SlideShare a Scribd company logo

Searching Encrypted Cloud Data: Academia and Industry Done Right

Skyhigh Networks
Skyhigh Networks

There are two worlds of crypto-development: industry and academia. Leading researcher Sasha Boldyreva shares her experience on how the two can have a mutually-beneficial collaboration through her work with Skyhigh Networks.

Technology
1 of 61
Download to read offline
Searching Encrypted Cloud Data: Case Study on Academia + Industry (Done Right) Alexandra (Sasha) Boldyreva School of Computer Science in the College of Computing Georgia Institute of Technology
Academia TWO WORLDS OF CRYPTO DEVELOPMENT Industry
TWO WORLDS OF CRYPTO DEVELOPMENT Academia Industry Ø   Why  are  the  two  worlds  so  disjointed?   Ø   Is  this  unavoidable?  
TWO WORLDS, A CLOSER LOOK: ACADEMIA Priorities in protocol design Ø  Competitiveness Ø  Can be published Ø  Novel Ø  Non-trivial, uses interesting ideas Ø  Provably-secure Ø  Uses novel useful technics Ø  Has impact on future research
TWO WORLDS, A CLOSER LOOK: INDUSTRY Priorities in protocol design Ø  Competitiveness Ø  Can be sold Ø  Novel Ø  Useful Ø  Very efficient Ø  Legislation compliant Ø  Resists obvious attacks
TWO WORLDS, A CLOSER LOOK Priorities in protocol design – Let’s highlight the most importance differences: ACADEMIA   INDUSTRY   Ø  Novel Ø  Non-trivial, uses interesting ideas Ø  Provably-secure Ø  Uses novel useful technics Ø  Has impact on future research   Ø  Novel Ø  Useful Ø  Very efficient Ø  Legislation compliant Ø  Resists obvious attacks
TWO WORLDS, A CLOSER LOOK ACADEMIA   INDUSTRY   Ø  Public Ø  Complex Ø  Not very efficient Ø  Rarely used Ø  Provably-secure (provide security guarantees)   Ø  Often proprietary Ø  Simpler Ø  Very efficient Ø  Solve real problems Ø  Used Ø  Security is not well understood They lead to differences in schemes’ common properties …
TWO WORLDS, A CLOSER LOOK How academics view crypto products from the industry …. Prac88oners  should  not  design  crypto   schemes  as  they  cannot  prove  their   schemes  secure.  They  should  use  our   schemes.  
TWO WORLDS, A CLOSER LOOK Provable security is a great methodology that allows us to have schemes with security guarantees. However, Ø  the definitions (and proofs) are very often hard to understand and judge how do they “match” reality; Ø  it is hard to have schemes which are provably-secure under well- studied assumptions for strong definitions and are efficient.
TWO WORLDS, A CLOSER LOOK How practitioners view the work produced by academia … Academics  do  not  understand  what  is  needed   in  prac8ce.  What  they  call  “efficient”  and   “prac8cal”  are  not.  Their  papers  are  hard  to   understand.  Strong  security  is  a  hassle.    
TWO WORLDS, A CLOSER LOOK
TWO WORLDS, CAN THEY WORK TOGETHER?
TWO WORLDS, CAN THEY WORK TOGETHER? This  is  possible!  
REAL-LIFE SUCCESS STORY Crypto researchers
WHAT IS SKYHIGH?
PRODUCT OVERVIEW Skyhigh Networks' product allows customers to use the existing cloud service providers with added security and without losing functionality, e.g. search. Employ Ø  symmetric searchable encryption (can search for encrypted keyword or sort encrypted data), Ø  format-preserving encryption Ø  …
831 services used by an enterprise on average CLOUD USE GROWING RAPIDLY
SECURITY CONCERNS INHIBITING USE
INDUSTRY TURNS TO ENCRYPTION
IMPORTANT CONSIDERATIONS ① Which  schemes  do  we  employ  and  how  do  we  shepherd  an  algorithm   from  concep8on  to  deployment?     ② How  do  we  op8mize  cryptographic  schemes  without  invalida8ng  their   security  proofs?     ③ In  what  situa8ons  is  it  appropriate  to  trade  security  for  func8onality  in  a   piece  of  commercial  soJware?       These  ques8ons  must  be  answered  before  a  new  algorithm  reaches  a  customer.    
GENERAL CONCERNS WITH ENCRYPTION No secure coding guidelines - hard to know what is acceptable and when Fighting misinformation in the market •  Consumers don’t understand security/usability tradeoffs •  They expect full security and full functionality for their data Weighing tradeoffs between security and functionality •  When is it appropriate to have a weakened security guarantee •  For what kinds of data?
THE START OF GREAT COLLABORATION Skyhigh reached out to me, as I was actively working on protocols for efficiently-searchable encryption.
MY WORK ON SEARCHABLE ENCRYPTION Georgios  Amana8dis   Nathan  CheneOe   Younho  Lee   Adam  O’Neill   Joint  effort  with  my  colleagues:  
CLOUD STORAGE •  A.k.a.  Database-­‐as-­‐a-­‐Service   •  Server  efficiently  responds  to  client’s  queries/updates   •  Query  efficiency:  search  8me  sub-­‐linear  in  database  size   •  Query  func8onality:  exact-­‐match,  range,  error-­‐tolerant  (fuzzy),…   Cloud  Server  (database)   Client   ($35k, rec1) ($50k, rec2) ($68k, rec3) ($72k, rec4) ($95k, rec5) ExactMatch($68k) ($68k, rec3)
CLOUD STORAGE Cloud  Server  (database)   Client   ($35k, rec1) ($50k, rec2) ($68k, rec3) ($72k, rec4) ($95k, rec5) Range($40k, $68k) {($50k, rec2)($68k, rec3)} •  A.k.a.  Database-­‐as-­‐a-­‐Service   •  Server  efficiently  responds  to  client’s  queries/updates   •  Query  efficiency:  search  8me  sub-­‐linear  in  database  size   •  Query  func8onality:  exact-­‐match,  range,  error-­‐tolerant  (fuzzy),…  
CLOUD STORAGE Cloud  Server  (database)   Client   ($35k, rec1) ($50k, rec2) ($68k, rec3) ($72k, rec4) ($95k, rec5) Fuzzy($70k) {($68k, rec3)($72k, rec4)} •  A.k.a.  Database-­‐as-­‐a-­‐Service   •  Server  efficiently  responds  to  client’s  queries/updates   •  Query  efficiency:  search  8me  sub-­‐linear  in  database  size   •  Query  func8onality:  exact-­‐match,  range,  error-­‐tolerant  (fuzzy),…  
