Visible to the public Biblio

Filters: Author is Hahn, Florian  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Hahn, Florian, Kerschbaum, Florian.  2016.  Poly-Logarithmic Range Queries on Encrypted Data with Small Leakage. Proceedings of the 2016 ACM on Cloud Computing Security Workshop. :23–34.

Privacy-preserving range queries allow encrypting data while still enabling queries on ciphertexts if their corresponding plaintexts fall within a requested range. This provides a data owner the possibility to outsource data collections to a cloud service provider without sacrificing privacy nor losing functionality of filtering this data. However, existing methods for range queries either leak additional information (like the ordering of the complete data set) or slow down the search process tremendously by requiring to query each ciphertext in the data collection. We present a novel scheme that only leaks the access pattern while supporting amortized poly-logarithmic search time. Our construction is based on the novel idea of enabling the cloud service provider to compare requested range queries. By doing so, the cloud service provider can use the access pattern to speed-up search time for range queries in the future. On the one hand, values that have fallen within a queried range, are stored in an interactively built index for future requests. On the other hand, values that have not been queried do not leak any information to the cloud service provider and stay perfectly secure. In order to show its practicability we have implemented our scheme and give a detailed runtime evaluation.

Hahn, Florian, Loza, Nicolas, Kerschbaum, Florian.  2018.  Practical and Secure Substring Search. Proceedings of the 2018 International Conference on Management of Data. :163–176.
In this paper we address the problem of outsourcing sensitive strings while still providing the functionality of substring searches. While security is one important aspect that requires careful system design, the practical application of the solution depends on feasible processing time and integration efforts into existing systems. That is, searchable symmetric encryption (SSE) allows queries on encrypted data but makes common indexing techniques used in database management systems for fast query processing impossible. As a result, the overhead for deploying such functional and secure encryption schemes into database systems while maintaining acceptable processing time requires carefully designed special purpose index structures. Such structures are not available on common database systems but require individual modifications depending on the deployed SSE scheme. Our technique transforms the problem of secure substring search into range queries that can be answered efficiently and in a privacy-preserving way on common database systems without further modifications using frequency-hiding order-preserving encryption. We evaluated our prototype implementation deployed in a real-world scenario, including the consideration of network latency, we demonstrate the practicability of our scheme with 98.3 ms search time for 10,000 indexed emails. Further, we provide a practical security evaluation of this transformation based on the bucketing attack that is the best known published attack against this kind of property-preserving encryption.