Your search keyword '"Mariana Raykova"' showing total 25 results

1. Session details: Session 6A: Signatures

Author

Mariana Raykova

Subjects

Multimedia, Computer science, Session (computer science), computer.software_genre, computer

Published

2020

2. Anonymous Tokens with Private Metadata Bit

Author

Ben Kreuter, Mariana Raykova, Michele Orrù, and Tancrède Lepoint

Subjects

050101 languages & linguistics, business.industry, Computer science, 05 social sciences, Cryptography, 02 engineering and technology, Security token, Mathematical proof, Computer security, computer.software_genre, Random oracle, Metadata, Issuer, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, business, computer, Bit (key)

Abstract

We present a cryptographic construction for anonymous tokens with private metadata bit, called PMBTokens. This primitive enables an issuer to provide a user with a lightweight, single-use anonymous trust token that can embed a single private bit, which is accessible only to the party who holds the secret authority key and is private with respect to anyone else. Our construction generalizes and extends the functionality of Privacy Pass (PETS’18) with this private metadata bit capability. It provides unforgeability, unlinkability, and privacy for the metadata bit properties based on the DDH and CTDH assumptions in the random oracle model. Both Privacy Pass and PMBTokens rely on non-interactive zero-knowledge proofs (NIZKs). We present new techniques to remove the need for NIZKs, while still achieving unlinkability. We implement our constructions and we report their efficiency costs.

Published

2020

3. PPML '19

Author

Olya Ohrimenko, Borja Balle, Phillipp Schoppmmann, Adrià Gascón, Mariana Raykova, and Carmela Troncoso

Subjects

cryptography, business.industry, Computer science, 020206 networking & telecommunications, 020302 automobile design & engineering, Cryptography, security, 02 engineering and technology, PPML, Space (commercial competition), privacy, Machine learning, computer.software_genre, Privacy preserving, machine learning, 0203 mechanical engineering, Leverage (negotiation), 0202 electrical engineering, electronic engineering, information engineering, Artificial intelligence, business, computer

Abstract

The area of privacy preserving machine learning has been of growing importance in practice, which has lead to an increased interest in this topic in both academia and industry. We have witnessed this through numerous papers and systems published and developed in the recent years to address challenges in this area. The solutions proposed in this space leverage many different approaches and techniques coming from machine learning, cryptography, and security. Thus, the workshop aims to be a forum to unify different perspectives and start a discussion about the relative merits of each approach. It will also serve as a venue for networking people from different communities interested in this problem, and hopefully foster fruitful long-term collaboration.

Published

2019

4. Make Some ROOM for the Zeros

Author

Benny Pinkas, Adrià Gascón, Phillipp Schoppmann, and Mariana Raykova

Subjects

0303 health sciences, Computer science, business.industry, 02 engineering and technology, Machine learning, computer.software_genre, Secret sharing, 03 medical and health sciences, Naive Bayes classifier, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Secure multi-party computation, Leverage (statistics), 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, Computer Science::Cryptography and Security, 030304 developmental biology, Block (data storage), Sparse matrix, Abstraction (linguistics)

Abstract

Exploiting data sparsity is crucial for the scalability of many data analysis tasks. However, while there is an increasing interest in efficient secure computation protocols for distributed machine learning, data sparsity has so far not been considered in a principled way in that setting. We propose sparse data structures together with their corresponding secure computation protocols to address common data analysis tasks while utilizing data sparsity. In particular, we define a Read-Only Oblivious Map primitive (ROOM) for accessing elements in sparse structures, and present several instantiations of this primitive with different trade-offs. Then, using ROOM as a building block, we propose protocols for basic linear algebra operations such as Gather, Scatter, and multiple variants of sparse matrix multiplication. Our protocols are easily composable by using secret sharing. We leverage this, at the highest level of abstraction, to build secure protocols for non-parametric models (k-nearest neighbors and naive Bayes classification) and parametric models (logistic regression) that enable secure analysis on high-dimensional datasets. The experimental evaluation of our protocol implementations demonstrates a manyfold improvement in the efficiency over state-of-the-art techniques across all applications. Our system is designed and built mirroring the modular architecture in scientific computing and machine learning frameworks, and inspired by the Sparse BLAS standard.

