18 Hits in 1.4 sec

Practical Volume-Based Attacks on Encrypted Databases [article]

Rishabh Poddar, Stephanie Wang, Jianan Lu, Raluca Ada Popa
2020 arXiv   pre-print
Recent years have seen an increased interest towards strong security primitives for encrypted databases (such as oblivious protocols), that hide the access patterns of query execution, and reveal only the volume of results. However, recent work has shown that even volume leakage can enable the reconstruction of entire columns in the database. Yet, existing attacks rely on a set of assumptions that are unrealistic in practice: for example, they (i) require a large number of queries to be issued
more » ... y the user, or (ii) assume certain distributions on the queries or underlying data (e.g., that the queries are distributed uniformly at random, or that the database does not contain missing values). In this work, we present new attacks for recovering the content of individual user queries, assuming no leakage from the system except the number of results and avoiding the limiting assumptions above. Unlike prior attacks, our attacks require only a single query to be issued by the user for recovering the keyword. Furthermore, our attacks make no assumptions about the distribution of issued queries or the underlying data. Instead, our key insight is to exploit the behavior of real-world applications. We start by surveying 11 applications to identify two key characteristics that can be exploited by attackers: (i) file injection, and (ii) automatic query replay. We present attacks that leverage these two properties in concert with volume leakage, independent of the details of any encrypted database system. Subsequently, we perform an attack on the real Gmail web client by simulating a server-side adversary. Our attack on Gmail completes within a matter of minutes, demonstrating the feasibility of our techniques. We also present three ancillary attacks for situations when certain mitigation strategies are employed.
arXiv:2008.06627v1 fatcat:3pgvb6w3pbe4pcrtuchfl273xe

A Cache Trace Attack on CAMELLIA [chapter]

Rishabh Poddar, Amit Datta, Chester Rebeiro
2011 Lecture Notes in Computer Science  
CAMELLIA is a 128 bit block cipher certified for its security by NESSIE and CRYPTREC. Yet an implementation of CAMELLIA can easily fall prey to cache attacks. In this paper we present an attack on CAMELLIA, which utilizes cache access patterns along with the differential properties of CAMELLIA's s-boxes. The attack, when implemented on a PowerPC microprocessor having a 32 byte cache line size requires power traces from 2 16 different encryptions. Further, the work shows that this trace
more » ... nt reduces to 2 11 if a 64 byte cache line is used.
doi:10.1007/978-3-642-24586-2_13 fatcat:b2triqu6uvebxdhrlarbnxp4uu


Rishabh Poddar, Tobias Boelter, Raluca Ada Popa
2019 Proceedings of the VLDB Endowment  
In recent years, encrypted databases have emerged as a promising direction that provides data confidentiality without sacrificing functionality: queries are executed on encrypted data. However, many practical proposals rely on a set of weak encryption schemes that have been shown to leak sensitive data. In this paper, we propose Arx, a practical and functionally rich database system that encrypts the data only with semantically secure encryption schemes. We show that Arx supports real
more » ... ns such as ShareLaTeX with a modest performance overhead.
doi:10.14778/3342263.3342641 fatcat:7rqpyv6n2rglth2h6wruknr4mu

Senate: A Maliciously-Secure MPC Platform for Collaborative Analytics [article]

Rishabh Poddar, Sukrit Kalra, Avishay Yanai, Ryan Deng, Raluca Ada Popa, Joseph M. Hellerstein
2020 arXiv   pre-print
Many organizations stand to benefit from pooling their data together in order to draw mutually beneficial insights – e.g., for fraud detection across banks, better medical studies across hospitals, etc. However, such organizations are often prevented from sharing their data with each other by privacy concerns, regulatory hurdles, or business competition. We present Senate, a system that allows multiple parties to collaboratively run analytical SQL queries without revealing their individual data
more » ... to each other. Unlike prior works on secure multi-party computation (MPC) that assume that all parties are semi-honest, Senate protects the data even in the presence of malicious adversaries. At the heart of Senate lies a new MPC decomposition protocol that decomposes the cryptographic MPC computation into smaller units, some of which can be executed by subsets of parties and in parallel, while preserving its security guarantees. Senate then provides a new query planning algorithm that decomposes and plans the cryptographic computation effectively, achieving a performance of up to 145× faster than the state-of-the-art.
arXiv:2010.13752v1 fatcat:wvzmgje76favta36snhulf76cy

Secure Collaborative Training and Inference for XGBoost [article]

Andrew Law, Chester Leung, Rishabh Poddar, Raluca Ada Popa, Chenyu Shi, Octavian Sima, Chaofan Yu, Xingmeng Zhang, Wenting Zheng
2020 arXiv   pre-print
In recent years, gradient boosted decision tree learning has proven to be an effective method of training robust models. Moreover, collaborative learning among multiple parties has the potential to greatly benefit all parties involved, but organizations have also encountered obstacles in sharing sensitive data due to business, regulatory, and liability concerns. We propose Secure XGBoost, a privacy-preserving system that enables multiparty training and inference of XGBoost models. Secure
more » ... protects the privacy of each party's data as well as the integrity of the computation with the help of hardware enclaves. Crucially, Secure XGBoost augments the security of the enclaves using novel data-oblivious algorithms that prevent access side-channel attacks on enclaves induced via access pattern leakage.
arXiv:2010.02524v1 fatcat:mh5gmhwqefe7lfh25jet2jgpzq


