Filters








11,022 Hits in 5.4 sec

Practical Volume-Based Attacks on Encrypted Databases [article]

Rishabh Poddar, Stephanie Wang, Jianan Lu, Raluca Ada Popa
2020 arXiv   pre-print
We present attacks that leverage these two properties in concert with volume leakage, independent of the details of any encrypted database system.  ...  Yet, existing attacks rely on a set of assumptions that are unrealistic in practice: for example, they (i) require a large number of queries to be issued by the user, or (ii) assume certain distributions  ...  This work was supported by the NSF CISE Expeditions Award CCF-1730628, as well as gifts from the Sloan Foundation, Bakar Program, Alibaba, Amazon Web Services, Ant Financial, Capital One, Ericsson, Facebook  ... 
arXiv:2008.06627v1 fatcat:3pgvb6w3pbe4pcrtuchfl273xe

Generic Attacks on Secure Outsourced Databases

Georgios Kellaris, George Kollios, Kobbi Nissim, Adam O'Neill
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
such as fully homomorphic encryption or oblivious RAM, to more practical implementations based on searchable symmetric encryption or even on deterministic and order-preserving encryption.  ...  Our reconstruction attacks using communication volume apply even to systems based on homomorphic encryption or oblivious RAM in the natural way.  ...  This includes practical systems based on searchable symmetric encryption or on deterministic and order-preserving encryption.  ... 
doi:10.1145/2976749.2978386 dblp:conf/ccs/KellarisKNO16 fatcat:qm6s7sotvrbm5f2hkri2p2k2fe

A Comparative Study of NOSQL System Vulnerabilities with Big Data

Kiran Fahd, Sitalakshmi Venkatraman, Fahd Khan Hammeed
2019 Zenodo  
The vulnerabilities associated with built-in security, encryption, authentication/authorization and auditing that impact Big Data management are compared among these popular NoSQL database systems and  ...  In addition, illustrations of possible injection attacks experimented with these NoSQL systems are provided.  ...  ACKNOWLEDGEMENTS The authors wish to acknowledge the industry support to verify the NoSQL commands used in the paper that are commonly employed in practice.  ... 
doi:10.5281/zenodo.3568806 fatcat:ccykvtj52vcxvktg7ommhuam6y

A Comparative Study of NOSQL System Vulnerabilities with Big Data

Kiran Fahd, Sitalakshmi Venkatraman, Fahd Khan Hammeed
2019 International Journal of Managing Information Technology  
The vulnerabilities associated with built-in security, encryption, authentication/authorization and auditing that impact Big Data management are compared among these popular NoSQL database systems and  ...  In addition, illustrations of possible injection attacks experimented with these NoSQL systems are provided.  ...  ACKNOWLEDGEMENTS The authors wish to acknowledge the industry support to verify the NoSQL commands used in the paper that are commonly employed in practice.  ... 
doi:10.5121/ijmit.2019.11401 fatcat:fmgyqucphjcf5ncamn7ow7r72a

SEC-NoSQL: Towards Implementing High Performance Security-as-a-Service for NoSQL Databases [article]

G. Dumindu Samaraweera, J. Morris Chang
2021 arXiv   pre-print
Experimental results show that our design fits well on encrypted data while maintaining the high performance and scalability.  ...  This paper proposes a practical system design and implementation to provide Security-as-a-Service for NoSQL databases (SEC-NoSQL) while supporting the execution of query over encrypted data with guaranteed  ...  Based on our study, to implement a security-aware encrypted Cassandra database, we only require RND, DET and/or OPE encryption schemes.  ... 
arXiv:2107.01640v1 fatcat:qtpzksovanaevao3zfoaxs453a

An Efficient Biometric Identification in Cloud Computing with Enhanced Privacy Security

Chun Liu, Xuexian Hu, Qihui Zhang, Jianghong Wei, Wenfen Liu
2019 IEEE Access  
However, existing schemes based on homomorphic encryption generally suffer from low computational efficiency, and existing matrix-transformation-based schemes are insufficiently secure.  ...  Security analysis and comparisons indicate that our scheme can resist not only the KPA attack but also the more powerful chosen-plaintext attack (CPA), which is a reasonable attack in practice.  ...  So we define security resisting above threat model based on level-4 attack, i.e. CPA attack.  ... 
doi:10.1109/access.2019.2931881 fatcat:52pjcj2rjbgsfp6blcci7o62zi

A Novel Technique for Trust Delivery in the Cloud

Yeluri Lakshmi Prasanna, Dr.E.Madhusudhana Reddy, S Neelima
2012 INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY  
This research paper proposes a system, which combines encryption with key management to protect critical data in public, private and hybrid cloud environments.  ...  The best practice is to generate as many different random keys as practical -e.g. one key per disk volume or object -and to store them securely.  ...  Whenever an application (such as a database server) writes a disk block, it goes through the virtual data system, where the data is encrypted and sent to the disk volume.  ... 
doi:10.24297/ijct.v11i2.1174 fatcat:tojczjzmgrdorlz5qpvbeh5nzq

Analysis of Encryption Techniques to Enhance Secure Data Transmission

Rajesh Kannan, Dr. R. Mala
2018 International Journal Of Engineering And Computer Science  
This paper presents an analysis of the various encryption algorithms and their performance on handling the private data with authentication, access control, secure configuration and data encryption.  ...  databases.  ...  The authors compared the NoSQL databases on the assessment criteria based on authentication, Access Control, Secure configuration, data encryption and auditing.  ... 
doi:10.18535/ijecs/v7i9.04 fatcat:ovf7wmlvevaljfn2j7geva2znm