Published

2019

5. Hiding secrets in software

Author

Craig Gentry, Amit Sahai, Shai Halevi, Mariana Raykova, Sanjam Garg, and Brent Waters

Subjects

Scheme (programming language), 021110 strategic, defence & security studies, General Computer Science, business.industry, Computer science, 0211 other engineering and technologies, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Program obfuscation, Software, 010201 computation theory & mathematics, Obfuscation, business, computer, computer.programming_language

Abstract

Can we hide secrets in software? Can we obfuscate programs---that is, make programs unintelligible while preserving their functionality? What exactly do we mean by "unintelligible"? Why would we even want to do this? In this article, we describe some rigorous cryptographic answers to these quasi-philosophical questions. We also discuss our recent "candidate indistinguishability obfuscation" scheme and its implications.

Published

2016

6. A Simple Obfuscation Scheme for Pattern-Matching with Wildcards

Author

Tal Malkin, Lucas Kowalczyk, Valerio Pastro, Allison Bishop, Kevin Shi, and Mariana Raykova

Subjects

Matching (statistics), Multilinear map, Computer science, Heuristic, Wildcard character, 0102 computer and information sciences, 02 engineering and technology, computer.file_format, 01 natural sciences, 010201 computation theory & mathematics, Wildcard, Simple (abstract algebra), Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Pattern matching, computer, Algorithm

Abstract

We give a simple and efficient method for obfuscating pattern matching with wildcards. In other words, we construct a way to check an input against a secret pattern, which is described in terms of prescribed values interspersed with unconstrained “wildcard” slots. As long as the support of the pattern is sufficiently sparse and the pattern itself is chosen from an appropriate distribution, we prove that a polynomial-time adversary cannot find a matching input, except with negligible probability. We rely upon the generic group heuristic (in a regular group, with no multilinearity). Previous work [9, 10, 32] provided less efficient constructions based on multilinear maps or LWE.

Published

2018

7. Language Technologies in Teaching Bulgarian at Primary and Secondary School Level: The NBU Platform for Language Teaching (PLT)

Author

Valentina Ivanova, Mariana Raykova, Maria Stambolieva, Mariya Neykova, and Milka Hadjikoteva

Subjects

Structure (mathematical logic), Text corpus, Multimedia, Computer science, Process (engineering), media_common.quotation_subject, Foreign language, computer.software_genre, language.human_language, Presentation, ComputingMilieux_COMPUTERSANDEDUCATION, language, Language education, Bulgarian, Concordancer, computer, media_common

Abstract

The NBU Language Teaching Platform (PLT) was initially designed for teaching foreign languages for specific purposes; at a second stage, some of its functionalities were extended to answer the needs of teaching general foreign language. New functionalities have now been created for the purpose of providing e-support for Bulgarian language and literature teaching at primary and secondary school level. The article presents the general structure of the platform and the functionalities specifically developed to match the standards and expected results set by the Ministry of Education. The E-platform integrates: 1/ an environment for creating, organizing and maintaining electronic text archives, for extracting text corpora and aligning corpora; 2/ a linguistic database; 3/ a concordancer; 4/ a set of modules for the generation and editing of practice exercises for each text or corpus; 5/ functionalities for export from the platform and import to other educational platforms. For Moodle, modules were created for test generation, performance assessment and feedback. The PLT allows centralized presentation of abundant teaching content, control of the educational process, fast and reliable feedback on performance.

Published

2017

8. 5Gen-C

Author

Mariana Raykova, Brent Carmer, and Alex J. Malozemoff

Subjects

0301 basic medicine, Pseudorandom number generator, Theoretical computer science, Computer science, business.industry, Context (language use), Cryptography, 0102 computer and information sciences, computer.software_genre, Mathematical proof, 01 natural sciences, Obfuscation (software), 03 medical and health sciences, 030104 developmental biology, 010201 computation theory & mathematics, Obfuscation, Key (cryptography), Compiler, business, computer, Functional encryption

