Presentation is loading. Please wait.

Presentation is loading. Please wait.

Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter.

Similar presentations


Presentation on theme: "Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter."— Presentation transcript:

1 Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter Schaefer Technische Universität Ilmenau CCSW 2013

2 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 2 Domain of plaintexts: Range of ciphertexts: For an encryption function an OPE scheme satisfies: Application in the context of cloud computing: –Users may not fully trust their service providers –Need to encrypt the outsourced data –OPE enables efficient range queries in standard DBMS Order-Preserving Encryption (OPE)

3 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 3 OPE based on Order-Preserving Functions OPF-based Schemes: –Rely on Order-Preserving Functions (OPFs) drawn from: –OPE scheme based on a chosen OPF Choosing Order-Preserving Functions –Standard model: Ideal Object (Boldyreva et al., 2009): OPFs are drawn uniformly at random –In this work: alternative OPF construction schemes

4 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 4 Weaknesses of the Ideal Object One-wayness of ideal object is not satisfying –Existing research highlights the significance of the most likely plaintext (m.l.p.) of a given ciphertext –Empiric frequency distributions for 10 8 OPFs:

5 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 5 Disclosure-Resilience of OPE Given: OPF construction scheme Attacker model: – and the plaintext space is known to adversaries –Adversaries have limited additional information: Known ciphertexts Known/chosen plaintext-ciphertext pairs –Given a challenge ciphertext, adversaries have to accurately estimate the plaintext producing is referred to as disclosure-resilient if it: –provides a sufficient number of plaintexts producing –maintains this property in case of disclosed information

6 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 6 Plaintext p Probability of being assigned to ciphertext c Average Number of Significant Plaintexts Measures the number of plaintexts that an attacker has to consider as candidates for a challenge ciphertext Weighted average over all ciphertexts: Number of significant plaintexts for a ciphertext: Threshold Note: this is not a quantile!

7 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 7 Average Expected Estimation Error Measures the error of a maximum-likelihood estimator using the most likely plaintexts of a challenge ciphertext Expected estimator error: Weighted average over all ciphertexts: Error Plaintext p Probability of being assigned to ciphertext c

8 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 8 Random Offset Addition Draw a random offset Encryption function: Disclosure-resilient for very few known ciphertexts No resilience against known plaintext-ciphertext pairs Plaintext p Ciphertext c Random offset OPF 1 OPF 4 OPF 5 OPF 3 OPF 2 10 8 OPFs

9 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 9 Random Uniform Sampling Choose a splitting element: –Random selection / median of the (sub)domain Randomly assign ciphertext to chosen plaintext Recursively sample subspaces Plaintext p Ciphertext c Splitting element p1p1 p2p2 p3p3 c1c1 c3c3 c2c2 10 8 OPFs

10 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 10 Random Subrange Selection Randomly decide whether to draw or first –Lower bound first: ; –Upper bound first: ; Sample OPF from subrange (alternative constr. scheme) Plaintext p Ciphertext c

11 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 11 Evaluation and Results Empiric evaluation using 10 8 randomly generated OPFs The suggested OPF construction schemes reduce the significance of specific plaintexts

12 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 12 Average Number of Significant Plaintexts 10 8 OPFs AB CD B: Disclosure of ciphertexts affects all approaches; novel schemes more effective than ideal object D: Chosen pairs render all schemes ineffective A: Novel schemes increase ; offset addition and subrange selection most effective C: Known pairs strongly decrease ; offset add. ineffective ; subrange selection less effective

13 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 13 Average Expected Estimation Error 10 8 OPFs AB CD confirms the results of ; subrange selection using the ideal object shows a smaller error (dominant peak of m.l.p.)

14 S. Wozniak – Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes 14 Conclusion & Outlook Conclusion –The suggested OPF construction schemes are able to reduce the significance of specific plaintexts when compared to the ideal object –However, the resilience against the disclosure of additional information is not yet sufficient for practical applications Future work –Consider the impact of an increasing range size –Investigate alternative OPF construction schemes with high disclosure-resilience in case of well-informed adversaries

15 Sander Wozniak sander.wozniak@tu-ilmenau.de Thank you for your attention! Telematics and Computer Networks Group Technische Universität Ilmenau, Germany


Download ppt "Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter."

Similar presentations


Ads by Google