Low-entropy masking schemes and shuffling technique are two common countermeasures against traditional side-channel analysis. Improved Rotating S-box Masking (RSM) is a combination of both countermeasures and is implemented by DPA contest committee to improve the software security level of AES-128. Compared with the original version, improved RSM mainly introduces both the offset and shuffle array as security foundations to counteract the existing attacks. In this paper, we first point out a general vulnerability referred to as "leakage fingerprints" and make use of it to successfully crack the offset array with 100% accuracy, which breaks down the masking countermeasure in the first step. Then, we show that cracking the shuffle array is still feasible but not necessary since several other vulnerabilities in the implementation level can be exploited to bypass the shuffle countermeasure directly. By selectively combining all these vulnerabilities, a dozen of attacks can be put forward, and we perform two of them as examples to verify their effectiveness. Official evaluation results show that, both attacks submitted by us are practical and feasible, and also operate with high efficiency. In terms of two major performance metrics, our best scheme requires 4 traces to reveal the AES master key with 80% Global Success Rate (GSR) and only 2 traces are enough to reduce the Maximum Partial Guessing Entropy (PGE) under 10.
{"title":"Leakage Fingerprints: A Non-negligible Vulnerability in Side-Channel Analysis","authors":"Zeyi Liu, Neng Gao, Chenyang Tu, Jian Zhou, Yuan Ma, Yuan Zhao","doi":"10.1145/2897845.2897868","DOIUrl":"https://doi.org/10.1145/2897845.2897868","url":null,"abstract":"Low-entropy masking schemes and shuffling technique are two common countermeasures against traditional side-channel analysis. Improved Rotating S-box Masking (RSM) is a combination of both countermeasures and is implemented by DPA contest committee to improve the software security level of AES-128. Compared with the original version, improved RSM mainly introduces both the offset and shuffle array as security foundations to counteract the existing attacks. In this paper, we first point out a general vulnerability referred to as \"leakage fingerprints\" and make use of it to successfully crack the offset array with 100% accuracy, which breaks down the masking countermeasure in the first step. Then, we show that cracking the shuffle array is still feasible but not necessary since several other vulnerabilities in the implementation level can be exploited to bypass the shuffle countermeasure directly. By selectively combining all these vulnerabilities, a dozen of attacks can be put forward, and we perform two of them as examples to verify their effectiveness. Official evaluation results show that, both attacks submitted by us are practical and feasible, and also operate with high efficiency. In terms of two major performance metrics, our best scheme requires 4 traces to reveal the AES master key with 80% Global Success Rate (GSR) and only 2 traces are enough to reduce the Maximum Partial Guessing Entropy (PGE) under 10.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129420096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Götzfried, Tilo Müller, Gabor Drescher, S. Nürnberger, M. Backes
We present RamCrypt, a solution that allows unmodified Linux processes to transparently work on encrypted data. RamCrypt can be deployed and enabled on a per-process basis without recompiling user-mode applications. In every enabled process, data is only stored in cleartext for the moment it is processed, and otherwise stays encrypted in RAM. In particular, the required encryption keys do not reside in RAM, but are stored in CPU registers only. Hence, RamCrypt effectively thwarts memory disclosure attacks, which grant unauthorized access to process memory, as well as physical attacks such as cold boot and DMA attacks. In its default configuration, RamCrypt exposes only up to 4 memory pages in cleartext at the same time. For the nginx web server serving encrypted HTTPS pages under heavy load, the necessary TLS secret key is hidden for 97% of its time.
{"title":"RamCrypt: Kernel-based Address Space Encryption for User-mode Processes","authors":"J. Götzfried, Tilo Müller, Gabor Drescher, S. Nürnberger, M. Backes","doi":"10.1145/2897845.2897924","DOIUrl":"https://doi.org/10.1145/2897845.2897924","url":null,"abstract":"We present RamCrypt, a solution that allows unmodified Linux processes to transparently work on encrypted data. RamCrypt can be deployed and enabled on a per-process basis without recompiling user-mode applications. In every enabled process, data is only stored in cleartext for the moment it is processed, and otherwise stays encrypted in RAM. In particular, the required encryption keys do not reside in RAM, but are stored in CPU registers only. Hence, RamCrypt effectively thwarts memory disclosure attacks, which grant unauthorized access to process memory, as well as physical attacks such as cold boot and DMA attacks. In its default configuration, RamCrypt exposes only up to 4 memory pages in cleartext at the same time. For the nginx web server serving encrypted HTTPS pages under heavy load, the necessary TLS secret key is hidden for 97% of its time.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"72 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122565078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Modern websites use multiple authentication cookies to allow visitors to the site different levels of access. The complexity of modern web applications can make it difficult for a web application programmer to ensure that the use of authentication cookies does not introduce vulnerabilities. Even when a programmer has access to all of the source code, this analysis can be challenging; the problem becomes even more vexing when web programmers cobble together off-the-shelf libraries to implement authentication. We have assembled a checklist for modern web programmers to verify that the cookie based authentication mechanism is securely implemented. Then, we developed a tool, Newton, to help a web application programmer to identify authentication cookies for specific parts of the website and to verify that they are securely implemented according to the checklist. We used Newton to analyze 149 sites, including the Alexa top-200 and many other popular sites across a range of categories including search, shopping, and finance. We found that 113 of them---including high-profile sites such as Yahoo, Amazon, and Fidelity---were vulnerable to hijacking attacks. Many websites have already acknowledged and fixed the vulnerabilities that we found using Newton and reported to them.
