More Like this

1. IDCrypt: A Multi-User Searchable Symmetric Encryption Scheme for Cloud Applications

   https://doi.org/10.1109/ACCESS.2017.2786026  

   Wang, Guofeng; Liu, Chuanyi; Dong, Yingfei; Han, Peiyi; Pan, Hezhong; Fang, Binxing (January 2018, IEEE Access)

   Searchable Encryption (SE) has been extensively examined by both academic and industry researchers. While many academic SE schemes show provable security, they usually expose some query information (e.g., search patterns) to achieve high efficiency. However, several inference attacks have exploited such leakage, e.g., a query recovery attack can convert opaque query trapdoors to their corresponding keywords based on some prior knowledge. On the other hand, many proposed SE schemes require significant modification of existing applications, which makes them less practical, weak in usability, and difficult to deploy. In this paper, we introduce a secure and practical SE scheme with provable security strength for cloud applications, called IDCrypt, which improves the search efficiency and enhanced the security strength of SE using symmetric cryptography. We further point out the main challenges in securely searching on multiple indexes and sharing encrypted data between multiple users. To address the above issues, we propose a token-adjustment scheme to preserve the search functionality among multi-indexes, and a key sharing scheme which combines Identity-Based Encryption (IBE) and Public-Key Encryption (PKE). Our experimental results show that the overhead of IDCrypt is fairly low. 

   more » « less
2. In search of CurveSwap: Measuring elliptic curve implementations in the wild

   Valenta, Luke; Sullivan, Nick; Sanso, Antonio; Heninger, Nadia (April 2018, IEEE European Symposium on Security and Privacy)

   We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 0.77% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms. 

   more » « less
3. On Quantum Chosen-Ciphertext Attacks and Learning with Errors

   Alagic, Gorjan; Jeffery, Stacey; Ozols, Maris; Poremba, Alexander (January 2019, Theory of Quantum Computing, Communication, and Cryptography 2019)

   Large-scale quantum computing is a significant threat to classical public-key cryptography. In strong "quantum access" security models, numerous symmetric-key cryptosystems are also vulnerable. We consider classical encryption in a model which grants the adversary quantum oracle access to encryption and decryption, but where the latter is restricted to non-adaptive (i.e., pre-challenge) queries only. We define this model formally using appropriate notions of ciphertext indistinguishability and semantic security (which are equivalent by standard arguments) and call it QCCA1 in analogy to the classical CCA1 security model. Using a bound on quantum random-access codes, we show that the standard PRF- and PRP-based encryption schemes are QCCA1-secure when instantiated with quantum-secure primitives. We then revisit standard IND-CPA-secure Learning with Errors (LWE) encryption and show that leaking just one quantum decryption query (and no other queries or leakage of any kind) allows the adversary to recover the full secret key with constant success probability. In the classical setting, by contrast, recovering the key uses a linear number of decryption queries, and this is optimal. The algorithm at the core of our attack is a (large-modulus version of) the well-known Bernstein-Vazirani algorithm. We emphasize that our results should *not* be interpreted as a weakness of these cryptosystems in their stated security setting (i.e., post-quantum chosen-plaintext secrecy). Rather, our results mean that, if these cryptosystems are exposed to chosen-ciphertext attacks (e.g., as a result of deployment in an inappropriate real-world setting) then quantum attacks are even more devastating than classical ones. 

   more » « less
4. SigAttack: New High-level SAT-based Attack on Logic Encryptions

   https://doi.org/10.23919/DATE.2019.8714924  

   Shen, Yuanqi; Li, You; Kong, Shuyu; Rezaei, Amin; Zhou, Hai (March 2019, Design, Automation, Testing in Europe (DATE))

   Logic encryption is a powerful hardware protection technique that uses extra key inputs to lock a circuit from piracy or unauthorized use. The recent discovery of the SAT-based attack with Distinguishing Input Pattern (DIP) generation has rendered all traditional logic encryptions vulnerable, and thus the creation of new encryption methods. However, a critical question for any new encryption method is whether security against the DIP-generation attack means security against all other attacks. In this paper, a new high-level SAT-based attack called SigAttack has been discovered and thoroughly investigated. It is based on extracting a key-revealing signature in the encryption. A majority of all known SAT-resilient encryptions are shown to be vulnerable to SigAttack. By formulating the condition under which SigAttack is effective, the paper also provides guidance for the future logic encryption design. 

   more » « less
5. SAFE: Secure and Flexible Encryption for Dynamic Team Communications in Disaster Management

   https://doi.org/10.1109/ICNP59255.2023.10355587  

   Yu, Hongmiao; Chen, Jiachen; Ramakrishnan, K K (October 2023, IEEE)

   Name-based publish/subscribe systems using Information-Centric Networking (ICN) principles can provide a flexible and efficient framework for communication in disaster situations. Efficient, secure dissemination of information can play a critical role in disaster management. But, secure and authenticated group communications that maintain confidentiality and integrity remain a challenge. In this paper, we design a flexible and efficient encryption framework SAFE that leverages graph-based naming frameworks for providing role-based communication among first responders. We study the suitability of message-oriented encryption where the sender leverages the name hierarchy, and compare it with a key-oriented encryption scheme that requires the receiver to utilize appropriate keys to decrypt based on the publisher-targeted name for the message. Both encryption schemas can be built with attribute-based encryption (ABE) or public key encryption (PKE) implementations. We find message-oriented encryption provides the needed flexibility for dynamic environments when communicating with members changes frequently. With message-oriented encryption, we further address key revocation and support for infrastructure-less environments in disaster situations and consider the tradeoff between flexibility and optimization for large relatively static communication groups. We evaluate both encryption schemas built on top of ABE and PKE. We examine the key generation time, ciphertext length, encryption, and decryption time, and see that SAFE's design is the most suitable for large and dynamically changing groups. 

   more » « less