Abstract

Program obfuscation is a powerful security primitive with many applications. White-box cryptography studies a particular subset of program obfuscation targeting keyed pseudorandom functions (PRFs), a core component of systems such as mobile payment and digital rights management. Although the white-box obfuscators currently used in practice do not come with security proofs and are thus routinely broken, recent years have seen an explosion of cryptographic techniques for obfuscation, with the goal of avoiding this build-and-break cycle. In this work, we explore in detail cryptographic program obfuscation and the related primitive of multi-input functional encryption (MIFE). In particular, we extend the 5Gen framework (CCS 2016) to support circuit-based MIFE and program obfuscation, implementing both existing and new constructions. We then evaluate and compare the efficiency of these constructions in the context of PRF obfuscation. As part of this work we (1) introduce a novel instantiation of MIFE that works directly on functions represented as arithmetic circuits, (2) use a known transformation from MIFE to obfuscation to give us an obfuscator that performs better than all prior constructions, and (3) develop a compiler for generating circuits optimized for our schemes. Finally, we provide detailed experiments, demonstrating, among other things, the ability to obfuscate a PRF with a 64-bit key and 12 bits of input (containing 62k gates) in under 4 hours, with evaluation taking around 1 hour. This is by far the most complex function obfuscated to date.

Published

2017

9. Multi-input Inner-Product Functional Encryption from Pairings

Author

Michel Abdalla, Romain Gay, Mariana Raykova, Hoeteck Wee, Université Paris sciences et lettres (PSL), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Yale University [New Haven], NSF grants CNS-1633282, 1562888, 1565208, 1445424, DARPA SafeWare W911NF-15-C-0236,W911NF-16-1-0389., European Project: 639554,H2020,ERC-2014-STG,aSCEND(2015), European Project: 644729,H2020 Pilier Industrial Leadership,H2020-ICT-2014-1,SAFEcrypto(2015), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, École normale supérieure - Paris (ENS Paris), Laboratoire d'informatique de l'école normale supérieure (LIENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), Centre National de la Recherche Scientifique (CNRS), NSF grant CNS-1633282, NSF grant CNS-1562888., NSF grant CNS-1565208, NSF grant CNS-1445424, DARPA SafeWare W911NF-16-1-0389, DARPA SafeWare W911NF-15-C-0236, IACR, Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Département d'informatique de l'École normale supérieure (DI-ENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), and Département d'informatique de l'École normale supérieure (DI-ENS)

Subjects

Scheme (programming language), Polynomial, Theoretical computer science, business.industry, Inner product, Bilinear interpolation, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Encryption, 01 natural sciences, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], 010201 computation theory & mathematics, Product (mathematics), Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Multi-Input Functional Encryption, business, computer, Computer Science::Cryptography and Security, Functional encryption, computer.programming_language, Mathematics

Abstract

International audience; We present a multi-input functional encryption scheme (MIFE) for the inner product functionality based on the k-Lin assumption in prime-order bilinear groups. Our construction works for any polynomial number of encryption slots and achieves adaptive security against unbounded collusion, while relying on standard polynomial hardness assumptions. Prior to this work, we did not even have a candidate for 3-slot MIFE for inner products in the generic bilinear group model. Our work is also the first MIFE scheme for a non-trivial functionality based on standard cryptographic assumptions, as well as the first to achieve polynomial security loss for a super-constant number of slots under falsifiable assumptions. Prior works required stronger non-standard assumptions such as indistinguishability obfuscation or multi-linear maps.

Published

2017

10. Optimal-Rate Non-Committing Encryption

Author

Oxana Poburinnaya, Mariana Raykova, and Ran Canetti

Subjects

Plaintext-aware encryption, business.industry, Computer science, 020206 networking & telecommunications, Plaintext, Data_CODINGANDINFORMATIONTHEORY, 0102 computer and information sciences, 02 engineering and technology, Encryption, computer.software_genre, 01 natural sciences, 010201 computation theory & mathematics, Probabilistic encryption, 0202 electrical engineering, electronic engineering, information engineering, 40-bit encryption, 56-bit encryption, Link encryption, On-the-fly encryption, business, computer, Computer network

Abstract

Non-committing encryption (NCE) was introduced in order to implement secure channels under adaptive corruptions in situations when data erasures are not trustworthy. In this paper we are interested in the rate of NCE, i.e. in how many bits the sender and receiver need to send per plaintext bit.

