Breaking Web Applications Built On Top of Encrypted Data

We develop a systematic approach for analyzing client-server applications that aim to hide sensitive user data from untrusted servers. We then apply it to Mylar, a framework that uses multi-key searchable encryption (MKSE) to build Web applications on top of encrypted data. We demonstrate that (1) the Popa-Zeldovich model for MKSE does not imply security against either passive or active attacks; (2) Mylar-based Web applications reveal users' data and queries to passive and active adversarial servers; and (3) Mylar is generically insecure against active attacks due to system design flaws. Our results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved. We conclude with general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers.

[1]  Eu-Jin Goh,et al.  Secure Indexes , 2003, IACR Cryptol. ePrint Arch..

[2]  Rafail Ostrovsky,et al.  Searchable symmetric encryption: improved definitions and efficient constructions , 2006, CCS '06.

[3]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[4]  Mihai Christodorescu,et al.  Private Use of Untrusted Web Servers via Opportunistic Encryption , 2008 .

[5]  Peter Chapman,et al.  Automated black-box detection of side-channel vulnerabilities in web applications , 2011, CCS '11.

[6]  Zhou Li,et al.  Sidebuster: automated detection and quantification of side-channel leaks in web application development , 2010, CCS '10.

[7]  Srdjan Capkun,et al.  Verena: End-to-End Integrity Protection for Web Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[8]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[9]  Jon Howell,et al.  Radiatus : Strong User Isolation for Scalable Web Applications , 2014 .

[10]  Elaine Shi,et al.  ShadowCrypt: Encrypted Web Applications for Everyone , 2014, CCS.

[11]  Ben Y. Zhao,et al.  Silverline: toward data confidentiality in storage-intensive cloud applications , 2011, SoCC.

[12]  Nickolai Zeldovich,et al.  Multi-Key Searchable Encryption , 2013, IACR Cryptol. ePrint Arch..

[13]  Frank Wang,et al.  Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds , 2016, NSDI.

[14]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[15]  Hugo Krawczyk,et al.  Dynamic Searchable Encryption in Very-Large Databases: Data Structures and Implementation , 2014, NDSS.

[16]  Mark Zhandry,et al.  Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation , 2015, EUROCRYPT.

[17]  Angelos D. Keromytis,et al.  Blind Seer: A Scalable Private DBMS , 2014, 2014 IEEE Symposium on Security and Privacy.

[18]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[19]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[20]  Hari Balakrishnan,et al.  Building Web Applications on Top of Encrypted Data Using Mylar , 2014, NSDI.

[21]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[22]  Hugo Krawczyk,et al.  Highly-Scalable Searchable Symmetric Encryption with Support for Boolean Queries , 2013, IACR Cryptol. ePrint Arch..

[23]  Jonathan Katz,et al.  All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption , 2016, USENIX Security Symposium.

[24]  Florian Kerschbaum,et al.  Searchable Encryption with Secure and Efficient Updates , 2014, CCS.

[25]  Pasquale Malacaria,et al.  SideAuto: quantitative information flow for side-channel leakage in web applications , 2013, WPES.

[26]  Dawn Xiaodong Song,et al.  Privilege Separation in HTML5 Applications , 2012, USENIX Security Symposium.

[27]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[28]  Xiapu Luo,et al.  HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows , 2011, NDSS.

[29]  Charalampos Papamanthou,et al.  Dynamic searchable symmetric encryption , 2012, IACR Cryptol. ePrint Arch..

[30]  Mihir Bellare,et al.  DupLESS: Server-Aided Encryption for Deduplicated Storage , 2013, USENIX Security Symposium.

[31]  Ariel J. Feldman,et al.  SPORC: Group Collaboration using Untrusted Cloud Resources , 2010, OSDI.

[32]  Wenke Lee,et al.  Mimesis Aegis: A Mimicry Privacy Shield-A System's Approach to Data Privacy on Public Cloud , 2014, USENIX Security Symposium.

[33]  David Cash,et al.  Leakage-Abuse Attacks Against Searchable Encryption , 2015, IACR Cryptol. ePrint Arch..

[34]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[35]  MacLane Wilkison,et al.  ZeroDB white paper , 2016, ArXiv.

[36]  Lingyu Wang,et al.  k-Indistinguishable Traffic Padding in Web Applications , 2012, Privacy Enhancing Technologies.

[37]  Thomas Ristenpart,et al.  Leakage-Abuse Attacks against Order-Revealing Encryption , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[38]  Murat Kantarcioglu,et al.  Access Pattern disclosure on Searchable Encryption: Ramification, Attack and Mitigation , 2012, NDSS.

[39]  Carl A. Gunter,et al.  Dynamic Searchable Encryption via Blind Storage , 2014, 2014 IEEE Symposium on Security and Privacy.

[40]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[41]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[42]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.