Corelab Seminar

Charalampos Papamanthou
Leakage Abuse Attacks in Encrypted Databases

Since the seventies, one of the holy grails of cryptography has been the invention of encryption algorithms that allow computation to be performed directly on ciphertexts without prior decryption. While heavy cryptographic hammers like fully-homomorphic encryption and oblivious RAMs can address (versions of) the aforementioned problem with ideal security guarantees, encrypted databases provide a more practical alternative. An encrypted database achieves considerable efficiency by releasing some formally-defined and superficially harmless information, known as leakage. However, it turns out such leakage can lead to complete value reconstruction of the database! In this talk I will review some of the basic techniques to perform database reconstruction from range search leakage and then I will present my recent work on query distribution-agnostic attacks on encrypted databases. I will conclude with some suggestions about how to argue formally about the security of encrypted databases.

This talk is based on joint works with Evgenios Kornaropoulos (UC Berkeley), Alexandros Psomas (Purdue University), Dawn Song (UC Berkeley) and Roberto Tamassia (Brown University).

Bio: Charalampos Papamanthou is the Director of the Maryland Cybersecurity Center (MC2) and an Associate Professor of Electrical and Computer Engineering at the University of Maryland, College Park, where he joined in 2013 after a postdoc at UC Berkeley. At Maryland, he is also affiliated with the Institute for Advanced Computer Studies (UMIACS) and the Department of Computer Science. He works on applied cryptography and computer security—and especially on technologies, systems and theory for secure and private cloud computing. While at College Park, he received the NSF CAREER award, the Google Faculty Research Award, the Yahoo! Faculty Research Engagement Award, the NetApp Faculty Fellowship, the UMD Invention of the Year Award, the Jimmy Lin Award for Invention, the George Corcoran Award for Excellence in Teaching and was also finalist for the 2020 Facebook Privacy Research award. His research has been funded by federal agencies (NSF, NIST and NSA) and by the industry (Google, Yahoo!, NetApp, VMware, Amazon and Ergo). His PhD is in Computer Science from Brown University (2011) and he also holds an MSc in Computer Science from the University of Crete (2005), where he was a member of ICS-FORTH. His work has received over 7,400 citations and he has published in venues and journals spanning theoretical and applied cryptography, systems and database security, graph algorithms and visualization and operations research. Beginning July 2021, he will be joining Yale University as an Associate Professor of Computer Science.