Seny Kamara | Microsoft Research (original) (raw)
Papers by Seny Kamara
The garbled circuit technique transforms a circuit in such a way that it can be evaluated on encr... more The garbled circuit technique transforms a circuit in such a way that it can be evaluated on encrypted inputs. Garbled circuits were originally introduced by Yao (FOCS '86) for the purpose of secure two-party computation but have since found many applications. In this work, we consider the problem of designing special-purpose garbled circuits, which are garbled circuits that handle only a specific class of functionalities. Special-purpose constructions are usually smaller than general-purpose ones and lead to more efficient two-party protocols. We propose a design framework for constructing special-purpose garbled circuits based on structured encryption schemes, which are encryption schemes that encrypt data structures in such a way that they can be queried through the use of a token. Using our framework, we show how to design more efficient garbled circuits for several graph-based functionalities (with applications to online social network analysis), Boolean circuits, deterministic finite automata, and branching programs.
Abstract In the problem of private outsourced computation, a client wishes to delegate the evalua... more Abstract In the problem of private outsourced computation, a client wishes to delegate the evaluation of a function f on a private input x to an untrusted worker without the latter learning anything about x and f (x). This problem occurs in many applications and, most notably, in the setting of cloud computing.
Abstract Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluat... more Abstract Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work suggests that it can be made practical. Unfortunately, current protocols and implementations have inherent limitations that are hard to overcome using standard and practical techniques.
Abstract Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way ... more Abstract Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way that this data can still be searched. The most immediate application of SSE is to cloud storage, where it enables a client to securely outsource its data to an untrusted cloud provider without sacrificing the ability to search over it.
Abstract We initiate the study of secure multi-party computation (MPC) in a server-aided setting,... more Abstract We initiate the study of secure multi-party computation (MPC) in a server-aided setting, where the parties have access to a single server that (1) does not have any input to the computation;(2) does not receive any output from the computation; but (3) has a vast (but bounded) amount of computational resources. In this setting, we are concerned with designing protocols that minimize the computation of the parties at the expense of the server.
Abstract We present a general-purpose protocol that enables a client to delegate the computation ... more Abstract We present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n− 1 machines can recover any information about the client's input or output. The protocol makes black-box use of multi-party computation (MPC) and secret sharing and inherits the security properties of the underlying MPC protocol (ie, passive vs. adaptive security and security in the presence of a semi-honest vs. malicious adversary).
Abstract The ability to safely keep a secret in memory is central to the vast majority of securit... more Abstract The ability to safely keep a secret in memory is central to the vast majority of security schemes, but storing and erasing these secrets is a difficult problem in the face of an attacker who can obtain unrestricted physical access to the underlying hardware. Depending on the memory technology, the very act of storing a 1 instead of a 0 can have physical side effects measurable even after the power has been cut.
We consider the problem of encrypting structured data (eg, a web graph or a social network) in su... more We consider the problem of encrypting structured data (eg, a web graph or a social network) in such a way that it can be efficiently and privately queried. For this purpose, we introduce the notion of structured encryption which generalizes previous work on symmetric searchable encryption (SSE) to the setting of arbitrarily-structured data. We present a model for structured encryption, a formal security definition and several efficient constructions.
Abstract Cloud storage provides a highly available, easily accessible and inexpensive remote data... more Abstract Cloud storage provides a highly available, easily accessible and inexpensive remote data repository to clients who cannot afford to maintain their own storage infrastructure. While many applications of cloud storage require security guarantees against the cloud provider (eg, storage of high-impact business data or medical records), most services cannot guarantee that the provider will not see or modify client data.
We consider the problem of building a secure cloud storage service on top of a public cloud infra... more We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the service provider is not completely trusted by the customer. We describe, at a high level, several architectures that combine recent and non-standard cryptographic primitives in order to achieve our goal. We survey the benefits such an architecture would provide to both customers and service providers and give an overview of recent advances in cryptography motivated specifically by cloud storage.
Abstract. Proofs of storage (PoS) are interactive protocols allowing a client to verify that a se... more Abstract. Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where 'tags' on multiple messages can be homomorphically combined to yield a 'tag'on any linear combination of these messages.
Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adv... more Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (eg, using a faulty random number generator), or are under partial adversarial control (eg, when encryption is done by lightweight devices that may be captured and tampered with).
Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to anot... more Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to another party in a private manner, while maintaining the ability to selectively search over it. This problem has been the focus of active research and several security definitions and constructions have been proposed. In this paper we begin by reviewing existing notions of security and propose new and stronger security definitions. We then present two constructions that we show secure under our new definitions.
Abstract Although biometrics have garnered significant interest as a source of entropy for crypto... more Abstract Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In this paper, we exploit a novel source of entropy that can be used with any biometric modality but that has yet to be utilized for key generation, namely associating uncertainty with the way in which the biometric input is measured.
Abstract The inability of humans to generate and remember strong secrets makes it difficult for h... more Abstract The inability of humans to generate and remember strong secrets makes it difficult for humans to manage cryptographic keys. To address this problem, numerous proposals have been put forth to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population. In this paper we show that the practical security requirements for such schemes remain poorly understood.
Abstract The inability of humans to generate and remember strong secrets makes it difficult for p... more Abstract The inability of humans to generate and remember strong secrets makes it difficult for people to manage cryptographic keys. To address this problem, numerous proposals have been suggested to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population.
Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequ... more Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation schemes cannot generically be used to key other crypto-graphic objects; in fact, keying an encryption scheme with the output of a key rotation scheme can yield a composite system that is insecure.
Due to its low communication cost, stateful broadcast encryption is an appealing solution for sec... more Due to its low communication cost, stateful broadcast encryption is an appealing solution for secure content distribution in mobile ad hoc wireless networks (MANETs). Unfortunately, the inherent limitations of MANETs prevent a standard application of such schemes since they require receivers to be online. In this paper, we present a reliable message delivery mechanism for MANETs that is based on erasure codes and that leverages node mobility in order to achieve non-interactive recovery of missed messages.
Biometrics play an increasingly important role in the context of access control techniques as the... more Biometrics play an increasingly important role in the context of access control techniques as they promise to overcome the problems of forgotten passwords or passwords that can be guessed easily. In this paper we introduce and provide a formal definition of the notion of secret locking which generalizes a previously introduced concept for cryptographic key extraction from biometrics. We give details on an optimized implementation of the scheme which show that its performance allows the system for use in practice.
Abstract We present a discrete-event network simulator, called Simnet, designed specifically for ... more Abstract We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its modular architecture allows operators to dynamically customize running simulations. To demonstrate its strengths we present cases studies that focus on examining security-centric problem domains.
The garbled circuit technique transforms a circuit in such a way that it can be evaluated on encr... more The garbled circuit technique transforms a circuit in such a way that it can be evaluated on encrypted inputs. Garbled circuits were originally introduced by Yao (FOCS '86) for the purpose of secure two-party computation but have since found many applications. In this work, we consider the problem of designing special-purpose garbled circuits, which are garbled circuits that handle only a specific class of functionalities. Special-purpose constructions are usually smaller than general-purpose ones and lead to more efficient two-party protocols. We propose a design framework for constructing special-purpose garbled circuits based on structured encryption schemes, which are encryption schemes that encrypt data structures in such a way that they can be queried through the use of a token. Using our framework, we show how to design more efficient garbled circuits for several graph-based functionalities (with applications to online social network analysis), Boolean circuits, deterministic finite automata, and branching programs.
Abstract In the problem of private outsourced computation, a client wishes to delegate the evalua... more Abstract In the problem of private outsourced computation, a client wishes to delegate the evaluation of a function f on a private input x to an untrusted worker without the latter learning anything about x and f (x). This problem occurs in many applications and, most notably, in the setting of cloud computing.
Abstract Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluat... more Abstract Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work suggests that it can be made practical. Unfortunately, current protocols and implementations have inherent limitations that are hard to overcome using standard and practical techniques.
Abstract Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way ... more Abstract Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way that this data can still be searched. The most immediate application of SSE is to cloud storage, where it enables a client to securely outsource its data to an untrusted cloud provider without sacrificing the ability to search over it.
Abstract We initiate the study of secure multi-party computation (MPC) in a server-aided setting,... more Abstract We initiate the study of secure multi-party computation (MPC) in a server-aided setting, where the parties have access to a single server that (1) does not have any input to the computation;(2) does not receive any output from the computation; but (3) has a vast (but bounded) amount of computational resources. In this setting, we are concerned with designing protocols that minimize the computation of the parties at the expense of the server.
Abstract We present a general-purpose protocol that enables a client to delegate the computation ... more Abstract We present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n− 1 machines can recover any information about the client's input or output. The protocol makes black-box use of multi-party computation (MPC) and secret sharing and inherits the security properties of the underlying MPC protocol (ie, passive vs. adaptive security and security in the presence of a semi-honest vs. malicious adversary).
