Breaking Web Applications Built On Top of Encrypted Data

Explore a conference talk from CCS 2016 that delves into the vulnerabilities of web applications built on encrypted data. Learn about the authors' contributions, the current state of web applications, and the proposed solution of data encryption. Examine a case study on Mylar, including attacks against it and the risks associated with metadata. Investigate active threat models, plaintext recovery attacks, and collusion with compromised clients. Gain insights into powerful attacks and their broader implications. Conclude with a discussion on defining security for multi-key searchable encryption (MKSE) in this 29-minute presentation by researchers from Cornell University, University of Texas at Austin, University of Southern California, and Cornell Tech.

Intro
Our contributions
Web applications today
Solution: encrypt the data!
Example: Cloud Drive
Multi-key searchable encryption
From crypto scheme to system?
BOPET case study: Mylar
Attacks against Mylar
"Snapshot passive" threat model
The risks of metadata
Example from Mylar paper
Bigger picture on metadata
Active threat model
Plaintext recovery attack
Collusion w/ compromised client
Experiments
Powerful attack
Bigger picture on active attacks
Conclusion
Defining security for MKSE