Corelab Seminar
2020-2021
Charalampos Papamanthou
Leakage Abuse Attacks in Encrypted Databases
Abstract.
Since the seventies, one of the holy grails of cryptography
has been the invention of encryption algorithms that allow computation
to be performed directly on ciphertexts without prior decryption. While
heavy cryptographic hammers like fully-homomorphic encryption and
oblivious RAMs can address (versions of) the aforementioned problem with
ideal security guarantees, encrypted databases provide a more practical
alternative. An encrypted database achieves considerable efficiency by
releasing some formally-defined and superficially harmless information,
known as leakage. However, it turns out such leakage can lead to
complete value reconstruction of the database! In this talk I will
review some of the basic techniques to perform database reconstruction
from range search leakage and then I will present my recent work on
query distribution-agnostic attacks on encrypted databases. I will
conclude with some suggestions about how to argue formally about the
security of encrypted databases.
This talk is based on joint works with Evgenios Kornaropoulos (UC
Berkeley), Alexandros Psomas (Purdue University), Dawn Song (UC
Berkeley) and Roberto Tamassia (Brown University).
Bio: Charalampos Papamanthou is the Director of the Maryland Cybersecurity
Center (MC2) and an Associate Professor of Electrical and Computer
Engineering at the University of Maryland, College Park, where he joined
in 2013 after a postdoc at UC Berkeley. At Maryland, he is also
affiliated with the Institute for Advanced Computer Studies (UMIACS) and
the Department of Computer Science. He works on applied cryptography and
computer security—and especially on technologies, systems and theory for
secure and private cloud computing. While at College Park, he received
the NSF CAREER award, the Google Faculty Research Award, the Yahoo!
Faculty Research Engagement Award, the NetApp Faculty Fellowship, the
UMD Invention of the Year Award, the Jimmy Lin Award for Invention, the
George Corcoran Award for Excellence in Teaching and was also finalist
for the 2020 Facebook Privacy Research award. His research has been
funded by federal agencies (NSF, NIST and NSA) and by the industry
(Google, Yahoo!, NetApp, VMware, Amazon and Ergo). His PhD is in
Computer Science from Brown University (2011) and he also holds an MSc
in Computer Science from the University of Crete (2005), where he was a
member of ICS-FORTH. His work has received over 7,400 citations and he
has published in venues and journals spanning theoretical and applied
cryptography, systems and database security, graph algorithms and
visualization and operations research. Beginning July 2021, he will be
joining Yale University as an Associate Professor of Computer Science.