SECURE CLOUD STORAGE: GOALS Three  goals:  security,  efficiency,  func8onality   Secure  Cloud  Server   (encrypted  database)   Client   (EncK ($72k), rec4) (EncK ($68k), rec3) (EncK ($95k), rec5) (EncK ($35k), rec1) (EncK ($50k), rec2) Security   searchable  data  is  symmetrically   encrypted   Efficiency   server  responds  to  query  in  sub-­‐ linear  8me   Func8onality   various  query  types,  data   updates,  …  
EFFICIENT SEARCHABLE ENCRYPTION ¡  The  study  of  schemes  balancing  these  goals  is  efficient  searchable   encryp8on  (ESE)   §  Cryptographic  efforts  oJen  focus  on  strong  security   §  Prac88oners  wonder:  how  much  security  is  possible  without  sacrificing   efficient  func8onality?   ¡  Efficiency,  security,  and   func8onality  are  at  odds   §  E.g.,  strong  encryp8on  requires   linear  search  8me  
PAST RESULTS IN SEARCHABLE SYMMETRIC ENCRYPTION Security   Efficiency   Func8onality   Oblivious  RAM  [GO96]   Excellent   Imprac8cal   All  query  types   Fully  homomorphic  encryp8on  [G09]   Excellent   Imprac8cal     All  query  types     Exact-­‐match  SSE   [SLDHJ10,GO96,G09,33,CM05]   Great   Linear+   Exact-­‐match   Exact-­‐match  SSE   [CGKO06,SWP00,KO12]   Great   Sub-­‐linear   Exact-­‐match   No  dynamic  updates   Range-­‐query  SSE  [BW07]   Great   Linear+   Range   Prefix-­‐preserving  encryp8on   [KIK12,BBKN01,XFAM02]   Vulnerable   Sub-­‐linear   Range;  specialized   implementa8on   Order-­‐preserving  encryp8on  [AKSX04]   Undefined/ Unknown   Sub-­‐linear   Range;  simple  to  implement     Efficient  fuzzy-­‐searchable  encryp8on   [KIK12]   Undefined/ Unknown   Sub-­‐linear   Error-­‐tolerant  
OUR GOALS Provide  provably-­‐secure  solu8ons  for  suppor8ng  efficient   (sublinear)   Ø exact-­‐match     Ø range   Ø error-­‐tolerant     search  on  encrypted  data  
OUR RESULTS Provide  provably-­‐secure  solu8ons  for  suppor8ng  efficient   (sublinear)   •  exact-­‐match:  efficiently-­‐searchable  encryp8on  [ABO07],     •  range:  order-­‐preserving  encryp8on  (OPE)  [BCLO09,BCO11],   •  error-­‐tolerant:  fuzzy-­‐searchable  encryp8on  [BC14]   search  on  encrypted  data  
ORDER-PRESERVING ENCRYPTION
ORDER-PRESERVING ENCRYPTION (OPE) A  symmetric  encryp8on  scheme  is  order-­‐preserving  if  encryp8on  is   determinis8c  and  strictly  increasing.   Example  OPE  func8on   for   K $ KeyGen EncK (·) plaintexts   ciphertexts  
ORDER-PRESERVING ENCRYPTION (OPE) A  symmetric  encryp8on  scheme  is  order-­‐preserving  if  encryp8on  is   determinis8c  and  strictly  increasing.   Example  OPE  func8on   for   K $ KeyGen EncK (·) m1m0 EncK (m0) EncK (m1)
ORIGINS OF OPE Ø OPE  has  a  long  history  in  the  form  of  one-­‐part  codes.   Ø In  a  one-­‐part  code,  code  words  and  transla8ons  have  the  same  order   Ø To  encrypt  or  decrypt  requires  only  a  single  look-­‐up  table     Ø More  recently,  [AKSX04]  suggested  OPE  as  a  protocol  to  support  range   queries  for  secure  cloud  storage.  
EFFICIENT RANGE QUERIES VIA OPE •  Range  query  support  is  effortless  using  OPE  [AKSX04]     •  Can  we  make  it  secure?   •  Actually…  how  to  even  define  security?   Client   Server   (encrypted  database)   (EncK ($35k), rec1) (EncK ($50k), rec2) (EncK ($68k), rec3) (EncK ($72k), rec4) (EncK ($95k), rec5) Range($40k, $68k) Range(EncK ($40k), EncK ($68k)) {(EncK ($50k), rec2) , (EncK ($68k), rec3)}
OPE SECURITY MODEL
TOWARDS OPE SECURITY MODEL • OPE  cannot  be  IND-­‐CPA  because  it  is  determinis8c.   • We  have  to  weaken  IND-­‐CPA  defini8on.  
ATTEMPT  #1: IND-DISTINCTCPA •  What  if  equality  paOerns  of  LEFT  and  RIGHT  queries  must  match?   •  Suitable  for  determinis8c  encryp8on   •  S8ll  unachievable  by  an  OPE  scheme,  because  order  is  leaked!   LEFT   L  oracle   (M0,M1)   EK(M0)   A   b   RIGHT   R  oracle   (M0,M1)   EK(M1)   A   b   M0    M0   M1   M1   EK(Mb)   EK(Mb)   LEFT   RIGHT   Ciphertexts   Query  pairs   EK(Mb)  EK(Mb)   Guess  b  =  1   *   *   *   *   Guess  b  =  0  
ATTEMPT #2: IND-ORDEREDCPA •  What  if  order  paOerns  of  LEFT  and  RIGHT  queries  must  match?   LEFT   (M0,M1)   EK(M0)   A   b   RIGHT   (M0,M1)   EK(M1)   A   b   LEFT   RIGHT   Ciphertexts   Query  pairs   M0   M0   M0   M0   M1   M1   M1   M1   M1   EK(Mb)   EK(Mb)   EK(Mb)   EK(Mb)   Not  allowed!   M0   2   2   2   3   3   3   4   4   4   1   1   1   5   5   L  oracle   R  oracle  
ATTEMPT #2: IND-ORDEREDCPA •  In  fact,  there  is  s8ll  a  general  aOack  against  any  OPE  scheme[BCLO09].   •  Demonstrates  that  OPE  must  leak  rela8ve  distance  of  plaintexts.  
A DIFFERENT APPROACH TO SECURITY • Instead  of  trying  to  relax  IND-­‐CPA  further,  we  take  an  approach   similar  to  PRF   • Require  that  an  OPE  is  indis8nguishable  from  an  “ideal”  object,   namely  a  random  order-­‐preserving  func8on  (ROPF).  
POPF-SECURITY We  call  an  OPE  scheme  PseudorandomOPF-­‐secure  if  no  efficient   adversary  can  output  1  with  no8ceably  different  probabili8es  between   the  two  experiments.  
SECURE OPE CONSTRUCTION
TOWARD A CONSTRUCTION • It  is  not  immediately  clear  how  the  regular  building  block,  a   blockcipher,  helps.   • Solu8on:  combinatorics  and  sta8s8cs!  
OPFS AND COMBINATIONS Ø Observa8on:  There  is  a  bijec8on  between  the  set  of  OPFs  from  [M]  to  [N]  and   the  set  of  M-­‐out-­‐of-­‐N  combina8ons.   Ø Example:  
