Breaking Web Applications Built On Top Of Encrypted Data
CCS(2016)
摘要
We develop a systematic approach for analyzing client-server applications that aim to hide sensitive user data from un-trusted servers. We then apply it to Mylar, a framework that uses multi-key searchable encryption (MKSE) to build Web applications on top of encrypted data.We demonstrate that (1) the Popa-Zeldovich model for MKSE does not imply security against either passive or active attacks; (2) Mylar-based Web applications reveal users' data and queries to passive and active adversarial servers; and (3) Mylar is generically insecure against active attacks due to system design flaws. Our results show that the problem of securing client-server applications against actively malicious servers is challenging and still unsolved.We conclude with general lessons for the designers of systems that rely on property-preserving or searchable encryption to protect data from untrusted servers.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络