{"title":"Half-Baked Cookies: Hardening Cookie-Based Authentication for the Modern Web","authors":"Y. Mundada, N. Feamster, B. Krishnamurthy","doi":"10.1145/2897845.2897889","DOIUrl":"https://doi.org/10.1145/2897845.2897889","url":null,"abstract":"Modern websites use multiple authentication cookies to allow visitors to the site different levels of access. The complexity of modern web applications can make it difficult for a web application programmer to ensure that the use of authentication cookies does not introduce vulnerabilities. Even when a programmer has access to all of the source code, this analysis can be challenging; the problem becomes even more vexing when web programmers cobble together off-the-shelf libraries to implement authentication. We have assembled a checklist for modern web programmers to verify that the cookie based authentication mechanism is securely implemented. Then, we developed a tool, Newton, to help a web application programmer to identify authentication cookies for specific parts of the website and to verify that they are securely implemented according to the checklist. We used Newton to analyze 149 sites, including the Alexa top-200 and many other popular sites across a range of categories including search, shopping, and finance. We found that 113 of them---including high-profile sites such as Yahoo, Amazon, and Fidelity---were vulnerable to hijacking attacks. Many websites have already acknowledged and fixed the vulnerabilities that we found using Newton and reported to them.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131309693","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The Cramer-Shoup cryptosystem has attracted much attention from the research community, mainly due to its efficiency in encryption/decryption, as well as the provable reductions of security against adaptively chosen ciphertext attacks in the standard model. At TCC 2005, Vasco et al. proposed a method for building Cramer-Shoup like cryptosystem over non-abelian groups and raised an open problem for finding a secure instantiation. Based on this work, we present another general framework for constructing Cramer-Shoup like cryptosystems. We firstly propose the concept of index exchangeable family (IEF) and an abstract construction of Cramer-Shoup like encryption scheme over IEF. The concrete instantiations of IEF are then derived from some reasonable hardness assumptions over abelian groups as well as non-abelian groups, respectively. These instantiations ultimately lead to simple yet efficient constructions of Cramer-Shoup like cryptosystems, including new non-abelian analogies that can be potential solutions to Vasco et al.'s open problem. Moreover, we propose a secure outsourcing method for the encryption of the non-abelian analog based on the factorization problem over non-commutative groups. The experiments clearly indicate that the computational cost of our outsourcing scheme can be significantly reduced thanks to the load sharing with cloud datacenter servers.