Semi-Order Preserving Encryption Technique for Numeric Database

Saleh Ahmed, Annisa, Asif Zaman, Zhan Zhang, Kazi Md. Rokibul Alam, Yasuhiko Morimoto
2019 International Journal of Networking and Computing  
Order preserving encryption techniques are treated as some of the most efficient encryption schemes for securing numeric data in a database.  ...  Such schemes are popular because they resolve performance degradation issues, which are significant problems in database encryption.  ...  In addition to this idea, we consider general database queries on the encrypted database in this study.  ... 
doi:10.15803/ijnc.9.1_111 fatcat:xnhibq5b45bhrkhq7fmvz7kfdy

Data confidentiality: to which extent cryptography and secured hardware can help

Nicolas Anciaux, Luc Bouganim, Philippe Pucheral
2006 Annales des télécommunications  
The pros and cons of each alternative are analyzed in terms of security, access control granularity and preserved database features (performance, query processing, volume of data).  ...  However, this assumption no longer holds given the increasing vulnerability of database servers facing a growing number of external and even internal attacks.  ...  According to the Computer Security Institute and the FBI, the attacks on database servers are increasing every year despite tighter security practices, and worse, almost half of the attacks are conducted  ... 
doi:10.1007/bf03219909 fatcat:wtfn7f5lg5cbhcsdj24fclkvy4

An Efficient Secure System for Fetching Data From the Outsourced Encrypted Databases

Sultan Almakdi, Brajendra Panda, Mohammed S. Alshehri, Abdulwahab Alazeb
2021 IEEE Access  
fragmentation [9] , and one block-based encryption [10] .  ...  To make this approach practical, each datum must be encrypted with more than one encryption algorithm to support various query types [2] .  ...  In this experiment, we executed update statements with only one predicate. As seen in Figure. 11, the update time cost is high in all systems and is the result of updating an encrypted field  ... 
doi:10.1109/access.2021.3082139 fatcat:jwsswenykjfq7g4isphoraxafu

Reaction Attack on Outsourced Computing with Fully Homomorphic Encryption Schemes [chapter]

Zhenfei Zhang, Thomas Plantard, Willy Susilo
2012 Lecture Notes in Computer Science  
Essentially, our attack is based on the users' reaction towards the output generated by the cloud. Our attack enables us to retrieve the associated secret key of the system.  ...  This secret key attack takes O(λ log λ) time for both Gentry's original scheme and the fully homomorphic encryption scheme over integers, and O(λ) for the implementation of Gentry's fully homomorphic encryption  ...  Related Work In [5] , Hall et al. presented a reaction attack against several public key cryptosystems, mainly on lattice based cryptosystems and coding based cryptosystems.  ... 
doi:10.1007/978-3-642-31912-9_28 fatcat:5qyq7tsluzam5idwu7qqmkjlha

Cryptanalysis and Improvement of the Image Encryption Scheme Based on Feistel Network and Dynamic DNA Encoding

Wei Feng, Zhentao Qin, Jing Zhang, Musheer Ahmad
2021 IEEE Access  
In this paper, a newly reported image encryption scheme based on Feistel network and dynamic Deoxyribonucleic Acid (DNA) encoding is deeply and comprehensively investigated.  ...  After pointing out and analyzing these problems, we have made several necessary improvements to this encryption scheme and proposed the corresponding chosen-plaintext attack algorithm.  ...  Then, pixel scrambling is performed on C (1) according to I to obtain the scrambled image C (2) . (2) DNA XOR based on dynamic DNA encoding: Download the specified DNA sequence from the GenBank database  ... 
doi:10.1109/access.2021.3123571 fatcat:b4ki2zhsczanxfyukypx3ivnxm

The tao of inference in privacy-protected databases

Vincent Bindschaedler, Paul Grubbs, David Cash, Thomas Ristenpart, Vitaly Shmatikov
2018 Proceedings of the VLDB Endowment  
To protect database confidentiality even in the face of full compromise while supporting standard functionality, recent academic proposals and commercial products rely on a mix of encryption schemes.  ...  We evaluate our methodology on medical, census, and union-membership datasets, showing for the first time how to infer full database records.  ...  Articles from this volume were invited to present their results at The 44th International Conference on Very Large Data Bases, August 2018, Rio de Janeiro, Brazil.  ... 
doi:10.14778/3236187.3236217 fatcat:ejulkfgpwjdhxc3ckxua3vlkrq

Hiding the Access Pattern is Not Enough: Exploiting Search Pattern Leakage in Searchable Encryption [article]

Simon Oya, Florian Kerschbaum
2020 arXiv   pre-print
Recent Searchable Symmetric Encryption (SSE) schemes enable secure searching over an encrypted database stored in a server while limiting the information leaked to the server.  ...  This provides protection against current attacks that largely depend on this leakage to succeed.  ...  The techniques we use to solve our attack are somewhat similar to the frequency-based database recovery attacks by Bindschaedler et al. [1] in deterministic encryption.  ... 
arXiv:2010.03465v1 fatcat:gf4bhzthhjblzgwfvbkmsgbmfe
« Previous Showing results 1 — 15 out of 11,022 results