Breaking Web Applications Built On Top of Encrypted Data
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore a conference talk from CCS 2016 that delves into the vulnerabilities of web applications built on encrypted data. Learn about the authors' contributions, the current state of web applications, and the proposed solution of data encryption. Examine a case study on Mylar, including attacks against it and the risks associated with metadata. Investigate active threat models, plaintext recovery attacks, and collusion with compromised clients. Gain insights into powerful attacks and their broader implications. Conclude with a discussion on defining security for multi-key searchable encryption (MKSE) in this 29-minute presentation by researchers from Cornell University, University of Texas at Austin, University of Southern California, and Cornell Tech.
Syllabus
Intro
Our contributions
Web applications today
Solution: encrypt the data!
Example: Cloud Drive
Multi-key searchable encryption
From crypto scheme to system?
BOPET case study: Mylar
Attacks against Mylar
"Snapshot passive" threat model
The risks of metadata
Example from Mylar paper
Bigger picture on metadata
Active threat model
Plaintext recovery attack
Collusion w/ compromised client
Experiments
Powerful attack
Bigger picture on active attacks
Conclusion
Defining security for MKSE
Taught by
ACM CCS
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network