<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">"Lori A. Bailey" <<a href="mailto:lbailey@Princeton.EDU" class="">lbailey@Princeton.EDU</a>><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">EE Seminar - December 1, 2015, 4:30 pm, E-Quad B205 - Muhammad Naveed</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">November 13, 2015 at 10:41:48 AM EST<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><a href="mailto:ee-seminar@Princeton.EDU" class="">ee-seminar@Princeton.EDU</a><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(0, 0, 0, 1.0);" class=""><b class="">Reply-To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">"Lori A. Bailey" <<a href="mailto:lbailey@Princeton.EDU" class="">lbailey@Princeton.EDU</a>><br class=""></span></div><br class=""><div class=""><div class="WordSection1" style="page: WordSection1; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-align: center; text-indent: 0.5in;" class=""><span style="font-family: Georgia, serif; color: rgb(31, 73, 125);" class=""><img class="" apple-inline="yes" id="BA750285-52C7-4407-B819-8C71788968F8" height="160" width="480" apple-width="yes" apple-height="yes" src="cid:image001.jpg@01CC834C.F1941A30"><o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif; color: rgb(31, 73, 125);" class=""> </span></b></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Speaker: Muhammad Naveed<o:p class=""></o:p></span></b></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><span style="font-family: Georgia, serif;" class=""> University of Illinois at Urbana-Champaign<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Title: Inference Attacks on Property-Preserving Encrypted Databases<i class=""><o:p class=""></o:p></i></span></b></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Date: December 1, 2015<o:p class=""></o:p></span></b></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Time: <span class="Apple-converted-space"> </span></span></b><span style="font-family: Georgia, serif;" class="">4:30 p.m.<span class="Apple-converted-space"> </span><b class=""><o:p class=""></o:p></b></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Room: <span class="Apple-converted-space"> </span></span></b><span style="font-family: Georgia, serif;" class="">E</span><span style="font-family: Georgia, serif;" class="">-Quad, Room B205<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Host: Prof. Prateek Mittal<o:p class=""></o:p></span></b></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in;" class=""><b class=""><span style="font-family: NewCenturySchlbk;" class=""> </span></b></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Abstract: </span></b><span style="font-family: Georgia, serif;" class="">Many encrypted database (EDB) systems have been proposed in the last few years as cloud computing has grown in popularity and data breaches have increased. The state-of-the-art EDB systems for relational databases can handle SQL queries over encrypted data and are competitive with commercial database systems. These systems, most of which are based on the design of CryptDB (SOSP 2011), achieve these properties by making use of property-preserving encryption schemes such as deterministic (DTE) and order-preserving encryption (OPE). <br class=""><br class="">In this paper, we study the concrete security provided by such systems. We present a series of attacks that recover the plaintext from DTE- and OPE-encrypted database columns using only the encrypted column and publicly-available auxiliary information. We consider well-known attacks, including frequency analysis and sorting, as well as new attacks based on combinatorial optimization. <br class=""><br class="">We evaluate these attacks empirically in an electronic medical records (EMR) scenario using real patient data from 200 U.S. hospitals. When the encrypted database is operating in a steady-state where enough encryption layers have been peeled to permit the application to run its queries, our experimental results show that an alarming amount of sensitive information can be recovered. In particular, our attacks correctly recovered certain OPE-encrypted attributes (e.g., age and disease severity) for more than 80% of the patient records from 95% of the hospitals; and certain DTE-encrypted attributes (e.g., sex, race, and mortality risk) for more than 60% of the patient records from more than 60% of the hospitals.<br class=""><br class="">The paper appeared at ACM CCS 2015 and is available at: <a href="http://research.microsoft.com/en-us/um/people/senyk/pubs/edb.pdf" style="color: purple; text-decoration: underline;" class=""><span style="color: windowtext; text-decoration: none;" class="">http://research.microsoft.com/en-us/um/people/senyk/pubs/edb.pdf</span></a>.<br class=""><br class=""><b class=""><o:p class=""></o:p></b></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-family: Georgia, serif;" class="">Biography: <span class="Apple-converted-space"> </span></span></b><span style="font-family: Georgia, serif;" class="">Muhammad Naveed is a fifth (and final) year PhD student in computer science at the University of Illinois at Urbana-Champaign. He is currently visiting Prof. Elaine Shi at the Cornell University. He develops provably-secure and practical cryptographic systems for real applications. He also works on systems security and genomics privacy. He is a recipient of the 2015 Google PhD fellowship in Security, the Sohaib and Sara Abbasi fellowship (2011–2016), and CS@Illinois C.W. Gear Outstanding Graduate Student Award. See his homepage <a href="http://www.cryptoonline.com/" style="color: purple; text-decoration: underline;" class=""><span style="color: windowtext; text-decoration: none;" class="">www.cryptoonline.com</span></a> for more details.</span></div></div></div></blockquote></div><br class=""></body></html>