SaTC: CORE: Medium: Collaborative: Cryptographic Data Protection in Modern Systems

SaTC：核心：媒介：协作：现代系统中的加密数据保护

• 批准号: 1704296
• 负责人: Vitaly Shmatikov
• 金额: $ 80万
• 依托单位: Cornell University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2022-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1704296&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Cryptographic

Continuing major breaches and security compromises of computer systems motivate a promising new approach to data protection: encrypt the data so that even if stolen, it will be useless to the attacker, yet reveal just enough information about the data so that commodity systems such as databases and Web servers can still operate on it. This is called property-revealing encryption (PRE), and has already found its way to academic and commercial products that protect sensitive data in cloud services. This project is a comprehensive investigation of whether, when, and how can property-revealing encryption adequately protect sensitive data. This investigation is informed by close engagement with industry and understanding of the needs and requirements of protecting users' data.This project comprises three research thrusts, spanning the range from theoretical foundations to security analysis to design and implementation of prototype systems. The first thrust develops cryptographic definitions and security models for property-revealing encryption (PRE) schemes, as well as developing a hierarchy of threat models and inference methods. The second thrust focuses on developing a unified methodology for measuring and exploiting information leakage when PRE schemes are deployed on realistic data in actual distributed systems. The final thrust designs and implements secure systems that use cryptographic data protection safely and securely, focusing on a small number of key applications that showcase essential PRE functionality.

计算机系统持续的重大漏洞和安全隐患激发了一种有前途的数据保护新方法：对数据进行加密，即使被盗，对攻击者来说也是无用的，但会显示足够的数据信息，以便数据库和Web服务器等商品系统仍然可以对其进行操作。这称为属性揭示加密（PRE），并且已经找到了保护云服务中敏感数据的学术和商业产品。这个项目是一个全面的调查是否，何时，以及如何可以充分保护敏感数据的属性揭示加密。本研究通过与行业的密切合作以及对用户数据保护需求的了解而获得信息。该项目包括三个研究方向，涵盖从理论基础到安全分析，再到原型系统的设计和实现。 第一个重点是开发属性揭示加密（PRE）方案的加密定义和安全模型，以及开发威胁模型和推理方法的层次结构。 第二个重点是开发一个统一的方法来测量和利用信息泄漏时，PRE计划部署在实际的分布式系统中的现实数据。最后的推力设计和实现安全的系统，安全地使用加密数据保护，专注于少数关键应用程序，展示基本的PRE功能。

项目成果

Searching Encrypted Data with Size-Locked Indexes

使用大小锁定索引搜索加密数据

• 发表时间: 2021
• 期刊: USENIX Security Symposium
• 作者: Xu, Min;Namavari, Armin;Cash, David;Ristenpart, Thomas
• 通讯作者: Ristenpart, Thomas

Fast Message Franking: From Invisible Salamanders to Encryptment

快速邮件邮资盖印：从隐形蝾螈到加密

• 发表时间: 2018
• 期刊: Advances in Cryptology - CRYPTO
• 作者: Dodis, Yevgeniy;Grubbs, Paul;Ristenpart, Thomas;Woodage, Joanne
• 通讯作者: Woodage, Joanne

The Tao of Inference in Privacy-Protected Databases

• DOI: 10.14778/3236187.3236217
• 发表时间: 2018-07
• 期刊: IACR Cryptol. ePrint Arch.
• 作者: Vincent Bindschaedler;Paul Grubbs;David Cash;Thomas Ristenpart;Vitaly Shmatikov

Partitioning Oracle Attacks

分区 Oracle 攻击

• 发表时间: 2021
• 期刊: USENIX Security Symposium
• 作者: Len, Julia;Grubbs, Paul;Ristenpart, Thomas
• 通讯作者: Ristenpart, Thomas

Pancake: Frequency Smoothing for Encrypted Data Stores

Pancake：加密数据存储的频率平滑

• 发表时间: 2020
• 期刊: USENIX Security
• 作者: Grubbs, Paul;Khandelwal, Anurag;Lacharite, Marie-Sarah;Brown, Lloyd;Li, Lucy;Agarwal, Rachit;Ristenpart, Thomas
• 通讯作者: Ristenpart, Thomas