This document discusses searchable encryption systems and the current state of data security. It covers common uses of encryption like SSL and describes limitations of early encryption methods like Yao's Garbled Circuits. The document then focuses on fully homomorphic encryption, which allows computations on encrypted data without decrypting it first. While promising, homomorphic encryption has limitations in speed and potential security issues that require more research to address.

1. Searchable Encryption Systems
Christopher M. Frenz
July 2012

2. The Current State of Information
Insecurity
 July 2012 - Yahoo confirmed that over 400,000
user name and password combinations were
stolen
 June 2012 - LinkedIn suffered a data breach that
resulted in the theft of over 6 million unsalted
user passwords
 From 2005 to July 2012 there have been 3,226
data breaches that resulted in over 562,872,534
records being compromised
(http://www.privacyrights.org/data-breach).
 Verizon reported that 2011 was the second
largest year for data breaches since they started
investigating them in 2004

3. Security Controls
 Publications, such as NIST Special
Publication 800-53 and others like it, list
well over 150 possible security controls
that could be implemented to improve
upon information security
 This presentation is going to focus on the
use of encryption as a security control

4. Common Uses of Encryption Today
 Securing Data Transmission
◦ SSL/TLS
◦ IPSEC
◦ S/MIME
◦ Etc
 Securing Stored Data
◦ TrueCrypt
◦ Bitlocker
◦ Etc

5. The Growth of Cloud Computing
 In 2009 cloud computing services were
reported to be valued at $17.4 billion
with the market expected to grow to
over $44 billion by 2013

6. Cloud Computing
 Cloud services can offer some security
advantages
◦ e.g. - resource pooling to build more robust
infrastructures
◦ options for the dynamic scaling of services to
help maintain availability
 But they are not without risk
◦ e.g. – much of your data is being stored by a
trusted? 3rd party

7. Role of Encryption
 One of the primary ways of ensuring that
cloud hosted data remains secret is via
the encrypted transmission of data and
the encrypted storage of data
 However, data hosted on a cloud
provider’s system cannot be searched
without first being decrypted
 How can this issue be dealt with?

8. Yao’s Garbled Circuits
 Yao developed a system whereby one party in the
communication (party A) creates a garbled circuit
that is capable of computing a desired function in
such a way that the inputs required from party A are
encoded into the garbled circuit in such a manner
that party B cannot determine what the inputs are
 Party B is able to use his inputs in conjunction with
the garbled circuit to compute the answer to the
desired function
 This allows party A and B to retrieve the desired
information while at the same time limiting the
amount of information disclosure to just the result of
the computed function

9. Limitation of Yao’s Garbled Circuits
 Yao’s Garbled Circuits only work to
prevent “honest but curious” attackers
 That is attackers that only attempt to run
the circuit as designed
 Increasingly research around such secure
communication is focused on the concept
of homomorphic encryption

10. Homomorphism
 Homomorphism occurs in a
cryptosystem when a mathematical
operation (i.e multiplication and addition)
that is enacted on the cipher text has the
same effects on the plain text
C = Cipher Text, P = Plain text
5*C=5C
5C decrypted yields 5P

11. Homomorphic Properties of
Current Encryption Systems
 Symmetric encryption systems like AES
and DES are not homomorphic
 Some asymmetric encryption systems like
RSA and ElGammal are partially
homomorphic in that they can support
one homomorphic math operation

12. Partially Homomorphic Encryption
Systems
 Boneh, Goh, and Nissim (BGN)
cryptosystem was developed to support
an arbitrary number of additions and one
multiplication
 Melchor, Gaborit, and Herranz developed
improvements upon BGN which allowed
for an arbitrary number of additions and
2 multiplications

13. Fully Homomorphic Encryption
 Developed by Craig Gentry in 2009
 This fully homomorphic encryption
system allows for an arbitrary number of
additions and an arbitrary number of
multiplications to be performed while still
demonstrating the same effects on both
the cipher text and plain text

14. Applications of Fully Homomorphic
Encryption
 Private Information Retrieval without the
need to decrypt data
 Filtering/sorting encrypted emails
 Improved security of electronic medical
records
 Analysis of electronic medical record data
without decrypting the data
 Secure electronic voting

15. Limitation – Time
 Homomorphic encryption is computationally
intensive
 A Google search using homomorphic
encryption would require approximately a
trillion times as much computing time as a
normal Google search
 Even if Moore’s Law continues to hold true,
it will be at least 40 years before
homomorphic encryption based search
resembles the search speeds of today

16. Addressing this limitation
 GPGPU – Performing these operations
on a GPU instead of a CPU can improve
performance
◦ A CUDA implementation of the PIR
algorithms proposed by Aguilar and Gaborit
was used to demonstrate data processing
rates of up to 2Gbits/sec
 FPGAs – performing these operations on
specialty hardware can improve
performance

17. Limitation – Security?
 These algorithms are still in their infancy
 They are not yet as well tested and vetted
by the cryptographic community as other
encryption algorithms
 There may be security flaws in the
algorithms that have not yet been
identified

18. Conclusion
 Homomorphic encryptions holds great
promise for the future
 There are limitations with these
algorithms, but with continued research
these limitations could be reduced
 The ability to search and analyze
encrypted data sets will likely create many
novel applications that make use of
homomorphic encryption systems