Motivated by privacy and usability requirements in various scenarios where existing cryptographic tools (like secure multi-party computation and functional encryption) are not adequate, we introduce a new cryptographi...
详细信息
ISBN:
(纸本)9781450329576
Motivated by privacy and usability requirements in various scenarios where existing cryptographic tools (like secure multi-party computation and functional encryption) are not adequate, we introduce a new cryptographic tool called Controlled Functional Encryption (C-FE). As in functional encryption, C-FE allows a user (client) to learn only certain functions of encrypted data, using keys obtained from an authority. However, we allow (and require) the client to send a fresh key request to the authority every time it wants to evaluate a function on a ciphertext. We obtain efficient solutions by carefully combining CCA2 secure public-key encryption (or rerandomizable RCCA secure public-key encryption, depending on the nature of security desired) with Yao's garbled circuit. Our main contributions in this work include developing and formally defining the notion of C-FE;designing theoretical and practical constructions of C-FE schemes achieving these definitions for specific and general classes of functions;and evaluating the performance of our constructions on various application scenarios.
To mitigate security concerns of outsourced databases, quite a few protocols have been proposed that outsource data in encrypted format and allow encrypted query execution on the server side. Among the more practical ...
详细信息
ISBN:
(纸本)9781450322782
To mitigate security concerns of outsourced databases, quite a few protocols have been proposed that outsource data in encrypted format and allow encrypted query execution on the server side. Among the more practical protocols, the "bucketization" approach facilitates query execution at the cost of reduced efficiency by allowing some false positives in the query results. Precise Query Protocols (PQPs), on the other hand, enable the server to execute queries without incurring any false positives. Even though these protocols do not reveal the underlying data, they reveal query access pattern to an adversary. In this paper, we introduce a general attack on PQPs based on access pattern disclosure in the context of secure range queries. Our empirical analysis on several real world datasets shows that the proposed attack is able to disclose significant amount of sensitive data with high accuracy provided that the attacker has reasonable amount of background knowledge. We further demonstrate that a slight variation of such an attack can also be used on imprecise protocols (e.g., bucketization) to disclose significant amount of sensitive information. Copyright 2014 acm.
SNOOP is an adaptive middleware for secure multi-party computations (SMC). It combines support for secure multi- party computations, encryption, public key infrastructure (PKI), certificates, and certificate authoriti...
详细信息
ISBN:
(纸本)9781450332323
SNOOP is an adaptive middleware for secure multi-party computations (SMC). It combines support for secure multi- party computations, encryption, public key infrastructure (PKI), certificates, and certificate authorities (CA). It is used to perform statistical analysis of electronic health record (EHR) data. EHR data are typically located at different general practices and hospitals. SNOOP and the deployment of SNOOP applications have to take into consideration legal, security and privacy issues involved in statistical analysis of such data. SNOOP tries to support a wide range of possible SMC algorithms and computing graphs. It pro- vides high-level programming abstractions that adapt to the current run-time environment at deploy time. Contracts are provided to match the application requirements with avail- Able run-time functionality and requirements. Copyright 2014 acm.
OAuth 2.0 protocol has enjoyed wide adoption by Online Social Network (OSN) providers since its inception. Although the security guideline of OAuth 2.0 is well discussed in RFC6749 and RFC6819, many real-world attacks...
详细信息
The process of encrypting data for Cloud services is usually presented two ways. The data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-c...
详细信息
ISBN:
(纸本)9781450322782
The process of encrypting data for Cloud services is usually presented two ways. The data owner can encrypt it themselves or rely on the service provider to do so. On one hand, we have significant security, but high-complexity. On the other, we have ease of use, but limited protection. This false choice leads to data going unprotected as customers throw up their hands. There is a better way. In this keynote, we'll discuss a middle ground that improves upon the standard use cases using Barbican, an open-source key manager created by Rackspace for the OpenStack Cloud.
暂无评论