Published

2017

11. 5Gen

Author

Daniel Wagner, Dan Boneh, David W. Archer, Daniel Apon, Kevin Lewi, Mariana Raykova, Adam Foltzer, Brent Carmer, Alex J. Malozemoff, and Jonathan Katz

Subjects

Multilinear map, Theoretical computer science, mmap, Computer science, business.industry, Cryptography, 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, 01 natural sciences, Obfuscation (software), 010201 computation theory & mathematics, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Compiler, business, computer, Functional encryption

Abstract

Secure multilinear maps (mmaps) have been shown to have remarkable applications in cryptography, such as multi-input functional encryption (MIFE) and program obfuscation. To date, there has been little evaluation of the performance of these applications. In this paper we initiate a systematic study of mmap-based constructions. We build a general framework, called 5Gen, to experiment with these applications. At the top layer we develop a compiler that takes in a high-level program and produces an optimized matrix branching program needed for the applications we consider. Next, we optimize and experiment with several MIFE and obfuscation constructions and evaluate their performance. The 5Gen framework is modular and can easily accommodate new mmap constructions as well as new MIFE and obfuscation constructions, as well as being an open-source tool that can be used by other research groups to experiment with a variety of mmap-based constructions.

Published

2016

12. Usable, Secure, Private Search

Author

Ang Cui, Mariana Raykova, Binh Vo, Tal Malkin, Salvatore J. Stolfo, Steven M. Bellovin, and Bin Liu

Subjects

Information privacy, Distributed database, Computer Networks and Communications, Computer science, business.industry, Cryptography, Hamming distance, Bloom filter, Encryption, Computer security, computer.software_genre, USable, Deterministic encryption, Electrical and Electronic Engineering, business, Law, computer

Abstract

Real-world applications commonly require untrusting parties to share sensitive information securely. This article describes a secure anonymous database search (SADS) system that provides exact keyword match capability. Using a new reroutable encryption and the ideas of Bloom filters and deterministic encryption, SADS lets multiple parties efficiently execute exact-match queries over distributed encrypted databases in a controlled manner. This article further considers a more general search setting allowing similarity searches, going beyond existing work that considers similarity in terms of error tolerance and Hamming distance. This article presents a general framework, built on the cryptographic and privacy-preserving guarantees of the SADS primitive, for engineering usable private secure search systems.

Published

2012

13. Adaptive Succinct Garbled RAM or: How to Delegate Your Database

Author

Yilei Chen, Justin Holmgren, Ran Canetti, and Mariana Raykova

Subjects

Scheme (programming language), Sequence, Theoretical computer science, Delegate, Database, Computer science, Hash function, Plaintext, 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, 01 natural sciences, 010201 computation theory & mathematics, 020204 information systems, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Persistent data structure, computer, Security parameter, computer.programming_language

Abstract

We show how to garble a large persistent database and then garble, one by one, a sequence of adaptively and adversarially chosen RAM programs that query and modify the database in arbitrary ways. The garbled database and programs reveal only the outputs of the programs when run in sequence on the database. Still, the runtime, space requirements and description size of the garbled programs are proportional only to those of the plaintext programs and the security parameter. We assume indistinguishability obfuscation for circuits and somewhat-regular collision-resistant hash functions. In contrast, all previous garbling schemes with persistent data were shown secure only in the static setting where all the programs are known in advance. As an immediate application, we give the first scheme for efficiently outsourcing a large database and computations on the database to an untrusted server, then delegating computations on this database, where these computations may update the database. Our scheme extends the non-adaptive RAM garbling scheme of Canetti and Holmgren [ITCS 2016]. We also define and use a new primitive of independent interest, called adaptive accumulators. The primitive extends the positional accumulators of Koppula et al. [STOC 2015] and somewhere statistical binding hashing of Hubaai¾?ek and Wichs [ITCS 2015] to an adaptive setting.

Published

2016

14. Decentralized Authorization and Privacy-Enhanced Routing for Information-Centric Networks

Author

Hasanat Kazmi, Mariana Raykova, Ashish Gehani, and Hasnain Lakhani

Subjects

Security framework, Cryptographic primitive, business.industry, Computer science, Authorization, 020206 networking & telecommunications, Public key infrastructure, 02 engineering and technology, Computer security, computer.software_genre, Metadata, Software deployment, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Confidentiality, Android (operating system), business, computer, Computer network

Abstract

As information-centric networks are deployed in increasingly diverse settings, there is a growing need to protect the privacy of participants. We describe the design, implementation, and evaluation of a security framework that achieves this. It ensures the integrity and confidentiality of published content, the associated descriptive metadata, and the interests of subscribers. Publishers can scope access to the content, as well as which nodes in the network can broker access to it. Subscribers can limit which nodes can see their interests. Scopes are defined as policies over attributes of the individual nodes. The system transparently realizes the policies with suitable cryptographic primitives. It supports deployment in heterogeneous mobile ad hoc environments where trust may derive from multiple independent sources. Further, no external public key infrastructure is assumed. We also report on the overhead that the security adds in actual deployments on Android devices.