Abstract The ability to safely keep a secret in memory is central to the vast majority of securit... more Abstract The ability to safely keep a secret in memory is central to the vast majority of security schemes, but storing and erasing these secrets is a difficult problem in the face of an attacker who can obtain unrestricted physical access to the underlying hardware. Depending on the memory technology, the very act of storing a 1 instead of a 0 can have physical side effects measurable even after the power has been cut.
We consider the problem of encrypting structured data (eg, a web graph or a social network) in su... more We consider the problem of encrypting structured data (eg, a web graph or a social network) in such a way that it can be efficiently and privately queried. For this purpose, we introduce the notion of structured encryption which generalizes previous work on symmetric searchable encryption (SSE) to the setting of arbitrarily-structured data. We present a model for structured encryption, a formal security definition and several efficient constructions.
Abstract Cloud storage provides a highly available, easily accessible and inexpensive remote data... more Abstract Cloud storage provides a highly available, easily accessible and inexpensive remote data repository to clients who cannot afford to maintain their own storage infrastructure. While many applications of cloud storage require security guarantees against the cloud provider (eg, storage of high-impact business data or medical records), most services cannot guarantee that the provider will not see or modify client data.
We consider the problem of building a secure cloud storage service on top of a public cloud infra... more We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the service provider is not completely trusted by the customer. We describe, at a high level, several architectures that combine recent and non-standard cryptographic primitives in order to achieve our goal. We survey the benefits such an architecture would provide to both customers and service providers and give an overview of recent advances in cryptography motivated specifically by cloud storage.
Abstract. Proofs of storage (PoS) are interactive protocols allowing a client to verify that a se... more Abstract. Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where 'tags' on multiple messages can be homomorphically combined to yield a 'tag'on any linear combination of these messages.
Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adv... more Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (eg, using a faulty random number generator), or are under partial adversarial control (eg, when encryption is done by lightweight devices that may be captured and tampered with).
Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to anot... more Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to another party in a private manner, while maintaining the ability to selectively search over it. This problem has been the focus of active research and several security definitions and constructions have been proposed. In this paper we begin by reviewing existing notions of security and propose new and stronger security definitions. We then present two constructions that we show secure under our new definitions.
Abstract Although biometrics have garnered significant interest as a source of entropy for crypto... more Abstract Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In this paper, we exploit a novel source of entropy that can be used with any biometric modality but that has yet to be utilized for key generation, namely associating uncertainty with the way in which the biometric input is measured.
Abstract The inability of humans to generate and remember strong secrets makes it difficult for h... more Abstract The inability of humans to generate and remember strong secrets makes it difficult for humans to manage cryptographic keys. To address this problem, numerous proposals have been put forth to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population. In this paper we show that the practical security requirements for such schemes remain poorly understood.
Abstract The inability of humans to generate and remember strong secrets makes it difficult for p... more Abstract The inability of humans to generate and remember strong secrets makes it difficult for people to manage cryptographic keys. To address this problem, numerous proposals have been suggested to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population.
Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequ... more Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation schemes cannot generically be used to key other crypto-graphic objects; in fact, keying an encryption scheme with the output of a key rotation scheme can yield a composite system that is insecure.
Due to its low communication cost, stateful broadcast encryption is an appealing solution for sec... more Due to its low communication cost, stateful broadcast encryption is an appealing solution for secure content distribution in mobile ad hoc wireless networks (MANETs). Unfortunately, the inherent limitations of MANETs prevent a standard application of such schemes since they require receivers to be online. In this paper, we present a reliable message delivery mechanism for MANETs that is based on erasure codes and that leverages node mobility in order to achieve non-interactive recovery of missed messages.
Biometrics play an increasingly important role in the context of access control techniques as the... more Biometrics play an increasingly important role in the context of access control techniques as they promise to overcome the problems of forgotten passwords or passwords that can be guessed easily. In this paper we introduce and provide a formal definition of the notion of secret locking which generalizes a previously introduced concept for cryptographic key extraction from biometrics. We give details on an optimized implementation of the scheme which show that its performance allows the system for use in practice.
Abstract We present a discrete-event network simulator, called Simnet, designed specifically for ... more Abstract We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its modular architecture allows operators to dynamically customize running simulations. To demonstrate its strengths we present cases studies that focus on examining security-centric problem domains.