtain performance efficiency. Second, a periodic batch rekey scheme is proposed to handle the out-of-sync problem resulting from individual rekeying schemes in cases where there is a high rate of group member requests for joining/leaving. Third, scalable maximum matching algorithms (M2) are designed to incorporate a tree-based group key generation scheme to forward the partial keys to other group members. Fourth, a hybrid group key management architecture is proposed as well to combine the advantages of centralized and contributory group key schemes. Fifth, a Fast Encryption Algorithm for Multimedia (FEA-M) is enhanced to overcome the vulnerabilities of its original solution and its former improved variant. Performance analyses and experimental results indicate that the proposed approaches reduce computational costs and communication overhead as compared to other popular protocols.

contributory group communication

group key agreement

applied cryptography

wireless network communication

security technology

Algorithmes de recherche sur bases de données chiffrées / Searchable encryption : new constructions of encrypted databases

Bost, Raphaël

08 January 2018

La recherche sur les bases de données chiffrées vise à rendre efficace une tâche apparemment simple : déléguer le stockage de données à un serveur qui ne serait pas de confiance, tout en conservant des fonctionnalités de recherche. Avec le développement des services de stockage dans le Cloud, destinés aussi bien aux entreprises qu'aux individus, la mise au point de solutions efficaces à ce problème est essentielle pour permettre leur déploiement à large échelle. Le principal problème de la recherche sur bases de données chiffrées est qu'un schéma avec une sécurité ''parfaite'' implique un surcoût en termes de calcul et de communication qui serait inacceptable pour des fournisseurs de services sur le Cloud ou pour les utilisateurs - tout du moins avec les technologies actuelles. Cette thèse propose et étudie de nouvelles notions de sécurité et de nouvelles constructions de bases de données chiffrées permettant des recherches efficaces et sûres. En particulier, nous considérons la confidentialité persistante et la confidentialité future de ces bases de données, ce que ces notions impliquent en termes de sécurité et d'efficacité, et comment les réaliser. Ensuite, nous montrons comment protéger les utilisateurs de bases de données chiffrées contre des attaques actives de la part du serveur hébergeant la base, et que ces protections ont un coût inévitable. Enfin, nous étudions les attaques existantes contre ces bases de données chiffrées et comment les éviter. / Searchable encryption aims at making efficient a seemingly easy task: outsourcing the storage of a database to an untrusted server, while keeping search features. With the development of Cloud storage services, for both private individuals and businesses, efficiency of searchable encryption became crucial: inefficient constructions would not be deployed on a large scale because they would not be usable. The key problem with searchable encryption is that any construction achieving ''perfect security'' induces a computational or a communicational overhead that is unacceptable for the providers or for the users --- at least with current techniques and by today's standards. This thesis proposes and studies new security notions and new constructions of searchable encryption, aiming at making it more efficient and more secure. In particular, we start by considering the forward and backward privacy of searchable encryption schemes, what it implies in terms of security and efficiency, and how we can realize them. Then, we show how to protect an encrypted database user against active attacks by the Cloud provider, and that such protections have an inherent efficiency cost. Finally, we take a look at existing attacks against searchable encryption, and explain how we might thwart them.

Cryptographie appliquée

Sécurité prouvée

Bases de données chiffrées

Applied Cryptography

Provable Cryptography

Searchable Encryption