Dhruv Sharma, Rishabh Poddar, Kshiteej Mahajan, Mohan Dhawan, Vijay Mann
2015 Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies - CoNEXT '15  
With majority of the world's data and computation handled by cloud-based systems, cloud management stacks such as Apache's CloudStack, VMware's vSphere and OpenStack have become an increasingly important component in cloud software. However, like every other complex distributed system, these cloud stacks are susceptible to faults, whose root cause is often hard to diagnose. We present HANSEL, a system that leverages non-intrusive network monitoring to expedite root cause analysis of such faults
more » ... manifesting in OpenStack operations. HANSEL is fast and accurate, and precise even under conditions of stress.
doi:10.1145/2716281.2836108 dblp:conf/conext/SharmaPMDM15 fatcat:zcjbvji7hzhffardn2duzegtnu

An Enhanced Differential Cache Attack on CLEFIA for Large Cache Lines [chapter]

Chester Rebeiro, Rishabh Poddar, Amit Datta, Debdeep Mukhopadhyay
2011 Lecture Notes in Computer Science  
Reported results on cache trace attacks on CLEFIA do not work with increased cache line size. In this paper we present an enhanced cache trace attack on CLEFIA using the differential property of the s-boxes of the cipher and the diffusion properties of the linear transformations of the underlying Feistel structures. The attack requires 3 round keys, which are obtained by monitoring cache access patterns of 4 rounds of the cipher. A theoretical analysis is made on the complexity of the attack,
more » ... ile experimental results are presented to show the effectiveness of power and timing side-channels in deducing cache access patterns. The efficacy of the attack is theoretically justified by showing the effect of cache line size on the time and space complexity of the attack. Finally countermeasures that guarantee security against cache-attacks are compared for their efficiency on large cache lines.
doi:10.1007/978-3-642-25578-6_6 fatcat:6jqibpr4zzhhhkg2a4q3k6ta7m

Visor: Privacy-Preserving Video Analytics as a Cloud Service [article]

Rishabh Poddar and Ganesh Ananthanarayanan and Srinath Setty and Stavros Volos and Raluca Ada Popa
2020 arXiv   pre-print
Video-analytics-as-a-service is becoming an important offering for cloud providers. A key concern in such services is privacy of the videos being analyzed. While trusted execution environments (TEEs) are promising options for preventing the direct leakage of private video content, they remain vulnerable to side-channel attacks. We present Visor, a system that provides confidentiality for the user's video stream as well as the ML models in the presence of a compromised cloud platform and
more » ... d co-tenants. Visor executes video pipelines in a hybrid TEE that spans both the CPU and GPU. It protects the pipeline against side-channel attacks induced by data-dependent access patterns of video modules, and also addresses leakage in the CPU-GPU communication channel. Visor is up to 1000× faster than naïve oblivious solutions, and its overheads relative to a non-oblivious baseline are limited to 2×–6×.
arXiv:2006.09628v2 fatcat:ipifnn7tuberjimmgss6azglte

Effective switch memory management in OpenFlow networks

Anilkumar Vishnoi, Rishabh Poddar, Vijay Mann, Suparna Bhattacharya
2014 Proceedings of the 8th ACM International Conference on Distributed Event-Based Systems - DEBS '14  
OpenFlow networks require installation of flow rules in a limited capacity switch memory (mainly Ternary Content Addressable Memory or TCAMs) from a logically centralized controller. A controller can manage the switch memory in an OpenFlow network through events that are generated by the switch at discrete time intervals. Recent studies have shown that data centers can have up to 10,000 network flows per second per server rack today. Increasing the TCAM size to accommodate these large number of
more » ... flow rules is not a viable solution since TCAM is costly and power hungry. Current OpenFlow controllers handle this issue by installing flow rules with a default idle timeout after which the switch automatically evicts the rule from its TCAM. This results in inefficient usage of switch memory for short lived flows when the timeout is too high and in increased controller workload for frequent flows when the timeout is too low. In this context, we present SmartTime -an OpenFlow controller system that combines an adaptive timeout heuristic to compute efficient idle timeouts with proactive eviction of flow rules, which results in effective utilization of TCAM space while ensuring that TCAM misses (or controller load) does not increase. To the best of our knowledge, SmartTime is the first real implementation of an intelligent flow management strategy in an OpenFlow controller that can be deployed in current OpenFlow networks. In our experiments using multiple real data center packet traces and cache sizes, SmartTime adaptive policy consistently outperformed the best performing static idle timeout policy or random eviction policy by up to 58% in terms of total cost.
doi:10.1145/2611286.2611301 dblp:conf/debs/VishnoiPMB14 fatcat:tnabnpqn7rht3pvkwr2pc7zioe

Remedy: Network-Aware Steady State VM Management for Data Centers [chapter]