Published

2015

15. Private Database Access with HE-over-ORAM Architecture

Author

Craig Gentry, Shai Halevi, Charanjit S. Jutla, and Mariana Raykova

Subjects

0301 basic medicine, Database, Computer science, InformationSystems_DATABASEMANAGEMENT, Homomorphic encryption, computer.software_genre, Database access, 03 medical and health sciences, 030104 developmental biology, 0302 clinical medicine, Nothing, 030220 oncology & carcinogenesis, Secure multi-party computation, Architecture, computer, Time processing

Abstract

Enabling private database queries is an important and challenging research problem with many real-world applications. The goal is such that the client obtains the results of its queries without learning anything else about the database, while the outsourced server learns nothing about the queries or data, including access patterns. The secure-computation-over-ORAM architecture offers a promising approach to this problem, permitting sub-linear time processing of the queries (after pre-processing) without compromising security.

Published

2015

16. Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation

Author

Mark Zhandry, Kevin Lewi, Dan Boneh, Mariana Raykova, Joe Zimmerman, and Amit Sahai

Subjects

Theoretical computer science, business.industry, Encryption, computer.software_genre, Multiple encryption, Filesystem-level encryption, Probabilistic encryption, 40-bit encryption, Link encryption, On-the-fly encryption, business, computer, Functional encryption, Mathematics

Abstract

Deciding “greater-than” relations among data items just given their encryptions is at the heart of search algorithms on encrypted data, most notably, non-interactive binary search on encrypted data. Order-preserving encryption provides one solution, but provably provides only limited security guarantees. Two-input functional encryption is another approach, but requires the full power of obfuscation machinery and is currently not implementable.

Published

2015

17. Co-Location-Resistant Clouds

Author

Mariana Raykova, Yossi Azar, Ishai Menache, Seny Kamara, and Bruce Shepard

Subjects

Scheme (programming language), 021110 strategic, defence & security studies, Bin packing problem, Computer science, business.industry, Distributed computing, 0211 other engineering and technologies, Cryptography, Cloud computing, 02 engineering and technology, Adversary, computer.software_genre, Virtual machine, 020204 information systems, Server, 0202 electrical engineering, electronic engineering, information engineering, Isolation (database systems), business, computer, computer.programming_language

Abstract

We consider the problem of designing multi-tenant public infrastructure clouds resistant to cross-VM attacks without relying on single-tenancy or on assumptions about the cloud's servers. In a cross-VM attack (which have been demonstrated recently in Amazon EC2) an adversary launches malicious virtual machines (VM) that perform side-channel attacks against co-located VMs in order to recover their contents.We propose a formal model in which to design and analyze secure VM placement algorithms, which are online vector bin packing algorithms that simultaneously satisfy certain optimization constraints and notions of security. We introduce and formalize several notions of security, establishing formal connections between them. We also introduce a new notion of efficiency for online bin packing algorithms that better captures their cost in the setting of cloud computing.Finally, we propose a secure placement algorithm that achieves our strong notions of security when used with a new cryptographic mechanism we refer to as a shared deployment scheme.

