Showing papers by "Seny Kamara published in 2011"

Searchable symmetric encryption: Improved definitions and efficient constructions

Abstract: Searchable symmetric encryption SSE allows a party to outsource the storage of his data to another party in a private manner, while maintaining the ability to selectively search over it. This problem has been the focus of active research and several security definitions and constructions have been proposed. In this paper we begin by reviewing existing notions of security and propose new and stronger security definitions. We then present two constructions that we show secure under our new definitions. Interestingly, in addition to satisfying stronger security guarantees, our constructions are more efficient than all previous constructions.Further, prior work on SSE only considered the setting where only the owner of the data is capable of submitting search queries. We consider the natural extension where an arbitrary group of parties other than the owner can submit search queries. We formally define SSE in this multi-user setting, and present an efficient construction.

Outsourcing Multi-Party Computation.

Abstract: We initiate the study of secure multi-party computation (MPC) in a server-aided setting, where the parties have access to a single server that (1) does not have any input to the computation; (2) does not receive any output from the computation; but (3) has a vast (but bounded) amount of computational resources. In this setting, we are concerned with designing protocols that minimize the computation of the parties at the expense of the server. We develop new definitions of security for this server-aided setting that generalize the standard simulation-based definitions for MPC and allow us to formally capture the existence of dishonest but non-colluding participants. This requires us to introduce a formal characterization of non-colluding adversaries that may be of independent interest. We then design general and special-purpose server-aided MPC protocols that are more efficient (in terms of computation and communication) for the parties than the alternative of running a standard MPC protocol (i.e., without the server). Our main general-purpose protocol provides security when there is at least one honest party with input. We also construct a new and efficient server-aided protocol for private set intersection and give a general transformation from any secure delegated computation scheme to a server-aided two-party protocol. ∗Microsoft Research. senyk@microsoft.com. †University of Calgary. pmohassel@cspc.ucalgary.ca. Work done while visiting Microsoft Research. ‡Columbia University. mariana@cs.columbia.edu. Work done as an intern at Microsoft Research.

CS2: A Searchable Cryptographic Cloud Storage System

Abstract: Cloud storage provides a highly available, easily accessible and inexpensive remote data repository to clients who cannot afford to maintain their own storage infrastructure While many applications of cloud storage require security guarantees against the cloud provider (eg, storage of high-impact business data or medical records), most services cannot guarantee that the provider will not see or modify client data This is largely because the current approaches for providing security (eg, encryption and digital signatures) diminish the utility and/or performance of cloud storage This paper presents CS2, a cryptographic cloud storage system that guarantees confidentiality, integrity and verifiability without sacrificing utility In particular, while CS2 provides security against the cloud provider, clients are still able not only to efficiently access their data through a search interface but also to add and delete files securely The CS2 system is based on new highly-efficient and provably-secure cryptographic primitives and protocols In particular, we (1) construct the first searchable symmetric encryption scheme that is adaptively secure, dynamic and achieves sub-linear search time; (2) introduce and construct search authenticators (which allow a client to efficiently verify the correctness of search operations); and (3) design an efficient and dynamic proof of data possession scheme Based in part on our new constructions, we propose two cryptographic protocols for cloud storage which we prove secure in the ideal/real-world paradigm The first protocol implements standard keyword search Our second protocol implements what we refer to as assisted keyword search, where a user performs a keyword search, sees a summary of the results and asks for a subset of these results Experimental results from an implementation of CS2 over both simulated and real-world data sets demonstrate that all operations achieve practical performance

Dynamic symmetric searchable encryption

Abstract: Described herein is an efficient, dynamic Symmetric Searchable Encryption (SSE) scheme. A client computing device includes a plurality of files and a dictionary of keywords. An index is generated that indicates, for each keyword and each file, whether a file includes a respective keyword. The index is encrypted and transmitted (with encryptions of the files) to a remote repository. The index is dynamically updateable at the remote repository, and can be utilized to search for files that include keywords in the dictionary without providing the remote repository with information that identifies content of the file or the keyword.

Server-aided multi-party protocols

Abstract: The disclosed architecture employs techniques that make secure multi-party computation (MPC) practical and scalable. In support of utilizing cloud computing, for example, for evaluating functionality, a third party server can be employed which does not have any input to the computation and does not receive any output from the computation, yet has a vast amount of computational resources. Accordingly, the secure MPC architecture can outsource as much as possible of the computation and communications burden of the parties without the server(s) learning any information about the party inputs.

Structured Encryption and Controlled Disclosure.

Abstract: We consider the problem of encrypting structured data (e.g., a web graph or a social network) in such a way that it can be efficiently and privately queried. For this purpose, we introduce the notion of structured encryption which generalizes previous work on symmetric searchable encryption (SSE) to the setting of arbitrarily-structured data. In the context of cloud storage, structured encryption allows a client to encrypt data without losing the ability to query and retrieve it efficiently. Another application, which we introduce in this work, is to the problem of controlled disclosure, where a data owner wishes to grant access to only part of a massive dataset. We propose a model for structured encryption, a formal security definition and several efficient constructions. We present schemes for performing queries on two simple types of structured data, specifically lookup queries on matrix-structured data, and search queries on labeled data. We then show how these can be used to construct efficient schemes for encrypting graph data while allowing for efficient neighbor and adjacency queries. Finally, we consider data that exhibits a more complex structure such as labeled graph data (e.g., web graphs). We show how to encrypt this type of data in order to perform focused subgraph queries, which are used in several web search algorithms. Our construction is based on our labeled data and basic graph encryption schemes and provides insight into how several simpler algorithms can be combined to generate an efficient scheme for more complex queries.

Parallel Homomorphic Encryption.

Abstract: In the problem of private outsourced computation, a client wishes to delegate the evaluation of a function f on a private input x to an untrusted worker without the latter learning anything about x and f(x). This problem occurs in many applications and, most notably, in the setting of cloud computing. In this work, we consider the problem of privately outsourcing computation to a cluster of machines, which typically happens when the computation is to be performed over massive datasets, e.g., to analyze large social networks or train machine learning algorithms on large corpora. At such scales, computation is beyond the capabilities of any single machine so it is performed by large-scale clusters of workers. We address this problem by introducing the notion of parallel homomorphic encryption (PHE) schemes, which are encryption schemes that support computation over encrypted data via evaluation algorithms that can be efficiently executed in parallel. We also consider delegated PHE schemes which, in addition, can hide the function being evaluated. More concretely, we focus on the MapReduce model of parallel computation and show how to construct PHE schemes that can support various MapReduce operations on encrypted datasets including element testing and keyword search. More generally, we construct schemes that can support the evaluation of functions in NC with locality 1 and m = polylog(k) (where k is the security parameter). Underlying our PHE schemes are two new constructions of (local) randomized reductions (Beaver and Feigenbaum, STACS ′90) for univariate and multivariate polynomials. Unlike previous constructions, our reductions are not based on secret sharing and are fully-hiding in the sense that the privacy of the input is guaranteed even if the adversary sees all the client’s queries. Our randomized reduction for univariate polynomials is information-theoretically secure and is based on permutation polynomials, whereas our reduction for multivariate polynomials is computationallysecure under the multi-dimensional noisy curve reconstruction assumption (Ishai, Kushilevitz, Ostrovsky, Sahai, FOCS ’06 ).