{"title":"Novel Constructions of Cramer-Shoup Like Cryptosystems Based on Index Exchangeable Family","authors":"Jing Li, Licheng Wang, Zonghua Zhang, Xinxin Niu","doi":"10.1145/2897845.2897920","DOIUrl":"https://doi.org/10.1145/2897845.2897920","url":null,"abstract":"The Cramer-Shoup cryptosystem has attracted much attention from the research community, mainly due to its efficiency in encryption/decryption, as well as the provable reductions of security against adaptively chosen ciphertext attacks in the standard model. At TCC 2005, Vasco et al. proposed a method for building Cramer-Shoup like cryptosystem over non-abelian groups and raised an open problem for finding a secure instantiation. Based on this work, we present another general framework for constructing Cramer-Shoup like cryptosystems. We firstly propose the concept of index exchangeable family (IEF) and an abstract construction of Cramer-Shoup like encryption scheme over IEF. The concrete instantiations of IEF are then derived from some reasonable hardness assumptions over abelian groups as well as non-abelian groups, respectively. These instantiations ultimately lead to simple yet efficient constructions of Cramer-Shoup like cryptosystems, including new non-abelian analogies that can be potential solutions to Vasco et al.'s open problem. Moreover, we propose a secure outsourcing method for the encryption of the non-abelian analog based on the factorization problem over non-commutative groups. The experiments clearly indicate that the computational cost of our outsourcing scheme can be significantly reduced thanks to the load sharing with cloud datacenter servers.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126697526","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jan Werner, G. Baltas, R. Dallara, Nathan Otterness, K. Snow, F. Monrose, M. Polychronakis
Memory disclosure vulnerabilities enable an adversary to successfully mount arbitrary code execution attacks against applications via so-called just-in-time code reuse attacks, even when those applications are fortified with fine-grained address space layout randomization. This attack paradigm requires the adversary to first read the contents of randomized application code, then construct a code reuse payload using that knowledge. In this paper, we show that the recently proposed Execute-no-Read (XnR) technique fails to prevent just-in-time code reuse attacks. Next, we introduce the design and implementation of a novel memory permission primitive, dubbed No-Execute-After-Read (near), that foregoes the problems of XnR and provides strong security guarantees against just-in-time attacks in commodity binaries. Specifically, near allows all code to be disclosed, but prevents any disclosed code from subsequently being executed, thus thwarting just-in-time code reuse. At the same time, commodity binaries with mixed code and data regions still operate correctly, as legitimate data is still readable. To demonstrate the practicality and portability of our approach we implemented prototypes for both Linux and Android on the ARMv8 architecture, as well as a prototype that protects unmodified Microsoft Windows executables and dynamically linked libraries. In addition, our evaluation on the SPEC2006 benchmark demonstrates that our prototype has negligible runtime overhead, making it suitable for practical deployment.
{"title":"No-Execute-After-Read: Preventing Code Disclosure in Commodity Software","authors":"Jan Werner, G. Baltas, R. Dallara, Nathan Otterness, K. Snow, F. Monrose, M. Polychronakis","doi":"10.1145/2897845.2897891","DOIUrl":"https://doi.org/10.1145/2897845.2897891","url":null,"abstract":"Memory disclosure vulnerabilities enable an adversary to successfully mount arbitrary code execution attacks against applications via so-called just-in-time code reuse attacks, even when those applications are fortified with fine-grained address space layout randomization. This attack paradigm requires the adversary to first read the contents of randomized application code, then construct a code reuse payload using that knowledge. In this paper, we show that the recently proposed Execute-no-Read (XnR) technique fails to prevent just-in-time code reuse attacks. Next, we introduce the design and implementation of a novel memory permission primitive, dubbed No-Execute-After-Read (near), that foregoes the problems of XnR and provides strong security guarantees against just-in-time attacks in commodity binaries. Specifically, near allows all code to be disclosed, but prevents any disclosed code from subsequently being executed, thus thwarting just-in-time code reuse. At the same time, commodity binaries with mixed code and data regions still operate correctly, as legitimate data is still readable. To demonstrate the practicality and portability of our approach we implemented prototypes for both Linux and Android on the ARMv8 architecture, as well as a prototype that protects unmodified Microsoft Windows executables and dynamically linked libraries. In addition, our evaluation on the SPEC2006 benchmark demonstrates that our prototype has negligible runtime overhead, making it suitable for practical deployment.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129045943","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In data outsourcing, a client stores a large amount of data on an untrusted server; subsequently, the client can request the server to compute a function on any subset of the data. This setting naturally leads to two security requirements: confidentiality of input data, and authenticity of computations. Existing approaches that satisfy both requirements simultaneously are built on fully homomorphic encryption, which involves expensive computation on the server and client and hence is impractical. In this paper, we propose two verifiable homomorphic encryption schemes that do not rely on fully homomorphic encryption. The first is a simple and efficient scheme for linear functions. The second scheme supports the class of multivariate quadratic functions, by combining the Paillier cryptosystem with a new homomorphic message authentication code (MAC) scheme. Through formal security analysis, we show that the schemes are semantically secure and unforgeable.
{"title":"Efficient Verifiable Computation of Linear and Quadratic Functions over Encrypted Data","authors":"Ngoc Hieu Tran, HweeHwa Pang, R. Deng","doi":"10.1145/2897845.2897892","DOIUrl":"https://doi.org/10.1145/2897845.2897892","url":null,"abstract":"In data outsourcing, a client stores a large amount of data on an untrusted server; subsequently, the client can request the server to compute a function on any subset of the data. This setting naturally leads to two security requirements: confidentiality of input data, and authenticity of computations. Existing approaches that satisfy both requirements simultaneously are built on fully homomorphic encryption, which involves expensive computation on the server and client and hence is impractical. In this paper, we propose two verifiable homomorphic encryption schemes that do not rely on fully homomorphic encryption. The first is a simple and efficient scheme for linear functions. The second scheme supports the class of multivariate quadratic functions, by combining the Paillier cryptosystem with a new homomorphic message authentication code (MAC) scheme. Through formal security analysis, we show that the schemes are semantically secure and unforgeable.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"11 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125764125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Outsourcing a huge amount of local data to remote cloud servers that has been become a significant trend for industries. Leveraging the considerable cloud storage space, industries can also put forward the outsourced data to cloud computing. How to collect the data for computing without loss of privacy and confidentiality is one of the crucial security problems. Searchable encryption technique has been proposed to protect the confidentiality of the outsourced data and the privacy of the corresponding data query. This technique, however, only supporting search functionality, may not be fully applicable to real-world cloud computing scenario whereby secure data search, share as well as computation are needed. This work presents a novel encrypted cloud-based data share and search system without loss of user privacy and data confidentiality. The new system enables users to make conjunctive keyword query over encrypted data, but also allows encrypted data to be efficiently and multiply shared among different users without the need of the "download-decrypt-then-encrypt" mode. As of independent interest, our system provides secure keyword update, so that users can freely and securely update data's keyword field. It is worth mentioning that all the above functionalities do not incur any expansion of ciphertext size, namely, the size of ciphertext remains constant during being searched, shared and keyword-updated. The system is proven secure and meanwhile, the efficiency analysis shows its great potential in being used in large-scale database.
{"title":"Efficient Multi-Function Data Sharing and Searching Mechanism for Cloud-Based Encrypted Data","authors":"K. Liang, Chunhua Su, Jiageng Chen, Joseph K. Liu","doi":"10.1145/2897845.2897865","DOIUrl":"https://doi.org/10.1145/2897845.2897865","url":null,"abstract":"Outsourcing a huge amount of local data to remote cloud servers that has been become a significant trend for industries. Leveraging the considerable cloud storage space, industries can also put forward the outsourced data to cloud computing. How to collect the data for computing without loss of privacy and confidentiality is one of the crucial security problems. Searchable encryption technique has been proposed to protect the confidentiality of the outsourced data and the privacy of the corresponding data query. This technique, however, only supporting search functionality, may not be fully applicable to real-world cloud computing scenario whereby secure data search, share as well as computation are needed. This work presents a novel encrypted cloud-based data share and search system without loss of user privacy and data confidentiality. The new system enables users to make conjunctive keyword query over encrypted data, but also allows encrypted data to be efficiently and multiply shared among different users without the need of the \"download-decrypt-then-encrypt\" mode. As of independent interest, our system provides secure keyword update, so that users can freely and securely update data's keyword field. It is worth mentioning that all the above functionalities do not incur any expansion of ciphertext size, namely, the size of ciphertext remains constant during being searched, shared and keyword-updated. The system is proven secure and meanwhile, the efficiency analysis shows its great potential in being used in large-scale database.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122299625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, P. Saxena
New hardware primitives such as Intel SGX secure a user-level process in presence of an untrusted or compromised OS. Such "enclaved execution" systems are vulnerable to several side-channels, one of which is the page fault channel. In this paper, we show that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies. To mitigate this, we propose a software-only defense that masks page fault patterns by determinising the program's memory access behavior. We show that such a technique can be built into a compiler, and implement it for a subset of C which is sufficient to handle the cryptographic routines we study. This defense when implemented generically can have significant overhead of up to 4000X, but with help of developer-assisted compiler optimizations, the overhead reduces to at most 29.22% in our case studies. Finally, we discuss scope for hardware-assisted defenses, and show one solution that can reduce overheads to 6.77% with support from hardware changes.
