sdcindia oxymoron srini · 2019-12-21 · oxymoron [ok-si-mawr-on,-mohr-] a figure of speech by...
Post on 18-Jun-2020
1 Views
Preview:
TRANSCRIPT
!OxymoronComputing on Encrypted Data
Srinivasan Narayanamurthy (Srini)May 26th, 2017Storage Developers Conference India, Bangalore
© 2017 NetApp, Inc. All rights reserved. 1
Abouto Me
§ Engineer at the Advanced Technology Group since 2011.§ Spent a decade working on security before joining NetApp.§ Mostly on a PhD & several years at RSA Security.
§ @NetApp: Data Security & Privacy, Erasure codes, Distributed Storage Systems.
o My Involvement in SNIA§ SDC talks (at India & US) in 2016 on Erasure Codes.§ Member of SNIA Security TWG.§ Tries hard to stay awake until 2:30AM (IST) to attend weekly meetings! J
§ Early version of this talk at Data Storage Security Summit 2016.
o Talk: Searchable Encryption§ Non-mathematical; non-algorithmic.
© 2017 NetApp, Inc. All rights reserved.2
© 2017 NetApp, Inc. All rights reserved.3
Oxymoron[ok-si-mawr-on, -mohr-]
a figure of speech by which a locutionproduces an incongruous, seemingly self-contradictory effect, as in “cruel kindness” or“to rush slowly” OR “computing/ searching onencrypted data.”
The Problem
© 2017 NetApp, Inc. All rights reserved.4
Semi-trusted (Honest-but-curious) server
₹
Classification
© 2017 NetApp, Inc. All rights reserved.5
StructuredUnstructured
Solution
© 2017 NetApp, Inc. All rights reserved.6
Encrypt !
But …
© 2017 NetApp, Inc. All rights reserved.7
Or …
© 2017 NetApp, Inc. All rights reserved.8
Searchable Encryption
© 2017 NetApp, Inc. All rights reserved.9
Encrypted Data-at-rest & Data-in-motion
Count where age = 7
Deterministic Encryption
© 2017 NetApp, Inc. All rights reserved.10
Example: AES – ECB modeApplication: Convergent Encryption for Deduplication
E(age) = =
Brute-force / Dictionary attacks (IND-CPA)
Order-preserving Encryption (OPE)
© 2017 NetApp, Inc. All rights reserved.11
Range Querye.g. age > 3
Symmetric encryption over integers (AES – FFX)
Searchable Symmetric Encryption (SSE)
© 2017 NetApp, Inc. All rights reserved.12
Access pattern leakage!
Inverted Index
Symmetric encrypt. (Eg. AES)
SSE (Eg. Hash)
Trapdoor
Oblivious RAM (oRAM)
© 2017 NetApp, Inc. All rights reserved.13
Hides all information, including access pattern Many rounds of communication; Large storage cost
SSE + oRAM
© 2017 NetApp, Inc. All rights reserved.14
Hides all information, including access pattern; Many rounds of communication, Large storage cost
Structured Data
© 2017 NetApp, Inc. All rights reserved.15
Social networks, Web crawlers, Maps, Network routing, Communication (email headers, phone logs),
Research papers (citations)
= +
Structured Encryption (STE)
© 2017 NetApp, Inc. All rights reserved.16
Private Stream Searching (PSS)
© 2017 NetApp, Inc. All rights reserved.17
Partial (Additive) homomorphism!
+ = →
Fully Homomorphic Encryption (FHE)
© 2017 NetApp, Inc. All rights reserved.18
+ = ? +
Computationally expensive, high storage overheadSearch time is linear in the length of the dataset
Somewhat Homomorphic (SWHE):Efficient; restricted number of additions and multiplications
Other Encryption Schemes
o PKEET (Public Key Encryption with Equality Test)§ Equality tests of plaintexts encrypted under different public keys
o PE (Predicate) & IPE (Inner Product)§ Access-control & (originally) equality tests § IBE (Identity), AIBE (Anonymous IBE), HIBE (Hierarchical)§ ABE (Attribute)
o HVE (Hidden Vector)§ Wild card characters inside a key§ Supports: conjunctive, subset, range queries, disjunctions,
polynomials, inner products
© 2017 NetApp, Inc. All rights reserved.19
Summary
o Symmetric§ Searchable Symmetric Encryption (SSE)§ IND-CKA2 security§ Efficient (sub-linear) SE schemes
o Asymmetric§ Public key Encryption with Keyword search (PEKS)§ Efficiency and security?§ Lack of query expressiveness
© 2017 NetApp, Inc. All rights reserved.20
Tradeoffs
© 2017 NetApp, Inc. All rights reserved.21
Effic
ienc
ySecurity
Leak: Index, search & access pattern
E.g. IND-CKA2
Computation & Communication
complexityE.g. sub-linear index
Query expressiveness
E.g. Equality, conjunctive, extended search (subset, fuzzy, range queries, inner products)
Efficiency vs. Security
© 2017 NetApp, Inc. All rights reserved.22
Effic
ienc
y
Leakage
FHEORAM
SSE
STE
PEKS
PPE
HVE (PEKS)PE (IBE, ABE)IPE (AIBE)
PKEET
Functionality vs. Efficiency
© 2017 NetApp, Inc. All rights reserved.23
Func
tiona
lity
Efficiency
FHEORAM
SSE STEPEKS
PPEHVE (PEKS)PE (IBE, ABE)
PKEET
IPE (AIBE)
Applications
o Secure search
o Secure storage§ Outsourced, Backup
o Secure Data management§ Deduplication, email forwarding, etc.
o Security tiers for analytics
o Private data with “enough” privacy§ Call logs, map queries, image search, data classification
© 2017 NetApp, Inc. All rights reserved.24
In Practice
1) Systems§ CryptDB, MIT CSAIL§ Cipherbase, Microsoft§ Google’s Encrypted BigQuery Demo§ Microsoft SQL Server 2016 Always Encrypted
2) Implementations§ CS2, Microsoft & UCB (2012); C++; Keyword search§ IARPA, IBM & UCI (2013); C++; Conjunctive§ BlindSeer, Bell Labs & Columbia (2014); Boolean§ GRECS, Microsoft, Boston & Harvard (2015); C++; Graph§ Clusion, Brown & Colorado (2016); Java; Boolean
© 2017 NetApp, Inc. All rights reserved.25
Conclusion
o Tradeoffs: Security vs. Efficiency vs. Functionality
o Unclear security model
o Not-so-good asymmetric schemes
o Limited set of (academic) implementations
o But ...
© 2017 NetApp, Inc. All rights reserved.26
This could be as big a wave as public-key crypto!
Thank you.naras@netapp.com
© 2017 NetApp, Inc. All rights reserved.27
Imagine a fancy animation here, in the cloud. *
* You know what I mean! J
top related