THE NHGD CONNECTION Ø This  value  follows  the  nega8ve  hypergeometric  distribu8on  (NHGD)  on   parameters:  range  [N],  domain  [M],  index  i.   Ø Assume  we  have  an  efficient  way  to  sample  NHGD.   Pr [NHGD([N], [M], i) = c] = c 1 i 1 N c M i N M Lazy-­‐sampling  a  POPF  on  a   message  i   (domain  [M],  range  [N])   ≅ Lazy-­‐sampling  the  ith  largest  element  of  a   (pseudo)random  M-­‐element  subset  of  [N].  
SINGLE-POINT LAZY SAMPLING Example  of  lazy-­‐sampling  a  single  point:   2   3   4   1   5   6   7   8   9   1   2   3   4   5   plaintexts   ciphertexts   ?   Domain  [5],  range  [9].   To  encrypt  only  i  =  3:  sample   NHGD([9],[5],3).  Suppose  the   outcome  is  6.     This  occurs  with  probability   {?,?,6,?,?}   (incomplete)   OPF       and  specifies  the  (incomplete)  5-­‐element   subset   ?   Pr [NHGD([9], [5], 3) = 6] = 5 2 3 2 9 5 ⇡ 0.24
MULTI-POINT LAZY-SAMPLING Ø For  the  func8on  to  be  determinis8c  and  order-­‐preserving,  lazy-­‐sampling   must  take  into  account  “exis8ng”  points  when  selec8ng  new  points.   Ø An  inefficient  method  would  be  to  remember  every  exis8ng  point  and   adjust  further  sampling  parameters  accordingly.   Ø But  to  make  our  eventual  scheme  stateless,  we  will  instead  take  a  binary   search  approach.   Ø For  now,  assume  a  state  consis8ng  of  pre-­‐determined  random  coins  (bitstrings)   r1,r2,…,rM  and  consider  this  as  the  key  to  our  scheme  
LAZY-SAMPLING EXAMPLE 2   3   4   1   5   6   7   8   9   1   2   3   4   5   6   7   10   11   12   13   14   15   16   ?   NHGD([16],[7],4;r4)  →  10   NHGD([9],[3],2;r2)  →  5   NHGD({6,7,8,9},{3},3;r3)  →  6   Encrypt  “3”   ?   ?   ?   ?   2   3   4   1   5   6   7   8   9   1   2   3   4   5   6   7   10   11   12   13   14   15   16   ?   ?   Under  coins  r1,r2,…,rM:   NHGD([16],[7],4;r4)  →  10   NHGD([9],[3],2;r2)  →  5   NHGD([4],{1},1;r3)  →  2   Encrypt  “1”   2   3   4   1   5   6   7   8   9   1   2   3   4   5   6   7   10   11   12   13   14   15   16   ?  
REMARKS ON LAZY-SAMPLING No8ce  that     Ø Given  random  fixed  coins  for  NHGD,  we  will  lazily  construct  a  (pseudo)random   OPF   Ø Each  encryp8on  uses  at  most  log2(M)  calls  to  the  NHGD  sampler   Ø Efficiency:  log2(M)  ·∙  tNHGD   Ø The  state  consists  only  of  the  coins  r1,r2,…,rM  
REMOVING THE STATE Instead  of  storing  the  random  coins,  we  use  a  pseudorandom   func8on  (PRF)  that  takes  as  input  the  parameters  to  NHGD.   The  secret  key  to  our  scheme  is  just  the  key  K  to  the  blockcipher   NHGD(D1,R1,x1;      )   PRFK(D1,R1,x1)   r1   r1     NHGD(D2,R2,x2;      )   PRFK(D2,R2,x2)   r2   r2   NHGD(D3,R3,x3;      )  r3   PRFK(D3,R3,x3)   r3  
MOVE TO HYPERGEOMETRIC Ø There  does  not  seem  to  be  an  efficient  NHGD  algorithm.  !   Ø Instead  we  use  a  related  distribu8on:  Hypergeometric  Distribu8on   (HGD),  which  can  be  sampled  efficiently  [KS85].   Ø It  describes  how  many  members  of  a  random  M-­‐set  are  less   than  value  y,  for  1  ≤  y  ≤  N   Ø HGD  can  be  used  if  we  slightly  modify  the  algorithms.   Ø This  gives  rise  to  a  POPF-­‐secure  OPE.  ☺   Ø Efficiency  is  the  same,  log  M  ·∙  tHGD  ,  on  average.  
RECAP OF OPE Ø Appropriate  defini8on  of  security:  POPF   Ø Our  later  study  [BCO11]  helped  to  clarify  security  leakage  of  POPF.   Ø POPF-­‐secure  OPE  construc8on  via  lazy-­‐sampling  on  the  HGD   distribu8on.  
COLLABORATION AT A GLANCE
GREAT COLLABORATION AT A GLANCE Skyhigh and myself had numerous fruitful discussions. I was incredibly pleased with their approach and questions. Ø  They valued and wanted to understand provable security, and wanted to employ provably secure schemes. Ø  They asked great questions and listened. Ø  They think open source is a must. Ø  They read academic papers and attended academic conferences. Ø  They hired the Advisory board of crypto experts. Ø  They managed to make us think. Ø  They managed to spark new research projects.
CHALLENGES WITH DEPLOYING OPE Speed  of  algorithm   •  HGD  sampling  means  un-­‐op8mized  implementa8on  is  very  slow.     •  Op8miza8on  required  extensive  use  of  low-­‐level  floa8ng  point  libraries  to  speed  up  HGD  sampling   Ciphertext  length   •  Padding  is  required  to  preserve  lexicographic  orders.  Padding  plaintexts  also  means  the  ciphertexts  are  long.     Need  to  fix  input  and  output  lengths  in  advance   •  No  known  secure  way  to  use  OPE  like  a  block  cipher   •  Makes  using  OPE  for  different  types  of  data  (longer/shorter)  difficult   What  order  is  preserved?   •  Lexicographic?  Numeric?  Alphabe8c?  ASCII-­‐be8c?     •  Different  orderings  require  different  func8ons  to  encode  input  as  integers  before  encryp8on   •  Needs  to  be  the  same  order  as  cloud  applica8on,  but  different  apps  could  have  different  orderings    
MORE CHALLENGES Ø  Tradeoff of security for functionality Ø  Everybody wants to search everything, all the time. Ø  Can’t have great security at the same time. Ø  What security level is appropriate? Ø  How to explain to customers the security they are getting? Ø  May be easier for exact-match queries. However, Ø  When is frequency analysis an appropriate risk? Ø  For what data? Ø  Non-trivial for OPE New  research   project   White  paper  
MORE CHALLENGES Ø  Granularity of exact-match search Ø  Encrypt every word? Every line? Every paragraph? What is appropriate tradeoff of usability for security? Ø  If OPE can be stateful, can we improve efficiency? New  research   project  
CRYPTO ADVISORY BOARD ESTABLISHED IN 2014 Crypto-Advisory Board
CONCLUSIONS Ø  Industry and academia can be friends Ø  It’s good to have new friends

