Continuing major breaches and security compromises of computer systems motivate a promising new approach to data protection: encrypt the data so that even if stolen, it will be useless to the attacker, yet reveal just enough information about the data so that commodity systems such as databases and Web servers can still operate on it. This is called property-revealing encryption (PRE), and has already found its way to academic and commercial products that protect sensitive data in cloud services. This project is a comprehensive investigation of whether, when, and how can property-revealing encryption adequately protect sensitive data. This investigation is informed by close engagement with industry and understanding of the needs and requirements of protecting users' data. This project comprises three research thrusts, spanning the range from theoretical foundations to security analysis to design and implementation of prototype systems. The first thrust develops cryptographic definitions and security models for property-revealing encryption (PRE) schemes, as well as developing a hierarchy of threat models and inference methods. The second thrust focuses on developing a unified methodology for measuring and exploiting information leakage when PRE schemes are deployed on realistic data in actual distributed systems. The final thrust designs and implements secure systems that use cryptographic data protection safely and securely, focusing on a small number of key applications that showcase essential PRE functionality.
Continuation of Award #: 1703953
SaTC: CORE: Medium: Collaborative: Cryptographic Data Protection in Modern Systems