final project slides - university of richmonddszajda/classes/cs334/fall_2014/slides… · 6 10 3 1...
TRANSCRIPT
![Page 1: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/1.jpg)
Dynamic Searchable Encryption via Blind
Storage
M. Naveed, M. Prabhakaran, C.A. Gunter
Presented by:Keegan Sherman and Pardeep Banwait
![Page 2: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/2.jpg)
Searchable Symmetric Encryption• Allows a user to store a collection of encrypted
documents and perform keyword searches on those documents.
• The server storing the documents is required to not learn any information from interactions with the stored documents except for certain patterns.
• Our Dynamic SSE allows for adding and removing documents throughout the life-time of the system in the face of an honest-but curious server.
![Page 3: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/3.jpg)
Previous SSE Research• Basic Approach by R. Curtmola, et.al. from NJIT.
• Keep index files that map keywords to lists of documents that contain it. Store index files as encrypted linked lists. Randomly sort the nodes for each list.
• Approach by S. Kamara, et.al. from Microsoft.
• Dynamic SSE based off inverted index approach with server side computation.
![Page 4: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/4.jpg)
Blind Storage• Allows a server to store a set of encrypted files in such a
way that the server does not know how many files are being stored nor the lengths of the files.
• Server learns about the existence of a file when it is being retrieved but the file’s name and contents are kept hidden.
![Page 5: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/5.jpg)
Blind Storage Parameters• - Upper bound on storage slack ratio
• - Ratio between the number of blocks in a file and the number of blocks downloaded/uploaded when a given file is accessed.
• - The minimum number of blocks that can be downloaded/uploaded from the server.
• We use CRHF, a PRF, a FD-PRF, PRG, and a PRP all relying on an AES block-cipher .
• KSSE = (Kd, Kid, KID).
�
↵
![Page 6: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/6.jpg)
Blind Storage1 2 3 4 5 6 7 8 9 10 11 12
FreeOccupiedid data
Generate seed for PRG: s = FD-PRF (id)Kid1
10 3 4 2
Check that needed number of blocks are free. If so choose the shortest subset, S, containing size free blocks.
3
size = 4 blocks
6 10 3 1 4 9 2 8
Generate indexes for a pseudorandom subset of size max( size, ) from PRG(s).
2
↵⇤
![Page 7: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/7.jpg)
Blind Storage
vi H(id) datajvi H(id) size data0
4 Create blocks with necessary information.
5
Store blocks into S10 3 4 2
}Encrypt blocks using PRF Kd
vi Ej6}
![Page 8: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/8.jpg)
Blind Storage Update1 2 3 4 5 6 7 8 9 10 11 12
FreeOccupied
Generate seed for PRG: s = FD-PRF (id)Kid1
6 10 3 1
Generate indexes for a pseudorandom subset of size from PRG(s).
2
Find first block with our id using decryption.3
vi E0
H(id) size data0
Our file
![Page 9: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/9.jpg)
Blind Storage Update4 Output size to client and accept size’ as the size of the file after update.
5 Determine if < max(size, size’). If so calculate, download and decryptremaining pseudorandom blocks.
↵⇤
6 10 3 1 4 9 2 8
6
10 3 4 2
Determine blocks with our id’s and output them.
7 Accept data’ as updated document
8 If size < size’ download more pseudorandom blocks and store.
![Page 10: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/10.jpg)
Clear Storage• Similar to blind storage except there is no encryption.
• Uses a separate file system that stores header files indexing the last block of the pseudorandom subset occupied by a file.
vi H(id) datajvi H(id) size data0
}10 3 4 2
Store blocks into S
… …
H(id) 2
… …
Header File System Interface
![Page 11: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/11.jpg)
Overview of BSTORE-SSE• All index files are stored in either blind storage or clear
storage.
• No server-side computation.
• Architecture independent.
• Highly parallelizable computation.
![Page 12: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/12.jpg)
Operations of BSTORE-SSE• SSE.keygen: Generate keys
• SSE.indexgen: Generates index files for each keyword that is in at least one document. Proceeds to fill the blind storage array with index files. Uploads array and encrypted documents.
• SSE.remove: Removes a document from the system using a lazy delete strategy.
• SSE.add: Adds a document to the system. Generates/updates keyword index files.
• SSE.search: Search documents in BSTORE-SSE system for a given keyword.
![Page 13: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/13.jpg)
Initialization• Operation of SSE.indexgen. Takes a set of (idf, dataf) tuples
and KSSE.
• Generate a document ID: E(idf) = PRP (idf).
• For each keyword present generate an index file that contains the E(idf) of the documents that contain that keyword.
• Store index files in blind storage system.
• Store encrypted documents outside of blind storage system.
KID
![Page 14: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/14.jpg)
Removing Files• Operation of SSE.remove
• Takes document idf
• Compute document E(idf), identical to how we did during initialization.
• Check if document with E(idf) exist in system. If so delete it and move E(idf) to removed list.
• Keyword index files are not updated until a subsequent search operation. (lazy-delete)
![Page 15: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/15.jpg)
Adding Files• Operation of SSE.add
• Takes tuple (idf, dataf)
• Compute document E(idf), identical to how we did during initialization.
• Generate random tag t for the document.
• Encrypt then prefix t to the document.
• Upload document to server using label E(idf).
![Page 16: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/16.jpg)
Adding Files• For each keyword that is present in a document append
a tuple (E(idf), t) to the index file in the clear storage system for that keyword.
• Upload index files to the clear storage system.
![Page 17: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/17.jpg)
Searching for Files• Operation of SSE.search
• Takes keyword w.
• Retrieves index files for w from both blind storage and clear storage using the first six stages of their update operations.
• Search index files for E(idf)’s that are also in the remove list.
• If found remove E(idf) and finish update process.
• User now has all idf’s and can request the document they are looking for.
![Page 18: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/18.jpg)
Security Analysis• During update we leak (op, vi, size).
• For clear store the server learns all encrypted documents containing a specific encrypted keyword.
• During addition and removal of a document the updated remove list is revealed to the server.
• During a search the server learns how many times a keyword has been searched.
![Page 19: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/19.jpg)
Experimental Results
Decreased per pair initialization time
![Page 20: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/20.jpg)
Experimental Results
Average time for initialization.
![Page 21: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/21.jpg)
Experimental Results
Time to search for a keyword excluding final decryption.
![Page 22: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/22.jpg)
Future Research• Multiple client searches on single data-owner (shared)
cloud storage.
• Security against actively corrupt servers.
• Multiple keyword searches.
![Page 23: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/23.jpg)
Related Works• R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky,
“Searchable symmetric encryption: improved definitions and efficient constructions,” in CCS, 2006, pp. 79–88.
• S. Kamara, C. Papamanthou, and T. Roeder, “Dynamic searchable symmetric encryption,” in CCS, 2012, pp. 965–976.
![Page 24: Final Project Slides - University of Richmonddszajda/classes/cs334/Fall_2014/slides… · 6 10 3 1 4 9 2 8 6 10 3 4 2 Determine blocks with our id’s and output them. 7 Accept data’](https://reader033.vdocuments.us/reader033/viewer/2022060209/5f04624f7e708231d40db501/html5/thumbnails/24.jpg)
Questions?