Recommended

Big Analytics Without Big Hassles 04/10/14 Webinar
Big Analytics Without Big Hassles 04/10/14 WebinarBig Analytics Without Big Hassles 04/10/14 Webinar
Big Analytics Without Big Hassles 04/10/14 WebinarParadigm4Inc
 
Chris Nicholson, CEO Skymind at The AI Conference
Chris Nicholson, CEO Skymind at The AI Conference Chris Nicholson, CEO Skymind at The AI Conference
Chris Nicholson, CEO Skymind at The AI Conference MLconf
 
DDS-Security Interoperability Demo - December 2017
DDS-Security Interoperability Demo - December 2017DDS-Security Interoperability Demo - December 2017
DDS-Security Interoperability Demo - December 2017Gerardo Pardo-Castellote
 
Listening at the Cocktail Party with Deep Neural Networks and TensorFlow
Listening at the Cocktail Party with Deep Neural Networks and TensorFlowListening at the Cocktail Party with Deep Neural Networks and TensorFlow
Listening at the Cocktail Party with Deep Neural Networks and TensorFlowDatabricks
 
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017MLconf
 
Optimizing Application Architecture (.NET/Java topics)
Optimizing Application Architecture (.NET/Java topics)Optimizing Application Architecture (.NET/Java topics)
Optimizing Application Architecture (.NET/Java topics)Ravi Okade
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Oracle Cloud Infrastructure (OCI)
Oracle Cloud Infrastructure (OCI)Oracle Cloud Infrastructure (OCI)
Oracle Cloud Infrastructure (OCI)emmajones88
 

Recommended

Big Analytics Without Big Hassles 04/10/14 Webinar
Big Analytics Without Big Hassles 04/10/14 WebinarBig Analytics Without Big Hassles 04/10/14 Webinar
Big Analytics Without Big Hassles 04/10/14 WebinarParadigm4Inc
 
Chris Nicholson, CEO Skymind at The AI Conference
Chris Nicholson, CEO Skymind at The AI Conference Chris Nicholson, CEO Skymind at The AI Conference
Chris Nicholson, CEO Skymind at The AI Conference MLconf
 
DDS-Security Interoperability Demo - December 2017
DDS-Security Interoperability Demo - December 2017DDS-Security Interoperability Demo - December 2017
DDS-Security Interoperability Demo - December 2017Gerardo Pardo-Castellote
 
Listening at the Cocktail Party with Deep Neural Networks and TensorFlow
Listening at the Cocktail Party with Deep Neural Networks and TensorFlowListening at the Cocktail Party with Deep Neural Networks and TensorFlow
Listening at the Cocktail Party with Deep Neural Networks and TensorFlowDatabricks
 
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017
Qiaoling Liu, Lead Data Scientist, CareerBuilder at MLconf ATL 2017MLconf
 
Optimizing Application Architecture (.NET/Java topics)
Optimizing Application Architecture (.NET/Java topics)Optimizing Application Architecture (.NET/Java topics)
Optimizing Application Architecture (.NET/Java topics)Ravi Okade
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Oracle Cloud Infrastructure (OCI)
Oracle Cloud Infrastructure (OCI)Oracle Cloud Infrastructure (OCI)
Oracle Cloud Infrastructure (OCI)emmajones88
 
The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the WebSkyhigh Networks
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudSkyhigh Networks
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachSkyhigh Networks
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloudn|u - The Open Security Community
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...IEEEFINALSEMSTUDENTPROJECTS
 
Synopsis_kamlesh
Synopsis_kamleshSynopsis_kamlesh
Synopsis_kamleshKAMLESH HINGWE
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud EncryptionRituparnaNag
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - FranticMiika Puputti
 
Cloud Security Alliance - Guidance
Cloud Security Alliance - GuidanceCloud Security Alliance - Guidance
Cloud Security Alliance - GuidanceSubra Kumaraswamy CISSP CISM
 
Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it allMichelle Brush
 
Evolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceEvolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceAdrian Cockcroft
 
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...IRJET Journal
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search overIEEEFINALSEMSTUDENTPROJECTS
 
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Clustrix
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in CloudIRJET Journal
 
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataA Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataIRJET Journal
 

More Related Content

Viewers also liked

The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudSkyhigh Networks
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015Skyhigh Networks
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachSkyhigh Networks
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaSkyhigh Networks
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...Skyhigh Networks
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...IEEEFINALSEMSTUDENTPROJECTS
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouSkyhigh Networks
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseSkyhigh Networks
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Pushpa
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - FranticMiika Puputti
 

Viewers also liked (15)

The Dark Side of the Web
The Dark Side of the WebThe Dark Side of the Web
The Dark Side of the Web
 
The 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the CloudThe 80-20 Rule for Data in the Cloud
The 80-20 Rule for Data in the Cloud
 
State of the Cloud in 2015
State of the Cloud in 2015State of the Cloud in 2015
State of the Cloud in 2015
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data Breach
 
The Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and SequoiaThe Cloud in 2015: Predictions from Greylock and Sequoia
The Cloud in 2015: Predictions from Greylock and Sequoia
 
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
The Cloud Economy: 11 Essential Trends About How Companies Connect to Each Ot...
 
Encrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted CloudEncrypted Databases for Untrusted Cloud
Encrypted Databases for Untrusted Cloud
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Web image re ranking using query-spe...
 
Synopsis_kamlesh
Synopsis_kamleshSynopsis_kamlesh
Synopsis_kamlesh
 
How to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink YouHow to Find Security Breaches Before They Sink You
How to Find Security Breaches Before They Sink You
 
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the EnterpriseThe Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
The Quiet Revolution: 12 Must-Know Statistics on Cloud Usage in the Enterprise
 
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
Presentation on cloud computing security issues using HADOOP and HDFS ARCHITE...
 
Cloud Encryption
Cloud EncryptionCloud Encryption
Cloud Encryption
 
Internet of things - Frantic
Internet of things - FranticInternet of things - Frantic
Internet of things - Frantic
 
Cloud Security Alliance - Guidance
Cloud Security Alliance - GuidanceCloud Security Alliance - Guidance
Cloud Security Alliance - Guidance
 

Similar to Searching Encrypted Cloud Data: Academia and Industry Done Right

Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it allMichelle Brush
 
Evolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceEvolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceAdrian Cockcroft
 
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...IRJET Journal
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search overIEEEFINALSEMSTUDENTPROJECTS
 
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Clustrix
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in CloudIRJET Journal
 
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataA Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataIRJET Journal
 
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEEMEMTECHSTUDENTPROJECTS
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! elangovans
 
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...Amazon Web Services
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)Odinot Stanislas
 
C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...
C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...
C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...DataStax Academy
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET Journal
 
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...ScyllaDB
 
HiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentationHiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentationVEDLIoT Project
 
IRJET- Integrity Verification and Attribute based Encryption for Cloud Storage
IRJET- Integrity Verification and Attribute based Encryption for Cloud StorageIRJET- Integrity Verification and Attribute based Encryption for Cloud Storage
IRJET- Integrity Verification and Attribute based Encryption for Cloud StorageIRJET Journal
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...IRJET Journal
 
Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017
Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017
Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017Amazon Web Services
 
AWS Sydney Summit 2013 - Big Data Analytics
AWS Sydney Summit 2013 - Big Data AnalyticsAWS Sydney Summit 2013 - Big Data Analytics
AWS Sydney Summit 2013 - Big Data AnalyticsAmazon Web Services
 

Similar to Searching Encrypted Cloud Data: Academia and Industry Done Right (20)

Let's not rewrite it all
Let's not rewrite it allLet's not rewrite it all
Let's not rewrite it all
 
Evolution of Microservices - Craft Conference
Evolution of Microservices - Craft ConferenceEvolution of Microservices - Craft Conference
Evolution of Microservices - Craft Conference
 
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
IRJET- A Survey on Searching of Keyword on Encrypted Data in Cloud using ...
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
 
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?Benchmark Showdown: Which Relational Database is the Fastest on AWS?
Benchmark Showdown: Which Relational Database is the Fastest on AWS?
 
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
IRJET - Efficient and Verifiable Queries over Encrypted Data in Cloud
 
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud DataA Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
A Secure and Dynamic Multi Keyword Ranked Search over Encrypted Cloud Data
 
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
 
Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers! Horizontal Scaling for Millions of Customers!
Horizontal Scaling for Millions of Customers!
 
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)
 
C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...
C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...
C* Summit 2013: Real-time Analytics using Cassandra, Spark and Shark by Evan ...
 
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
IRJET- A Key-Policy Attribute based Temporary Keyword Search Scheme for S...
 
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
Scylla Summit 2022: Building Zeotap's Privacy Compliant Customer Data Platfor...
 
HiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentationHiPEAC-CSW 2022_Pedro Trancoso presentation
HiPEAC-CSW 2022_Pedro Trancoso presentation
 
IRJET- Integrity Verification and Attribute based Encryption for Cloud Storage
IRJET- Integrity Verification and Attribute based Encryption for Cloud StorageIRJET- Integrity Verification and Attribute based Encryption for Cloud Storage
IRJET- Integrity Verification and Attribute based Encryption for Cloud Storage
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
Sharing Secured Scalable Data in Cloud Environment Using Key Aggregate Crypto...
 
Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017
Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017
Tooling Up for Efficiency: DIY Solutions @ Netflix - ABD319 - re:Invent 2017
 
AWS Sydney Summit 2013 - Big Data Analytics
AWS Sydney Summit 2013 - Big Data AnalyticsAWS Sydney Summit 2013 - Big Data Analytics
AWS Sydney Summit 2013 - Big Data Analytics
 

Recently uploaded

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Searching Encrypted Cloud Data: Academia and Industry Done Right

