2 Your data is anywhere but not in your control Security breaches are recurrent – Weakest link: hardware, software, technicians, … You may trust the science.

Sherman S. M. Chow

http://staff.ie.cuhk.edu.hk/~smchow

Cryptography and Systems Security

2

Big Picture• Your data is anywhere but not in your control• Security breaches are recurrent– Weakest link: hardware, software, technicians, …

• You may trust the science of cryptography

3

+ CRYPTOGRAPHY• “Applied Crypto”– system constructions– practical & efficient

• “Foundation”– formal definitions– formal security proof

I. Privacy Enhancing

Technologies

II. Searchable Encryption

III. Cloud Crypto.

IV. Lattice-Based Crypto

• Projects I, III, IV are ongoing FYPs in ’13-’14• Projects I-III have both research and implementation elements• Project IV requires a good foundation in Mathematics

4

Goal: CIA Triad

Confid-entiality

Integrity(/ Auth.)

Info. Security

Availab-ility

5

Searchable Encryption (SE)

• Encryption supposes to hide as much info of the plaintext as possible

• You may want your mobile devices only download encrypted e-mails marked with the keyword “urgent” from the server.

• You don’t want the server to know what are the keywords associated with each email.

6

Trivial Solution of SE

• Download all data, then decrypt– O(N) communication– N: number of documents

• Build a local index, then download– O(N) local storage

• Ideally, O(n) complexity (at least at client side)– n: number of matching documents (n << N)

7

(Symmetric) Searchable Encryption

= Enc( )

= “work, blah blah …”

Keyword ( ) = [“work”]

= [“work”]

= Enc(“work …”)

8

Deterministic Encryption

• Encryption of the same plaintext always lead to the same ciphertext– Not the most secure, but allows efficient indexing

• Order-preserving encryption– the relative order of plaintexts is preserved in

ciphertexts

9

Privacy-Enhancing Technologies

• Is “absolute-”authentication always good?• Right balance of privacy and accountability

• Electronic Payments– Octopus, electronic toll pricing, Bitcoin, etc– Do you worry about leaking your spending pattern?– Merchants & Bank also have their concerns• Double-spending, money laundry, etc.

10

Motivating Application: Wikipedia

• Everyone can write on different topics• Writers & reviewers can be anonymous• Multiple posts are unlinkable• Even in places with restricted freedom of speech,

user will not be identified (and punished)

11

How to be anonymous and unlinkable?

• Easy! Use pseudonyms– Service provider (SP) knows your nym and IP– profile a user uniquely by sophisticated data mining

• Easy! Use anonymous network, e.g., Tor• What if user repeatedly violating copyright,

posting advertisement, using abusive language?• So exit-nodes of Tor are blocked• Crypto-solutions, e.g., MS U-Prove, IBM Idemix

12

Availability

• A system must be serving the info when it is needed.

• How can cryptography help to ensure availability?

• E.g., consider cloud storage again, how can I ensure that the cloud service provider is really storing my file?

• At least, I can provide (cryptographic) evidence when it fails to do so.

13

Deduplication

• The cloud may not want to store the same copy of the file from different users twice.

• Check a message digest like hash(file)?• You can then transfer this short hash to your

friend => Instant sharing!• Again, we need cryptographic technique

14

Functional Encryption

• Symmetric key encryption: dk = ek• Public key encryption: (dk, ek) is a valid key pair• Identity-based encryption: dkID can decrypt

EncfID’(m) when fID’(ID)=1, i.e., ID = ID’

• Key-Policy ABE: dkf decrypt EncA() when f(A)=1

• Ciphertext-Policy: dkA decrypt Encf()

• Functional encryption: dkg dec Encf() if R(f, g)=1

15

Outsourced computation

• Big data• You may not have the computational resource

or the expertise to analyze the big data• Outsource it to the cloud!• What if the computation is sensitive?– Filing tax, DNA-related computation, etc

• What if the cloud computed wrongly?– Wrong decision in investment

16

Lattice-Based Cryptography

• A lattice is a set of points in the n-dimensional Euclidean space Rn with a strong periodicity.

• Intractable mathematical problems are leveraged to construct cryptographic systems.

• Shortest Vector Problem: Given a basis of a lattice, find the shortest vector in the lattice.

17

What lattice can do?

• Fully Homomorphic Encryption– It was open until 2009

• Multi-linear pairing– The first construction was born in May last year!– Bi-linear pairing already solved many problems in

this decade, e.g.: – public-key searchable encryption– functional encryption

18

Some Specific Skills

• familiarity with proofs• designing systems• (basic) probability and number theory• You don’t need to know number theory but you are expected

to pick it up under my advice

• open-minded• cryptanalysis (black-hat)

• Email: smchow@ie.cuhk.edu.hk• We can setup meetings for further discussion