Vijay Mann, Akanksha Gupta, Partha Dutta, Anilkumar Vishnoi, Parantapa Bhattacharya, Rishabh Poddar, Aakash Iyer
2012 Lecture Notes in Computer Science  
Steady state VM management in data centers should be network-aware so that VM migrations do not degrade network performance of other flows in the network, and if required, a VM migration can be intelligently orchestrated to decongest a network hotspot. Recent research in network-aware management of VMs has focused mainly on an optimal network-aware initial placement of VMs and has largely ignored steady state management. In this context, we present the design and implementation of Remedy.
more » ... ranks target hosts for a VM migration based on the associated cost of migration, available bandwidth for migration and the network bandwidth balance achieved by a migration. It models the cost of migration in terms of additional network traffic generated during migration. We have implemented Remedy as an OpenFlow controller application that detects the most congested links in the network and migrates a set of VMs in a network-aware manner to decongest these links. Our choice of target hosts ensures that neither the migration traffic nor the flows that get rerouted as a result of migration cause congestion in any part of the network. We validate our cost of migration model on a virtual software testbed using real VM migrations. Our simulation results using real data center traffic data demonstrate that selective network aware VM migrations can help reduce unsatisfied bandwidth by up to 80-100%.
doi:10.1007/978-3-642-30045-5_15 fatcat:hb6h6rkyafdxpf7wkhejvdibhy

SPHINX: Detecting Security Attacks in Software-Defined Networks

Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, Vijay Mann
2015 Proceedings 2015 Network and Distributed System Security Symposium   unpublished
Software-defined networks (SDNs) allow greater control over network entities by centralizing the control plane, but place great burden on the administrator to manually ensure security and correct functioning of the entire network. We list several attacks on SDN controllers that violate network topology and data plane forwarding, and can be mounted by compromised network entities, such as end hosts and soft switches. We further demonstrate their feasibility on four popular SDN controllers. We
more » ... pose SPHINX to detect both known and potentially unknown attacks on network topology and data plane forwarding originating within an SDN. SPHINX leverages the novel abstraction of flow graphs, which closely approximate the actual network operations, to enable incremental validation of all network updates and constraints. SPHINX dynamically learns new network behavior and raises alerts when it detects suspicious changes to existing network control plane behavior. Our evaluation shows that SPHINX is capable of detecting attacks in SDNs in realtime with low performance overheads, and requires no changes to the controllers for deployment.
doi:10.14722/ndss.2015.23064 fatcat:zn5ju2n53facloeacxiyl5saca

Uemgreen 2019 Paper List

2019 2019 International Conference on Energy Management for Green Environment (UEMGREEN), m, joydeep.mukherjee@jadavpurunive 5 978-1-7281-3007-1-5 VARSHA PODDAR  ...  , Abhijit Debnath, Sudeept Das, Dhritabrata Mitra, Spandan Karmakar 6 978-1-7281-3007-1-6 Subhajit Roy, Rupendranath Chakrabarti,Rishabh Dev Shukla, Sudeshna Nath,  ... 
doi:10.1109/uemgreen46813.2019.9221507 fatcat:3njzvox7zzg27ofehzo6uxzyxy

Real-Time White-Board

Akshay Sharma and Shallu Bashambu
2020 International journal of modern trends in science and technology  
Ringe, Swati & Kedia, Rishabh & Poddar, Anuj & Patel, Sahil. discussed in their paper how HTML based whiteboard can be used in meeting collaborations and e-learning.  ... 
doi:10.46501/ijmtst061204 fatcat:t3ntp5xy4rgirgdpzllcdtvmyq

EMISSOR: A platform for capturing multimodal interactions as Episodic Memories and Interpretations with Situated Scenario-based Ontological References [article]

Selene Báez Santamaría, Thomas Baier, Taewoon Kim, Lea Krause, Jaap Kruijt, Piek Vossen
2021 arXiv   pre-print
Paul A Crook, Shivani Poddar, Ankita De, Semir Shafi, David Whitney, Alborz Geramifard, and Rajen Subba. 2019.  ...  Soujanya Poria, Navonil Majumder, Devamanyu Haz- arika, Deepanway Ghosal, Rishabh Bhardwaj, Sam- son Yu Bai Jian, Romila Ghosh, Niyati Chhaya, Alexander Gelbukh, and Rada Mihalcea. 2020.  ... 
arXiv:2105.08388v1 fatcat:jarhbdfwr5gfdavu2wnndwecda

On the Optimality of Differential Fault Analyses on CLEFIA [chapter]

Ágnes Kiss, Juliane Krämer, Anke Stüber
2016 Lecture Notes in Computer Science  
Poddar, Amit Datta, and Debdeep an optimal attack still needs to be discovered.  ...  Berlin Heidelberg, However, Differential Fault Analyses on CLEFIA-192 2003. and CLEFIA-256 can still be improved theoretically and [13] Chester Rebeiro, Rishabh  ... 
doi:10.1007/978-3-319-32859-1_15 fatcat:lxx5cmkygrgxzjw47lnmuxauwi
« Previous Showing results 1 — 15 out of 18 results