  • 1. Searching Encrypted Cloud Data: Case Study on Academia + Industry (Done Right) Alexandra (Sasha) Boldyreva School of Computer Science in the College of Computing Georgia Institute of Technology
  • 2. Academia TWO WORLDS OF CRYPTO DEVELOPMENT Industry
  • 3. TWO WORLDS OF CRYPTO DEVELOPMENT Academia Industry Ø   Why  are  the  two  worlds  so  disjointed?   Ø   Is  this  unavoidable?  
  • 4. TWO WORLDS, A CLOSER LOOK: ACADEMIA Priorities in protocol design Ø  Competitiveness Ø  Can be published Ø  Novel Ø  Non-trivial, uses interesting ideas Ø  Provably-secure Ø  Uses novel useful technics Ø  Has impact on future research
  • 5. TWO WORLDS, A CLOSER LOOK: INDUSTRY Priorities in protocol design Ø  Competitiveness Ø  Can be sold Ø  Novel Ø  Useful Ø  Very efficient Ø  Legislation compliant Ø  Resists obvious attacks
  • 6. TWO WORLDS, A CLOSER LOOK Priorities in protocol design – Let’s highlight the most importance differences: ACADEMIA   INDUSTRY   Ø  Novel Ø  Non-trivial, uses interesting ideas Ø  Provably-secure Ø  Uses novel useful technics Ø  Has impact on future research   Ø  Novel Ø  Useful Ø  Very efficient Ø  Legislation compliant Ø  Resists obvious attacks
  • 7. TWO WORLDS, A CLOSER LOOK ACADEMIA   INDUSTRY   Ø  Public Ø  Complex Ø  Not very efficient Ø  Rarely used Ø  Provably-secure (provide security guarantees)   Ø  Often proprietary Ø  Simpler Ø  Very efficient Ø  Solve real problems Ø  Used Ø  Security is not well understood They lead to differences in schemes’ common properties …
  • 8. TWO WORLDS, A CLOSER LOOK How academics view crypto products from the industry …. Prac88oners  should  not  design  crypto   schemes  as  they  cannot  prove  their   schemes  secure.  They  should  use  our   schemes.  
  • 9. TWO WORLDS, A CLOSER LOOK Provable security is a great methodology that allows us to have schemes with security guarantees. However, Ø  the definitions (and proofs) are very often hard to understand and judge how do they “match” reality; Ø  it is hard to have schemes which are provably-secure under well- studied assumptions for strong definitions and are efficient.
  • 10. TWO WORLDS, A CLOSER LOOK How practitioners view the work produced by academia … Academics  do  not  understand  what  is  needed   in  prac8ce.  What  they  call  “efficient”  and   “prac8cal”  are  not.  Their  papers  are  hard  to   understand.  Strong  security  is  a  hassle.    
  • 11. TWO WORLDS, A CLOSER LOOK
  • 12. TWO WORLDS, CAN THEY WORK TOGETHER?
  • 13. TWO WORLDS, CAN THEY WORK TOGETHER? This  is  possible!  
  • 16. PRODUCT OVERVIEW Skyhigh Networks' product allows customers to use the existing cloud service providers with added security and without losing functionality, e.g. search. Employ Ø  symmetric searchable encryption (can search for encrypted keyword or sort encrypted data), Ø  format-preserving encryption Ø  …
  • 17. 831 services used by an enterprise on average CLOUD USE GROWING RAPIDLY
  • 19. INDUSTRY TURNS TO ENCRYPTION
  • 20. IMPORTANT CONSIDERATIONS ① Which  schemes  do  we  employ  and  how  do  we  shepherd  an  algorithm   from  concep8on  to  deployment?     ② How  do  we  op8mize  cryptographic  schemes  without  invalida8ng  their   security  proofs?     ③ In  what  situa8ons  is  it  appropriate  to  trade  security  for  func8onality  in  a   piece  of  commercial  soJware?       These  ques8ons  must  be  answered  before  a  new  algorithm  reaches  a  customer.    
  • 21. GENERAL CONCERNS WITH ENCRYPTION No secure coding guidelines - hard to know what is acceptable and when Fighting misinformation in the market •  Consumers don’t understand security/usability tradeoffs •  They expect full security and full functionality for their data Weighing tradeoffs between security and functionality •  When is it appropriate to have a weakened security guarantee •  For what kinds of data?
  • 22. THE START OF GREAT COLLABORATION Skyhigh reached out to me, as I was actively working on protocols for efficiently-searchable encryption.
  • 23. MY WORK ON SEARCHABLE ENCRYPTION Georgios  Amana8dis   Nathan  CheneOe   Younho  Lee   Adam  O’Neill   Joint  effort  with  my  colleagues:  
  • 24. CLOUD STORAGE •  A.k.a.  Database-­‐as-­‐a-­‐Service   •  Server  efficiently  responds  to  client’s  queries/updates   •  Query  efficiency:  search  8me  sub-­‐linear  in  database  size   •  Query  func8onality:  exact-­‐match,  range,  error-­‐tolerant  (fuzzy),…   Cloud  Server  (database)   Client   ($35k, rec1) ($50k, rec2) ($68k, rec3) ($72k, rec4) ($95k, rec5) ExactMatch($68k) ($68k, rec3)
  • 25. CLOUD STORAGE Cloud  Server  (database)   Client   ($35k, rec1) ($50k, rec2) ($68k, rec3) ($72k, rec4) ($95k, rec5) Range($40k, $68k) {($50k, rec2)($68k, rec3)} •  A.k.a.  Database-­‐as-­‐a-­‐Service   •  Server  efficiently  responds  to  client’s  queries/updates   •  Query  efficiency:  search  8me  sub-­‐linear  in  database  size   •  Query  func8onality:  exact-­‐match,  range,  error-­‐tolerant  (fuzzy),…  
  • 26. CLOUD STORAGE Cloud  Server  (database)   Client   ($35k, rec1) ($50k, rec2) ($68k, rec3) ($72k, rec4) ($95k, rec5) Fuzzy($70k) {($68k, rec3)($72k, rec4)} •  A.k.a.  Database-­‐as-­‐a-­‐Service   •  Server  efficiently  responds  to  client’s  queries/updates   •  Query  efficiency:  search  8me  sub-­‐linear  in  database  size   •  Query  func8onality:  exact-­‐match,  range,  error-­‐tolerant  (fuzzy),…  
