Download presentation

Presentation is loading. Please wait.

Published byDania Shroll Modified over 3 years ago

1
**Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes**

Technische Universität Ilmenau CCSW 2013 Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter Schaefer

2
**Order-Preserving Encryption (OPE)**

Domain of plaintexts: Range of ciphertexts: For an encryption function an OPE scheme satisfies: Application in the context of cloud computing: Users may not fully trust their service providers Need to encrypt the outsourced data OPE enables efficient range queries in standard DBMS

3
**OPE based on Order-Preserving Functions**

OPF-based Schemes: Rely on Order-Preserving Functions (OPFs) drawn from: OPE scheme based on a chosen OPF Choosing Order-Preserving Functions Standard model: “Ideal Object” (Boldyreva et al., 2009): OPFs are drawn uniformly at random In this work: alternative OPF construction schemes - Standard model for analysis

4
**Weaknesses of the “Ideal Object”**

One-wayness of “ideal object” is not satisfying Existing research highlights the significance of the most likely plaintext (m.l.p.) of a given ciphertext Empiric frequency distributions for 108 OPFs: 10 to the power of 8

5
**Disclosure-Resilience of OPE**

Given: OPF construction scheme Attacker model: and the plaintext space is known to adversaries Adversaries have limited additional information: Known ciphertexts Known/chosen plaintext-ciphertext pairs Given a challenge ciphertext , adversaries have to accurately estimate the plaintext producing is referred to as disclosure-resilient if it: provides a sufficient number of plaintexts producing maintains this property in case of disclosed information

6
**Average Number of Significant Plaintexts**

Measures the number of plaintexts that an attacker has to consider as candidates for a challenge ciphertext Number of significant plaintexts for a ciphertext: Plaintext p Probability of being assigned to ciphertext c Threshold Weighted average over all ciphertexts: Note: this is not a quantile!

7
**Average Expected Estimation Error**

Measures the error of a maximum-likelihood estimator using the most likely plaintexts of a challenge ciphertext Expected estimator error: Plaintext p Probability of being assigned to ciphertext c Weighted average over all ciphertexts: Error

8
**Random Offset Addition**

Draw a random offset Encryption function: Disclosure-resilient for very few known ciphertexts No resilience against known plaintext-ciphertext pairs 108 OPFs Plaintext p Ciphertext c OPF2 OPF3 OPF1 OPF4 Random offset OPF5

9
**Random Uniform Sampling**

Choose a splitting element: Random selection / median of the (sub)domain Randomly assign ciphertext to chosen plaintext Recursively sample subspaces 108 OPFs Splitting element p3 p1 Plaintext p Ciphertext c p2 c3 c1 c2

10
**Random Subrange Selection**

Randomly decide whether to draw or first Lower bound first: ; Upper bound first: ; Sample OPF from subrange (alternative constr. scheme) Plaintext p Ciphertext c

11
**Evaluation and Results**

Empiric evaluation using 108 randomly generated OPFs The suggested OPF construction schemes reduce the significance of specific plaintexts

12
**Average Number of Significant Plaintexts**

108 OPFs C: Known pairs strongly decrease ; offset add. ineffective ; subrange selection less effective A: Novel schemes increase ; offset addition and subrange selection most effective A B C D B: Disclosure of ciphertexts affects all approaches; novel schemes more effective than “ideal object” D: Chosen pairs render all schemes ineffective

13
**Average Expected Estimation Error**

108 OPFs confirms the results of ; subrange selection using the “ideal object” shows a smaller error (dominant peak of m.l.p.) A B C D

14
**Conclusion & Outlook Conclusion Future work**

The suggested OPF construction schemes are able to reduce the significance of specific plaintexts when compared to the “ideal object” However, the resilience against the disclosure of additional information is not yet sufficient for practical applications Future work Consider the impact of an increasing range size Investigate alternative OPF construction schemes with high disclosure-resilience in case of well-informed adversaries

Similar presentations

OK

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on aerobics step Ppt on polynomials and coordinate geometry proof Ppt on field study 6 Ppt on aircraft emergencies with atc Ppt on atrial septal defect in adults Ppt on atrial septal defect secundum Ppt on world population day Muscular system anatomy and physiology ppt on cells Ppt on solar system for class 8 Ppt on diode as rectifiers