1 / 15

Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes

Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes. Technische Universität Ilmenau CCSW 2013. Sander Wozniak Michael Rossberg Sascha Grau Ali Alshawish Guenter Schaefer. Order-Preserving Encryption (OPE). Domain of plaintexts:

aran
Download Presentation

Beyond the Ideal Object: Towards Disclosure-Resilient Order-Preserving Encryption Schemes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Beyond the Ideal Object:Towards Disclosure-Resilient Order-Preserving Encryption Schemes TechnischeUniversität Ilmenau CCSW 2013 Sander Wozniak Michael Rossberg SaschaGrau Ali Alshawish Guenter Schaefer

  2. Order-Preserving Encryption (OPE) • Domain of plaintexts: • Range of ciphertexts: • For an encryption function an OPE scheme satisfies: • Application in the context of cloud computing: • Users may not fully trust their service providers • Need to encrypt the outsourced data • OPE enables efficient range queries in standard DBMS

  3. OPE based on Order-Preserving Functions • OPF-based Schemes: • Rely on Order-Preserving Functions (OPFs) drawn from: • OPE scheme based on a chosen OPF • Choosing Order-Preserving Functions • Standard model: “Ideal Object” (Boldyreva et al., 2009):OPFs are drawn uniformly at random • In this work: alternative OPF construction schemes

  4. Weaknesses of the “Ideal Object” • One-wayness of “ideal object” is not satisfying • Existing research highlights the significance of the most likely plaintext (m.l.p.) of a given ciphertext • Empiric frequency distributions for 108 OPFs:

  5. Disclosure-Resilience of OPE • Given: OPF construction scheme • Attacker model: • and the plaintext space is known to adversaries • Adversaries have limited additional information: • Known ciphertexts • Known/chosen plaintext-ciphertext pairs • Given a challenge ciphertext , adversaries have to accurately estimate the plaintext producing • is referred to as disclosure-resilient if it: • provides a sufficient number of plaintexts producing • maintains this property in case of disclosed information

  6. Average Number of Significant Plaintexts • Measures the number of plaintexts that an attacker has to consider as candidates for a challenge ciphertext Number of significant plaintexts for a ciphertext: Threshold Probability of being assigned to ciphertext c Weighted average over all ciphertexts: Note: this is not a quantile! Plaintext p

  7. Average Expected Estimation Error • Measures the error of a maximum-likelihood estimator using the most likely plaintexts of a challenge ciphertext Expected estimator error: Weighted average over all ciphertexts: Probability of being assigned to ciphertext c Error Plaintext p

  8. Random Offset Addition • Draw a random offset • Encryption function: • Disclosure-resilient for very few known ciphertexts • No resilience against known plaintext-ciphertext pairs 108 OPFs OPF2 OPF3 OPF1 OPF4 Random offset OPF5 Ciphertext c Plaintext p

  9. Random Uniform Sampling • Choose a splitting element: • Random selection / median of the (sub)domain • Randomly assign ciphertext to chosen plaintext • Recursively sample subspaces 108 OPFs Splitting element • p3 • p1 • p2 • c3 • c1 Ciphertext c • c2 Plaintext p

  10. Random Subrange Selection • Randomly decide whether to draw or first • Lower bound first: ; • Upper bound first: ; • Sample OPF from subrange(alternative constr. scheme) Ciphertext c Plaintext p

  11. Evaluation and Results • Empiric evaluation using 108 randomly generated OPFs The suggested OPF construction schemes reduce the significance of specific plaintexts

  12. Average Number of Significant Plaintexts 108 OPFs A: Novel schemes increase ; offset addition and subrange selection most effective A B C D B: Disclosure of ciphertexts affects all approaches; novel schemes more effective than “ideal object” C: Known pairs strongly decrease ; offset add. ineffective ; subrange selection less effective D: Chosen pairs render all schemes ineffective

  13. Average Expected Estimation Error 108 OPFs A B C D confirms the results of ; subrange selection using the “ideal object” shows a smaller error (dominant peak of m.l.p.)

  14. Conclusion & Outlook • Conclusion • The suggested OPF construction schemes are able to reduce the significance of specific plaintexts when compared to the “ideal object” • However, the resilience against the disclosure of additional information is not yet sufficient for practical applications • Future work • Consider the impact of an increasing range size • Investigate alternative OPF construction schemes with high disclosure-resilience in case of well-informed adversaries

More Related