  • 27. SECURE CLOUD STORAGE: GOALS Three  goals:  security,  efficiency,  func8onality   Secure  Cloud  Server   (encrypted  database)   Client   (EncK ($72k), rec4) (EncK ($68k), rec3) (EncK ($95k), rec5) (EncK ($35k), rec1) (EncK ($50k), rec2) Security   searchable  data  is  symmetrically   encrypted   Efficiency   server  responds  to  query  in  sub-­‐ linear  8me   Func8onality   various  query  types,  data   updates,  …  
  • 28. EFFICIENT SEARCHABLE ENCRYPTION ¡  The  study  of  schemes  balancing  these  goals  is  efficient  searchable   encryp8on  (ESE)   §  Cryptographic  efforts  oJen  focus  on  strong  security   §  Prac88oners  wonder:  how  much  security  is  possible  without  sacrificing   efficient  func8onality?   ¡  Efficiency,  security,  and   func8onality  are  at  odds   §  E.g.,  strong  encryp8on  requires   linear  search  8me  
  • 29. PAST RESULTS IN SEARCHABLE SYMMETRIC ENCRYPTION Security   Efficiency   Func8onality   Oblivious  RAM  [GO96]   Excellent   Imprac8cal   All  query  types   Fully  homomorphic  encryp8on  [G09]   Excellent   Imprac8cal     All  query  types     Exact-­‐match  SSE   [SLDHJ10,GO96,G09,33,CM05]   Great   Linear+   Exact-­‐match   Exact-­‐match  SSE   [CGKO06,SWP00,KO12]   Great   Sub-­‐linear   Exact-­‐match   No  dynamic  updates   Range-­‐query  SSE  [BW07]   Great   Linear+   Range   Prefix-­‐preserving  encryp8on   [KIK12,BBKN01,XFAM02]   Vulnerable   Sub-­‐linear   Range;  specialized   implementa8on   Order-­‐preserving  encryp8on  [AKSX04]   Undefined/ Unknown   Sub-­‐linear   Range;  simple  to  implement     Efficient  fuzzy-­‐searchable  encryp8on   [KIK12]   Undefined/ Unknown   Sub-­‐linear   Error-­‐tolerant  
  • 30. OUR GOALS Provide  provably-­‐secure  solu8ons  for  suppor8ng  efficient   (sublinear)   Ø exact-­‐match     Ø range   Ø error-­‐tolerant     search  on  encrypted  data  
  • 31. OUR RESULTS Provide  provably-­‐secure  solu8ons  for  suppor8ng  efficient   (sublinear)   •  exact-­‐match:  efficiently-­‐searchable  encryp8on  [ABO07],     •  range:  order-­‐preserving  encryp8on  (OPE)  [BCLO09,BCO11],   •  error-­‐tolerant:  fuzzy-­‐searchable  encryp8on  [BC14]   search  on  encrypted  data  
  • 33. ORDER-PRESERVING ENCRYPTION (OPE) A  symmetric  encryp8on  scheme  is  order-­‐preserving  if  encryp8on  is   determinis8c  and  strictly  increasing.   Example  OPE  func8on   for   K $ KeyGen EncK (·) plaintexts   ciphertexts  
  • 34. ORDER-PRESERVING ENCRYPTION (OPE) A  symmetric  encryp8on  scheme  is  order-­‐preserving  if  encryp8on  is   determinis8c  and  strictly  increasing.   Example  OPE  func8on   for   K $ KeyGen EncK (·) m1m0 EncK (m0) EncK (m1)
  • 35. ORIGINS OF OPE Ø OPE  has  a  long  history  in  the  form  of  one-­‐part  codes.   Ø In  a  one-­‐part  code,  code  words  and  transla8ons  have  the  same  order   Ø To  encrypt  or  decrypt  requires  only  a  single  look-­‐up  table     Ø More  recently,  [AKSX04]  suggested  OPE  as  a  protocol  to  support  range   queries  for  secure  cloud  storage.  
  • 36. EFFICIENT RANGE QUERIES VIA OPE •  Range  query  support  is  effortless  using  OPE  [AKSX04]     •  Can  we  make  it  secure?   •  Actually…  how  to  even  define  security?   Client   Server   (encrypted  database)   (EncK ($35k), rec1) (EncK ($50k), rec2) (EncK ($68k), rec3) (EncK ($72k), rec4) (EncK ($95k), rec5) Range($40k, $68k) Range(EncK ($40k), EncK ($68k)) {(EncK ($50k), rec2) , (EncK ($68k), rec3)}
  • 38. TOWARDS OPE SECURITY MODEL • OPE  cannot  be  IND-­‐CPA  because  it  is  determinis8c.   • We  have  to  weaken  IND-­‐CPA  defini8on.  
  • 39. ATTEMPT  #1: IND-DISTINCTCPA •  What  if  equality  paOerns  of  LEFT  and  RIGHT  queries  must  match?   •  Suitable  for  determinis8c  encryp8on   •  S8ll  unachievable  by  an  OPE  scheme,  because  order  is  leaked!   LEFT   L  oracle   (M0,M1)   EK(M0)   A   b   RIGHT   R  oracle   (M0,M1)   EK(M1)   A   b   M0    M0   M1   M1   EK(Mb)   EK(Mb)   LEFT   RIGHT   Ciphertexts   Query  pairs   EK(Mb)  EK(Mb)   Guess  b  =  1   *   *   *   *   Guess  b  =  0  
  • 40. ATTEMPT #2: IND-ORDEREDCPA •  What  if  order  paOerns  of  LEFT  and  RIGHT  queries  must  match?   LEFT   (M0,M1)   EK(M0)   A   b   RIGHT   (M0,M1)   EK(M1)   A   b   LEFT   RIGHT   Ciphertexts   Query  pairs   M0   M0   M0   M0   M1   M1   M1   M1   M1   EK(Mb)   EK(Mb)   EK(Mb)   EK(Mb)   Not  allowed!   M0   2   2   2   3   3   3   4   4   4   1   1   1   5   5   L  oracle   R  oracle  
  • 41. ATTEMPT #2: IND-ORDEREDCPA •  In  fact,  there  is  s8ll  a  general  aOack  against  any  OPE  scheme[BCLO09].   •  Demonstrates  that  OPE  must  leak  rela8ve  distance  of  plaintexts.  
  • 42. A DIFFERENT APPROACH TO SECURITY • Instead  of  trying  to  relax  IND-­‐CPA  further,  we  take  an  approach   similar  to  PRF   • Require  that  an  OPE  is  indis8nguishable  from  an  “ideal”  object,   namely  a  random  order-­‐preserving  func8on  (ROPF).  
  • 43. POPF-SECURITY We  call  an  OPE  scheme  PseudorandomOPF-­‐secure  if  no  efficient   adversary  can  output  1  with  no8ceably  different  probabili8es  between   the  two  experiments.  
  • 45. TOWARD A CONSTRUCTION • It  is  not  immediately  clear  how  the  regular  building  block,  a   blockcipher,  helps.   • Solu8on:  combinatorics  and  sta8s8cs!  
  • 46. OPFS AND COMBINATIONS Ø Observa8on:  There  is  a  bijec8on  between  the  set  of  OPFs  from  [M]  to  [N]  and   the  set  of  M-­‐out-­‐of-­‐N  combina8ons.   Ø Example:  
  • 47. THE NHGD CONNECTION Ø This  value  follows  the  nega8ve  hypergeometric  distribu8on  (NHGD)  on   parameters:  range  [N],  domain  [M],  index  i.   Ø Assume  we  have  an  efficient  way  to  sample  NHGD.   Pr [NHGD([N], [M], i) = c] = c 1 i 1 N c M i N M Lazy-­‐sampling  a  POPF  on  a   message  i   (domain  [M],  range  [N])   ≅ Lazy-­‐sampling  the  ith  largest  element  of  a   (pseudo)random  M-­‐element  subset  of  [N].  
