GPN13:SEDAWG: Eine durchsuchbare Verschlüsselung

aus dem Wiki des Entropia e.V., CCC Karlsruhe

Ein Vortrag von AlienX auf der GPN13.

Slides

  • The slides are available here: Slides (3.3 MB) mirror
  • As soon as the source code is available online I'll post it here, too.
  • Until our paper has been officially published, please get in contact with us. We can send you the release candidate of the paper.

Contact details

  • @script_alert_1 (Twitter)
  • bob at alice and bob dot com (eMail)
  • If you are up to code this with performance improvements and in a cool programming language: Contact us!

Abstract

Cloud computing is one of the most promising trends in the IT industry. In terms of data security however, cloud computing brings a new threat: Users lose control over their data. Cloud providers can access their customer's data at will. To challenge this drawback technologically, one needs to seek methods that enhance the privacy of the user's data without negating the advantages of cloud computing. Notably, computational and storage overhead should be handled in the cloud, not on the client. Consider for example the scenario of an outsourced e-mail archive: Users wish to employ a cloud provider to store their e-mails in order to be able to access them with a mobile device and without letting the provider gain knowledge of the archive's content. To conserve bandwidth, they want to perform searches on their archived e-mail online instead of downloading each and every message individually and searching locally. This talk addresses the problem of secure exact pattern matching: A user encrypts a long string he later wishes to query for the occurrence of certain patterns. This encrypted string is then uploaded to a server and to perform a search, the user can interact with the server. The server should never learn neither the string itself, nor the patterns searched for.

Material