{"title":"Preventing Page Faults from Telling Your Secrets","authors":"Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, P. Saxena","doi":"10.1145/2897845.2897885","DOIUrl":"https://doi.org/10.1145/2897845.2897885","url":null,"abstract":"New hardware primitives such as Intel SGX secure a user-level process in presence of an untrusted or compromised OS. Such \"enclaved execution\" systems are vulnerable to several side-channels, one of which is the page fault channel. In this paper, we show that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt -- leaking 27% on average and up to 100% of the secret bits in many case-studies. To mitigate this, we propose a software-only defense that masks page fault patterns by determinising the program's memory access behavior. We show that such a technique can be built into a compiler, and implement it for a subset of C which is sufficient to handle the cryptographic routines we study. This defense when implemented generically can have significant overhead of up to 4000X, but with help of developer-assisted compiler optimizations, the overhead reduces to at most 29.22% in our case studies. Finally, we discuss scope for hardware-assisted defenses, and show one solution that can reduce overheads to 6.77% with support from hardware changes.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131947232","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Qian Wang, Jingjun Wang, Shengshan Hu, Qin Zou, K. Ren
Abundant multimedia data generated in our daily life has intrigued a variety of very important and useful real-world applications such as object detection and recognition etc. Accompany with these applications, many popular feature descriptors have been developed, e.g., SIFT, SURF and HOG. Manipulating massive multimedia data locally, however, is a storage and computation intensive task, especially for resource-constrained clients. In this work, we focus on exploring how to securely outsource the famous feature extraction algorithm--Histogram of Oriented Gradients (HOG) to untrusted cloud servers, without revealing the data owner's private information. For the first time, we investigate this secure outsourcing computation problem under two different models and accordingly propose two novel privacy-preserving HOG outsourcing protocols, by efficiently encrypting image data by somewhat homomorphic encryption (SHE) integrated with single-instruction multiple-data (SIMD), designing a new batched secure comparison protocol, and carefully redesigning every step of HOG to adapt it to the ciphertext domain. Explicit Security and effectiveness analysis are presented to show that our protocols are practically-secure and can approximate well the performance of the original HOG executed in the plaintext domain. Our extensive experimental evaluations further demonstrate that our solutions achieve high efficiency and perform comparably to the original HOG when being applied to human detection.
{"title":"SecHOG: Privacy-Preserving Outsourcing Computation of Histogram of Oriented Gradients in the Cloud","authors":"Qian Wang, Jingjun Wang, Shengshan Hu, Qin Zou, K. Ren","doi":"10.1145/2897845.2897861","DOIUrl":"https://doi.org/10.1145/2897845.2897861","url":null,"abstract":"Abundant multimedia data generated in our daily life has intrigued a variety of very important and useful real-world applications such as object detection and recognition etc. Accompany with these applications, many popular feature descriptors have been developed, e.g., SIFT, SURF and HOG. Manipulating massive multimedia data locally, however, is a storage and computation intensive task, especially for resource-constrained clients. In this work, we focus on exploring how to securely outsource the famous feature extraction algorithm--Histogram of Oriented Gradients (HOG) to untrusted cloud servers, without revealing the data owner's private information. For the first time, we investigate this secure outsourcing computation problem under two different models and accordingly propose two novel privacy-preserving HOG outsourcing protocols, by efficiently encrypting image data by somewhat homomorphic encryption (SHE) integrated with single-instruction multiple-data (SIMD), designing a new batched secure comparison protocol, and carefully redesigning every step of HOG to adapt it to the ciphertext domain. Explicit Security and effectiveness analysis are presented to show that our protocols are practically-secure and can approximate well the performance of the original HOG executed in the plaintext domain. Our extensive experimental evaluations further demonstrate that our solutions achieve high efficiency and perform comparably to the original HOG when being applied to human detection.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122497919","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kai Zhang, Junqing Gong, Shaohua Tang, Jie Chen, Xiangxue Li, Hai-feng Qian, Z. Cao
In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the $d$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using $textsf{Python}$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.
{"title":"Practical and Efficient Attribute-Based Encryption with Constant-Size Ciphertexts in Outsourced Verifiable Computation","authors":"Kai Zhang, Junqing Gong, Shaohua Tang, Jie Chen, Xiangxue Li, Hai-feng Qian, Z. Cao","doi":"10.1145/2897845.2897858","DOIUrl":"https://doi.org/10.1145/2897845.2897858","url":null,"abstract":"In cloud computing, computationally weak users are always willing to outsource costly computations to a cloud, and at the same time they need to check the correctness of the result provided by the cloud. Such activities motivate the occurrence of verifiable computation (VC). Recently, Parno, Raykova and Vaikuntanathan showed any VC protocol can be constructed from an attribute-based encryption (ABE) scheme for a same class of functions. In this paper, we propose two practical and efficient semi-adaptively secure key-policy attribute-based encryption (KP-ABE) schemes with constant-size ciphertexts. The semi-adaptive security requires that the adversary designates the challenge attribute set after it receives public parameters but before it issues any secret key query, which is stronger than selective security guarantee. Our first construction deals with small universe while the second one supports large universe. Both constructions employ the technique underlying the prime-order instantiation of nested dual system groups, which are based on the $d$-linear assumption including SXDH and DLIN assumptions. In order to evaluate the performance, we implement our ABE schemes using $textsf{Python}$ language in Charm. Compared with previous KP-ABE schemes with constant-size ciphertexts, our constructions achieve shorter ciphertext and secret key sizes, and require low computation costs, especially under the SXDH assumption.","PeriodicalId":166633,"journal":{"name":"Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126124272","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: