Presented at
32C3 (2015),
Dec. 30, 2015, 11:30 a.m.
(60 minutes)
In the last couple of years, cloud and web services have become more and more popular. Since Snowden we know for sure that intelligence agencies have access to the data storage of an service provider, either by (forced) cooperation, or espionage. Thus, to protect our privacy we have to encrypted our data before hand it over to our service provider (data holder). But this approach contradicts the very idea of a web service where the data holder have to process our data in one way or an other. Therefore, we need new cryptographic techniques to enable the data holder to perform operation on encrypted data. One of the most important operations for cloud storage or database based web/cloud services is the search operation. In this talk we focus on the very familiar cloud storage scenario. Because in this scenario, It is obvious, that the user (data owner) do not want to perform the search by himself. This should be a service offered by the data holder. We will present different practical approaches to achieve searchable ciphertext, namely one with an index and one with cleverly encrypted words.
Note that no PhD is required to attend this talk ;-)
We found that many people cannot believe that it is possible to execute operations on ciphertext. We want to rectify this by educating hackers of the magic of searchable encryption schemes.
<h4>Intro</h4>
"The Cloud" has undoubtedly become very popular over the last decade. Many people like the convenience of virtually unlimited storage and computing power at their fingertips. However, people tend to dislike to disclose their data to third parties. A simple solution would be encrypt the data before uploading it to a third party, but you may very well want to perform certain operations on the encrypted data such as a search.
<h4>Entering Searchable Encryption</h4>
This conflict of encryption and the ability to execute computations on data seems to be inherent. However, clever encryption schemes which allow certain search operations on ciphertext exist! We will present some searchable symmetric encryption schemes which enable others to search for keywords or substrings without learning they key nor the plaintext. You may very well ask what the security implications in those cases are, so we will present the associated security notions. Another concern is performance reg. speed or memory consumption. We present our measurements of prototypical implementations and infer that searchable symmetric encryption schemes can indeed be practical.
Our vision is to store data remotely in an encrypted fashion without losing convenience of using third party applications.
We want to enable developers to secure their databases and we want to make users aware of advances in cryptography so that they demand more secure services. Given the properties, other use cases of secure keyword search include email or document storage. In fact, it is possible to not only secure relational databases, but to create secure big data scenarios where massive amounts of data are being handled.
Presenters:
-
Christian Forler
-
Tobias Mueller
Tobias Mueller is a lead member of the GNOME Bugsquad for the last years and thus responsible for managing the bug database as well as the team around it. He is involved in deciding on effective policies for the bug database, actually dealing with the bugs in the database and recruiting new members who will help triaging. He also got elected to the Board of Directors in 2012 where he serves the GNOME Foundation to achieve their goals of creating and distributing great Free Software products. Besides beings a Free Software and GNOME lover, Tobias is involved in the German security research community around the Chaos Computer Club. Topics of interest include Platform- and System-Security, Cryptography and Security Protocols.
Links:
Similar Presentations: