Sherman S. M. Chow http://staff.ie.cuhk.edu.hk/ ~smchow tography and Systems Secur
Dec 18, 2015
Sherman S. M. Chow
http://staff.ie.cuhk.edu.hk/~smchow
Cryptography and Systems Security
2
Big Picture• Your data is anywhere but not in your control• Security breaches are recurrent– Weakest link: hardware, software, technicians, …
• You may trust the science of cryptography
3
+ CRYPTOGRAPHY• “Applied Crypto”– system constructions– practical & efficient
• “Foundation”– formal definitions– formal security proof
I. Privacy Enhancing
Technologies
II. Searchable Encryption
III. Cloud Crypto.
IV. Lattice-Based Crypto
• Projects I, III, IV are ongoing FYPs in ’13-’14• Projects I-III have both research and implementation elements• Project IV requires a good foundation in Mathematics
4
Goal: CIA Triad
Confid-entiality
Integrity(/ Auth.)
Info. Security
Availab-ility
5
Searchable Encryption (SE)
• Encryption supposes to hide as much info of the plaintext as possible
• You may want your mobile devices only download encrypted e-mails marked with the keyword “urgent” from the server.
• You don’t want the server to know what are the keywords associated with each email.
6
Trivial Solution of SE
• Download all data, then decrypt– O(N) communication– N: number of documents
• Build a local index, then download– O(N) local storage
• Ideally, O(n) complexity (at least at client side)– n: number of matching documents (n << N)
7
(Symmetric) Searchable Encryption
= Enc( )
= “work, blah blah …”
Keyword ( ) = [“work”]
= [“work”]
= Enc(“work …”)
8
Deterministic Encryption
• Encryption of the same plaintext always lead to the same ciphertext– Not the most secure, but allows efficient indexing
• Order-preserving encryption– the relative order of plaintexts is preserved in
ciphertexts
9
Privacy-Enhancing Technologies
• Is “absolute-”authentication always good?• Right balance of privacy and accountability
• Electronic Payments– Octopus, electronic toll pricing, Bitcoin, etc– Do you worry about leaking your spending pattern?– Merchants & Bank also have their concerns• Double-spending, money laundry, etc.
10
Motivating Application: Wikipedia
• Everyone can write on different topics• Writers & reviewers can be anonymous• Multiple posts are unlinkable• Even in places with restricted freedom of speech,
user will not be identified (and punished)
11
How to be anonymous and unlinkable?
• Easy! Use pseudonyms– Service provider (SP) knows your nym and IP– profile a user uniquely by sophisticated data mining
• Easy! Use anonymous network, e.g., Tor• What if user repeatedly violating copyright,
posting advertisement, using abusive language?• So exit-nodes of Tor are blocked• Crypto-solutions, e.g., MS U-Prove, IBM Idemix
12
Availability
• A system must be serving the info when it is needed.
• How can cryptography help to ensure availability?
• E.g., consider cloud storage again, how can I ensure that the cloud service provider is really storing my file?
• At least, I can provide (cryptographic) evidence when it fails to do so.
13
Deduplication
• The cloud may not want to store the same copy of the file from different users twice.
• Check a message digest like hash(file)?• You can then transfer this short hash to your
friend => Instant sharing!• Again, we need cryptographic technique
14
Functional Encryption
• Symmetric key encryption: dk = ek• Public key encryption: (dk, ek) is a valid key pair• Identity-based encryption: dkID can decrypt
EncfID’(m) when fID’(ID)=1, i.e., ID = ID’
• Key-Policy ABE: dkf decrypt EncA() when f(A)=1
• Ciphertext-Policy: dkA decrypt Encf()
• Functional encryption: dkg dec Encf() if R(f, g)=1
15
Outsourced computation
• Big data• You may not have the computational resource
or the expertise to analyze the big data• Outsource it to the cloud!• What if the computation is sensitive?– Filing tax, DNA-related computation, etc
• What if the cloud computed wrongly?– Wrong decision in investment
16
Lattice-Based Cryptography
• A lattice is a set of points in the n-dimensional Euclidean space Rn with a strong periodicity.
• Intractable mathematical problems are leveraged to construct cryptographic systems.
• Shortest Vector Problem: Given a basis of a lattice, find the shortest vector in the lattice.
17
What lattice can do?
• Fully Homomorphic Encryption– It was open until 2009
• Multi-linear pairing– The first construction was born in May last year!– Bi-linear pairing already solved many problems in
this decade, e.g.: – public-key searchable encryption– functional encryption
18
Some Specific Skills
• familiarity with proofs• designing systems• (basic) probability and number theory• You don’t need to know number theory but you are expected
to pick it up under my advice
• open-minded• cryptanalysis (black-hat)
• Email: [email protected]• We can setup meetings for further discussion