  • 48. SINGLE-POINT LAZY SAMPLING Example  of  lazy-­‐sampling  a  single  point:   2   3   4   1   5   6   7   8   9   1   2   3   4   5   plaintexts   ciphertexts   ?   Domain  [5],  range  [9].   To  encrypt  only  i  =  3:  sample   NHGD([9],[5],3).  Suppose  the   outcome  is  6.     This  occurs  with  probability   {?,?,6,?,?}   (incomplete)   OPF       and  specifies  the  (incomplete)  5-­‐element   subset   ?   Pr [NHGD([9], [5], 3) = 6] = 5 2 3 2 9 5 ⇡ 0.24
  • 49. MULTI-POINT LAZY-SAMPLING Ø For  the  func8on  to  be  determinis8c  and  order-­‐preserving,  lazy-­‐sampling   must  take  into  account  “exis8ng”  points  when  selec8ng  new  points.   Ø An  inefficient  method  would  be  to  remember  every  exis8ng  point  and   adjust  further  sampling  parameters  accordingly.   Ø But  to  make  our  eventual  scheme  stateless,  we  will  instead  take  a  binary   search  approach.   Ø For  now,  assume  a  state  consis8ng  of  pre-­‐determined  random  coins  (bitstrings)   r1,r2,…,rM  and  consider  this  as  the  key  to  our  scheme  
  • 50. LAZY-SAMPLING EXAMPLE 2   3   4   1   5   6   7   8   9   1   2   3   4   5   6   7   10   11   12   13   14   15   16   ?   NHGD([16],[7],4;r4)  →  10   NHGD([9],[3],2;r2)  →  5   NHGD({6,7,8,9},{3},3;r3)  →  6   Encrypt  “3”   ?   ?   ?   ?   2   3   4   1   5   6   7   8   9   1   2   3   4   5   6   7   10   11   12   13   14   15   16   ?   ?   Under  coins  r1,r2,…,rM:   NHGD([16],[7],4;r4)  →  10   NHGD([9],[3],2;r2)  →  5   NHGD([4],{1},1;r3)  →  2   Encrypt  “1”   2   3   4   1   5   6   7   8   9   1   2   3   4   5   6   7   10   11   12   13   14   15   16   ?  
  • 51. REMARKS ON LAZY-SAMPLING No8ce  that     Ø Given  random  fixed  coins  for  NHGD,  we  will  lazily  construct  a  (pseudo)random   OPF   Ø Each  encryp8on  uses  at  most  log2(M)  calls  to  the  NHGD  sampler   Ø Efficiency:  log2(M)  ·∙  tNHGD   Ø The  state  consists  only  of  the  coins  r1,r2,…,rM  
  • 52. REMOVING THE STATE Instead  of  storing  the  random  coins,  we  use  a  pseudorandom   func8on  (PRF)  that  takes  as  input  the  parameters  to  NHGD.   The  secret  key  to  our  scheme  is  just  the  key  K  to  the  blockcipher   NHGD(D1,R1,x1;      )   PRFK(D1,R1,x1)   r1   r1     NHGD(D2,R2,x2;      )   PRFK(D2,R2,x2)   r2   r2   NHGD(D3,R3,x3;      )  r3   PRFK(D3,R3,x3)   r3  
  • 53. MOVE TO HYPERGEOMETRIC Ø There  does  not  seem  to  be  an  efficient  NHGD  algorithm.  !   Ø Instead  we  use  a  related  distribu8on:  Hypergeometric  Distribu8on   (HGD),  which  can  be  sampled  efficiently  [KS85].   Ø It  describes  how  many  members  of  a  random  M-­‐set  are  less   than  value  y,  for  1  ≤  y  ≤  N   Ø HGD  can  be  used  if  we  slightly  modify  the  algorithms.   Ø This  gives  rise  to  a  POPF-­‐secure  OPE.  ☺   Ø Efficiency  is  the  same,  log  M  ·∙  tHGD  ,  on  average.  
  • 54. RECAP OF OPE Ø Appropriate  defini8on  of  security:  POPF   Ø Our  later  study  [BCO11]  helped  to  clarify  security  leakage  of  POPF.   Ø POPF-­‐secure  OPE  construc8on  via  lazy-­‐sampling  on  the  HGD   distribu8on.  
  • 56. GREAT COLLABORATION AT A GLANCE Skyhigh and myself had numerous fruitful discussions. I was incredibly pleased with their approach and questions. Ø  They valued and wanted to understand provable security, and wanted to employ provably secure schemes. Ø  They asked great questions and listened. Ø  They think open source is a must. Ø  They read academic papers and attended academic conferences. Ø  They hired the Advisory board of crypto experts. Ø  They managed to make us think. Ø  They managed to spark new research projects.
  • 57. CHALLENGES WITH DEPLOYING OPE Speed  of  algorithm   •  HGD  sampling  means  un-­‐op8mized  implementa8on  is  very  slow.     •  Op8miza8on  required  extensive  use  of  low-­‐level  floa8ng  point  libraries  to  speed  up  HGD  sampling   Ciphertext  length   •  Padding  is  required  to  preserve  lexicographic  orders.  Padding  plaintexts  also  means  the  ciphertexts  are  long.     Need  to  fix  input  and  output  lengths  in  advance   •  No  known  secure  way  to  use  OPE  like  a  block  cipher   •  Makes  using  OPE  for  different  types  of  data  (longer/shorter)  difficult   What  order  is  preserved?   •  Lexicographic?  Numeric?  Alphabe8c?  ASCII-­‐be8c?     •  Different  orderings  require  different  func8ons  to  encode  input  as  integers  before  encryp8on   •  Needs  to  be  the  same  order  as  cloud  applica8on,  but  different  apps  could  have  different  orderings    
  • 58. MORE CHALLENGES Ø  Tradeoff of security for functionality Ø  Everybody wants to search everything, all the time. Ø  Can’t have great security at the same time. Ø  What security level is appropriate? Ø  How to explain to customers the security they are getting? Ø  May be easier for exact-match queries. However, Ø  When is frequency analysis an appropriate risk? Ø  For what data? Ø  Non-trivial for OPE New  research   project   White  paper  
  • 59. MORE CHALLENGES Ø  Granularity of exact-match search Ø  Encrypt every word? Every line? Every paragraph? What is appropriate tradeoff of usability for security? Ø  If OPE can be stateful, can we improve efficiency? New  research   project  
  • 60. CRYPTO ADVISORY BOARD ESTABLISHED IN 2014 Crypto-Advisory Board
  • 61. CONCLUSIONS Ø  Industry and academia can be friends Ø  It’s good to have new friends