Published

2014

18. Outsourcing Private RAM Computation

Author

Craig Gentry, Shai Halevi, Daniel Wichs, and Mariana Raykova

Subjects

Structure (mathematical logic), Computer science, business.industry, Distributed computing, Computation, Construct (python library), computer.software_genre, Outsourcing, Obfuscation (software), Random-access machine, Server, Operating system, business, computer, Functional encryption

Abstract

We construct the first schemes that allow a client to privately outsource arbitrary program executions to a remote server while ensuring that: (I) the client's work is small and essentially independent of the complexity of the computation being outsourced, and (II) the server's work is only proportional to the run-time of the computation on a random access machine (RAM), rather than its potentially much larger circuit size. Furthermore, our solutions are non-interactive and have the structure of reusable garbled RAM programs, addressing an open question of Lu and Ostrovsky (Eurocrypt 2013). We also construct schemes for an augmented variant of the above scenario, where the client can initially outsource a large private and persistent database to the server, and later outsource arbitrary program executions with read/write access to this database. Our solutions are built from non-reusable garbled RAM in conjunction with new types of reusable garbled circuits that are more efficient than prior solutions but only satisfy weaker security. For the basic setting without a persistent database, we can instantiate the required type of reusable garbled circuits from indistinguishability obfuscation or from functional encryption for circuits as a black-box. For the more complex setting with a persistent database, we can instantiate the required type of reusable garbled circuits using stronger notions of obfuscation. Our basic solution also requires the client to perform a one-time pre-processing step to garble a program at the cost of its RAM run-time, and we can avoid this cost using stronger notions of obfuscation. It remains an open problem to instantiate these new types of reusable garbled circuits under weaker assumptions, possibly avoiding obfuscation altogether. We show several simple extensions of our results and techniques to achieve: efficiency proportional to the input-specific RAM run-time, verifiability of outsourced RAM computation, functional encryption for RAMs, and a candidate obfuscation for RAMs.

Published

2014

19. Optimizing ORAM and Using It Efficiently for Secure Computation

Author

Mariana Raykova, Craig Gentry, Shai Halevi, Daniel Wichs, Kenny A. Goldman, and Charanjit Singh Julta

Subjects

Scheme (programming language), Binary search algorithm, Range query (data structures), Computer science, business.industry, Homomorphic encryption, Tree (data structure), Secure multi-party computation, Oblivious ram, business, Security parameter, computer, computer.programming_language, Computer network

Abstract

Oblivious RAM (ORAM) allows a client to access her data on a remote server while hiding the access pattern (which locations she is accessing) from the server. Beyond its immediate utility in allowing private computation over a client’s outsourced data, ORAM also allows mutually distrustful parties to run secure-computations over their joint data with sublinear on-line complexity. In this work we revisit the tree-based ORAM of Shi et al. [20] and show how to optimize its performance as a stand-alone scheme, as well as its performance within higher level constructions. More specifically, we make several contributions

Published

2013

20. Privacy Enhanced Access Control for Outsourced Data Sharing

Author

Steven M. Bellovin, Mariana Raykova, and Hang Zhao

Subjects

Scheme (programming language), Focus (computing), Computer science, business.industry, Cloud computing, Access control, Computer security, computer.software_genre, Data sharing, Information sensitivity, Overhead (computing), Confidentiality, business, computer, computer.programming_language

Abstract

Traditional access control models often assume that the entity enforcing access control policies is also the owner of data and resources. This assumption no longer holds when data is outsourced to a third-party storage provider, such as the cloud. Existing access control solutions mainly focus on preserving confidentiality of stored data from unauthorized access and the storage provider. However, in this setting, access control policies as well as users’ access patterns also become privacy sensitive information that should be protected from the cloud. We propose a two-level access control scheme that combines coarse-grained access control enforced at the cloud, which provides acceptable communication overhead and at the same time limits the information that the cloud learns from his partial view of the access rules and the access patterns, and fine-grained cryptographic access control enforced at the user’s side, which provides the desired expressiveness of the access control policies. Our solution handles both read and write access control.

Published

2012

21. Private search in the real world

Author

Steven M. Bellovin, Mariana Raykova, Tal Malkin, Vasilis Pappas, and Binh Vo

Subjects

Scheme (programming language), Focus (computing), Database, business.industry, Computer science, Usability, Encryption, computer.software_genre, Computer security, Adversarial system, business, Inefficiency, computer, computer.programming_language

Abstract

Encrypted search --- performing queries on protected data --- has been explored in the past; however, its inherent inefficiency has raised questions of practicality. Here, we focus on improving the performance and extending its functionality enough to make it practical. We do this by optimizing the system, and by stepping back from the goal of achieving maximal privacy guarantees in an encrypted search scenario and consider efficiency and functionality as priorities. We design and analyze the privacy implications of two practical extensions applicable to any keyword-based private search system. We evaluate their efficiency by building them on top of a private search system, called SADS. Additionally, we improve SADS' performance, privacy guaranties and functionality. The extended SADS system offers improved efficiency parameters that meet practical usability requirements in a relaxed adversarial model. We present the experimental results and evaluate the performance of the system. We also demonstrate analytically that our scheme can meet the basic needs of a major hospital complex's admissions records. Overall, we achieve performance comparable to a simply configured MySQL database system.

