Visible to the public Biblio

Filters: Author is Grubbs, Paul  [Clear All Filters]
2019-08-05
Grubbs, Paul, Lacharite, Marie-Sarah, Minaud, Brice, Paterson, Kenneth G..  2018.  Pump Up the Volume: Practical Database Reconstruction from Volume Leakage on Range Queries. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :315-331.

We present attacks that use only the volume of responses to range queries to reconstruct databases. Our focus is on practical attacks that work for large-scale databases with many values and records, without requiring assumptions on the data or query distributions. Our work improves on the previous state-of-the-art due to Kellaris et al. (CCS 2016) in all of these dimensions. Our main attack targets reconstruction of database counts and involves a novel graph-theoretic approach. It generally succeeds when R , the number of records, exceeds \$N2/2\$, where N is the number of possible values in the database. For a uniform query distribution, we show that it requires volume leakage from only O(N2 łog N) queries (cf. O(N4łog N) in prior work). We present two ancillary attacks. The first identifies the value of a new item added to a database using the volume leakage from fresh queries, in the setting where the adversary knows or has previously recovered the database counts. The second shows how to efficiently recover the ranges involved in queries in an online fashion, given an auxiliary distribution describing the database. Our attacks are all backed with mathematical analyses and extensive simulations using real data.

2018-05-24
Grubbs, Paul, Ristenpart, Thomas, Shmatikov, Vitaly.  2017.  Why Your Encrypted Database Is Not Secure. Proceedings of the 16th Workshop on Hot Topics in Operating Systems. :162–168.
Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS's), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios. In particular, the "snapshot attacker" model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS. We demonstrate how this gap between theory and reality causes encrypted databases to fail to achieve their "provable security" guarantees.
2017-03-29
Grubbs, Paul, McPherson, Richard, Naveed, Muhammad, Ristenpart, Thomas, Shmatikov, Vitaly.  2016.  Breaking Web Applications Built On Top of Encrypted Data. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1353–1364.

We develop a systematic approach for analyzing client-server applications that aim to hide sensitive user data from untrusted servers. We then apply it to Mylar, a framework that uses multi-key searchable encryption (MKSE) to build Web applications on top of encrypted data. We demonstrate that (1) the Popa-Zeldovich model for MKSE does not imply security against either passive or active attacks; (2) Mylar-based Web applications reveal users' data and queries to passive and active adversarial servers; and (3) Mylar is generically insecure against active attacks due to system design flaws. Our results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved. We conclude with general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers.