Seny Kamara
Microsoft Research, Redmond, Department Member
Abstract In the problem of private outsourced computation, a client wishes to delegate the evaluation of a function f on a private input x to an untrusted worker without the latter learning anything about x and f (x). This problem occurs... more
Abstract In the problem of private outsourced computation, a client wishes to delegate the evaluation of a function f on a private input x to an untrusted worker without the latter learning anything about x and f (x). This problem occurs in many applications and, most notably, in the setting of cloud computing.
Abstract Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work... more
Abstract Secure function evaluation (SFE) allows a set of mutually distrustful parties to evaluate a function of their joint inputs without revealing their inputs to each other. SFE has been the focus of active research and recent work suggests that it can be made practical. Unfortunately, current protocols and implementations have inherent limitations that are hard to overcome using standard and practical techniques.
Abstract Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way that this data can still be searched. The most immediate application of SSE is to cloud storage, where it enables a client to securely... more
Abstract Searchable symmetric encryption (SSE) allows a client to encrypt its data in such a way that this data can still be searched. The most immediate application of SSE is to cloud storage, where it enables a client to securely outsource its data to an untrusted cloud provider without sacrificing the ability to search over it.
Abstract We initiate the study of secure multi-party computation (MPC) in a server-aided setting, where the parties have access to a single server that (1) does not have any input to the computation;(2) does not receive any output from... more
Abstract We initiate the study of secure multi-party computation (MPC) in a server-aided setting, where the parties have access to a single server that (1) does not have any input to the computation;(2) does not receive any output from the computation; but (3) has a vast (but bounded) amount of computational resources. In this setting, we are concerned with designing protocols that minimize the computation of the parties at the expense of the server.
Abstract We present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n− 1 machines can recover any information... more
Abstract We present a general-purpose protocol that enables a client to delegate the computation of any function to a cluster of n machines in such a way that no adversary that corrupts at most n− 1 machines can recover any information about the client's input or output. The protocol makes black-box use of multi-party computation (MPC) and secret sharing and inherits the security properties of the underlying MPC protocol (ie, passive vs. adaptive security and security in the presence of a semi-honest vs. malicious adversary).
Abstract The ability to safely keep a secret in memory is central to the vast majority of security schemes, but storing and erasing these secrets is a difficult problem in the face of an attacker who can obtain unrestricted physical... more
Abstract The ability to safely keep a secret in memory is central to the vast majority of security schemes, but storing and erasing these secrets is a difficult problem in the face of an attacker who can obtain unrestricted physical access to the underlying hardware. Depending on the memory technology, the very act of storing a 1 instead of a 0 can have physical side effects measurable even after the power has been cut.
We consider the problem of encrypting structured data (eg, a web graph or a social network) in such a way that it can be efficiently and privately queried. For this purpose, we introduce the notion of structured encryption which... more
We consider the problem of encrypting structured data (eg, a web graph or a social network) in such a way that it can be efficiently and privately queried. For this purpose, we introduce the notion of structured encryption which generalizes previous work on symmetric searchable encryption (SSE) to the setting of arbitrarily-structured data. We present a model for structured encryption, a formal security definition and several efficient constructions.
Abstract Cloud storage provides a highly available, easily accessible and inexpensive remote data repository to clients who cannot afford to maintain their own storage infrastructure. While many applications of cloud storage require... more
Abstract Cloud storage provides a highly available, easily accessible and inexpensive remote data repository to clients who cannot afford to maintain their own storage infrastructure. While many applications of cloud storage require security guarantees against the cloud provider (eg, storage of high-impact business data or medical records), most services cannot guarantee that the provider will not see or modify client data.
We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the service provider is not completely trusted by the customer. We describe, at a high level, several architectures that... more
We consider the problem of building a secure cloud storage service on top of a public cloud infrastructure where the service provider is not completely trusted by the customer. We describe, at a high level, several architectures that combine recent and non-standard cryptographic primitives in order to achieve our goal. We survey the benefits such an architecture would provide to both customers and service providers and give an overview of recent advances in cryptography motivated specifically by cloud storage.
Abstract. Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator... more
Abstract. Proofs of storage (PoS) are interactive protocols allowing a client to verify that a server faithfully stores a file. Previous work has shown that proofs of storage can be constructed from any homomorphic linear authenticator (HLA). The latter, roughly speaking, are signature/message authentication schemes where 'tags' on multiple messages can be homomorphically combined to yield a 'tag'on any linear combination of these messages.
Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of... more
Chosen-plaintext attacks on private-key encryption schemes are currently modeled by giving an adversary access to an oracle that encrypts a given message m using random coins that are generated uniformly at random and independently of anything else. This leaves open the possibility of attacks in case the random coins are poorly generated (eg, using a faulty random number generator), or are under partial adversarial control (eg, when encryption is done by lightweight devices that may be captured and tampered with).
Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to another party in a private manner, while maintaining the ability to selectively search over it. This problem has been the focus of active... more
Searchable symmetric encryption (SSE) allows a party to outsource the storage of his data to another party in a private manner, while maintaining the ability to selectively search over it. This problem has been the focus of active research and several security definitions and constructions have been proposed. In this paper we begin by reviewing existing notions of security and propose new and stronger security definitions. We then present two constructions that we show secure under our new definitions.
Abstract Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In... more
Abstract Although biometrics have garnered significant interest as a source of entropy for cryptographic key generation, recent studies indicate that many biometric modalities may not actually offer enough uncertainty for this purpose. In this paper, we exploit a novel source of entropy that can be used with any biometric modality but that has yet to be utilized for key generation, namely associating uncertainty with the way in which the biometric input is measured.
Abstract The inability of humans to generate and remember strong secrets makes it difficult for humans to manage cryptographic keys. To address this problem, numerous proposals have been put forth to enable a human to repeatably generate... more
Abstract The inability of humans to generate and remember strong secrets makes it difficult for humans to manage cryptographic keys. To address this problem, numerous proposals have been put forth to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population. In this paper we show that the practical security requirements for such schemes remain poorly understood.
Abstract The inability of humans to generate and remember strong secrets makes it difficult for people to manage cryptographic keys. To address this problem, numerous proposals have been suggested to enable a human to repeatably generate... more
Abstract The inability of humans to generate and remember strong secrets makes it difficult for people to manage cryptographic keys. To address this problem, numerous proposals have been suggested to enable a human to repeatably generate a cryptographic key from her biometrics, where the strength of the key rests on the assumption that the measured biometrics have high entropy across the population.
Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation... more
Abstract The Plutus file system introduced the notion of key rotation as a means to derive a sequence of temporally-related keys from the most recent key. In this paper we show that, despite natural intuition to the contrary, key rotation schemes cannot generically be used to key other crypto-graphic objects; in fact, keying an encryption scheme with the output of a key rotation scheme can yield a composite system that is insecure.
Due to its low communication cost, stateful broadcast encryption is an appealing solution for secure content distribution in mobile ad hoc wireless networks (MANETs). Unfortunately, the inherent limitations of MANETs prevent a standard... more
Due to its low communication cost, stateful broadcast encryption is an appealing solution for secure content distribution in mobile ad hoc wireless networks (MANETs). Unfortunately, the inherent limitations of MANETs prevent a standard application of such schemes since they require receivers to be online. In this paper, we present a reliable message delivery mechanism for MANETs that is based on erasure codes and that leverages node mobility in order to achieve non-interactive recovery of missed messages.
Biometrics play an increasingly important role in the context of access control techniques as they promise to overcome the problems of forgotten passwords or passwords that can be guessed easily. In this paper we introduce and provide a... more
Biometrics play an increasingly important role in the context of access control techniques as they promise to overcome the problems of forgotten passwords or passwords that can be guessed easily. In this paper we introduce and provide a formal definition of the notion of secret locking which generalizes a previously introduced concept for cryptographic key extraction from biometrics. We give details on an optimized implementation of the scheme which show that its performance allows the system for use in practice.
Abstract We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its... more
Abstract We present a discrete-event network simulator, called Simnet, designed specifically for analyzing network-security protocols. The design and implementation is focused on simplicity of abstraction and extensibility. Moreover, its modular architecture allows operators to dynamically customize running simulations. To demonstrate its strengths we present cases studies that focus on examining security-centric problem domains.
Abstract Quantum information theory provides a foundation for such topics as quantum cryptography, quantum error-correction and quantum teleportation. This paper seeks to provide an introduction to quantum information theory for... more
Abstract Quantum information theory provides a foundation for such topics as quantum cryptography, quantum error-correction and quantum teleportation. This paper seeks to provide an introduction to quantum information theory for non-physicists at an undergraduate level. It covers basic concepts in quantum mechanics as well as in information theory, and proceeds to explore some results such as Von Neumann entropy, Schumacher coding and quantum error-correction.
Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all... more
Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. As it is infeasible to examine and test each firewall for all possible potential problems, a taxonomy is needed to understand firewall vulnerabilities in the context of firewall operations. This paper describes a novel methodology for analyzing vulnerabilities in Internet firewalls.