Published

2011

22. The Zodiac Policy Subsystem: A Policy-Based Management System for a High-Security MANET

Author

Scott Alexander, Mariana Raykova, Steve Bellovin, Yuu-Heng Cheng, Martin Eiger, and Alexander Poylisher

Subjects

Authentication, Network security, business.industry, Computer science, Cryptography, Usability, Information security, Mobile ad hoc network, Computer security, computer.software_genre, Management system, business, computer, Policy-based management, Computer network

Abstract

Zodiac (Zero Outage Dynamic Intrinsically Assurable Communities) is an implementation of a high-security MANET, resistant to multiple types of attacks, including Byzantine faults. The Zodiac architecture poses a set of unique system security, performance, and usability requirements to its policy-based management system (PBMS). In this paper, we identify theses requirements, and present the design and implementation of the Zodiac Policy Subsystem (ZPS), which allows administrators to securely specify, distribute and evaluate network control and system security policies to customize Zodiac behaviors. ZPS uses the Keynote language for specifying all authorization policies with simple extension to support obligation policies.

Published

2009

23. Efficient Robust Private Set Intersection

Author

Moti Yung, Dana Dachman-Soled, Mariana Raykova, and Tal Malkin

Subjects

Computer science, Robustness (computer science), Open problem, Secure two-party computation, Cryptographic protocol, Computer security, computer.software_genre, computer, Private set intersection

Abstract

Computing Set Intersection privately and efficiently between two mutually mistrusting parties is an important basic procedure in the area of private data mining. Assuring robustness, namely, coping with potentially arbitrarily misbehaving (i.e., malicious) parties, while retaining protocol efficiency (rather than employing costly generic techniques) is an open problem. In this work the first solution to this problem is presented.

Published

2009

24. PAR: Payment for Anonymous Routing

Author

Elli Androulaki, Shreyas Srivatsan, Steven M. Bellovin, Angelos Stavrou, and Mariana Raykova

Subjects

business.industry, Computer science, media_common.quotation_subject, Electronic cash, Internet privacy, Payment system, Payment, Computer security, computer.software_genre, Micropayment, Blind signature, ComputingMilieux_COMPUTERSANDSOCIETY, The Internet, Onion routing, business, computer, media_common, Anonymity

Abstract

Despite the growth of the Internet and the increasing concern for privacy of online communications, current deployments of anonymization networks depend on a very small set of nodes that volunteer their bandwidth. We believe that the main reason is not disbelief in their ability to protect anonymity, but rather the practical limitations in bandwidth and latency that stem from limited participation. This limited participation, in turn, is due to a lack of incentives to participate. We propose providing economic incentives, which historically have worked very well. In this paper, we demonstrate a payment scheme that can be used to compensate nodes which provide anonymity in Tor, an existing onion routing, anonymizing network. We show that current anonymous payment schemes are not suitable and introduce a hybrid payment system based on a combination of the Peppercoin Micropayment system and a new type of "one use" electronic cash. Our system claims to maintain users' anonymity, although payment techniques mentioned previously --- when adopted individually --- provably fail.

Published

2008

25. Efficient robust private set intersection

Author

Moti Yung, Mariana Raykova, Tal Malkin, and Dana Dachman-Soled

Subjects

Computational Mathematics, Computational Theory and Mathematics, Computer Networks and Communications, Computer science, Robustness (computer science), Applied Mathematics, Secure two-party computation, Open problem, Cryptographic protocol, Computer security, computer.software_genre, computer, Private set intersection

Abstract

Computing set intersection privately and efficiently between two mutually mistrusting parties is an important basic procedure in the area of private data mining. Assuring robustness, namely, coping with potentially arbitrarily misbehaving (i.e., malicious) parties, while retaining protocol efficiency (rather than employing costly generic techniques) is an open problem. In this work, the first solution to this problem is presented.

Published

2012