Venue | Category |
---|---|
CCSW'19 | Deterministic Encryption |
Quantifying Information Leakage of Deterministic Encryption1. SummaryMotivation of this paperQuantitative Information Flow (QIF)Implementation and Evaluation2. Strength (Contributions of the paper)3. Weakness (Limitations of the paper)4. Some Insights
enable clients to make queries on sensitive data. the security implications of deterministic encryption are not well understood.
Deterministic encryption is controversial
This paper provides a leakage analysis of deterministic encryption through the application of the framework of quantitative information flow.
different operational scenarios require different leakage measures.
QIF definition
it is natural to measure the leakage of the channel by comparing the prior g-vulnerability with the posterior g-vulnerability.
Model of deterministic encryption
- uniform distribution
- an arbitrarily chosen non-uniform distribution
- a distribution in which two values has the same probability
- a distribution in which two values' probabilities are very close but not the same.
For encrypted deduplication, can we insert fake chunk to the original workload to mitigate the attack?
In our paper, we do not provide a fine-grain information leakage analysis, we just use KLD as a coarse measurement for information leakage.