Takato Hirano

Cryptographically-Secure and Efficient Remote Cancelable Biometrics Based on Public-Key Homomorphic Encryption

Cancelable biometrics is known as a template protection approach, and concrete protocols with high accuracy and efficiency have been proposed. Nevertheless, most known protocols, including the Hattori et al. protocol (Journal of Information Processing, 2012), pay little attention to security against the replay attack, which leads to severe authenticity violation in the remote authentication setting. In this paper, we revisit the Hattori et al. protocol based on the Boneh-Goh-Nissim encryption scheme, and propose a secure variant while keeping user-friendliness of the original protocol. Our protocol uses the revocation method of the original protocol in a proactive manner, i.e., in our protocol, the public key assigned to a user is randomly re-generated in every authentication process. We define a general and formal security game that covers the replay attack and considers fuzziness of biometric feature extraction, and show that our protocol is secure in that model. The computation and communication costs of our protocol are more efficient than those of similar protocols.

Simple, Secure, and Efficient Searchable Symmetric Encryption with Multiple Encrypted Indexes

In searchable symmetric encryption (SSE), adding documents to a database is an indispensable functionality in real situations, and there are two approaches for executing the process: One approach is to update the encrypted index, and the other is to generate a new encrypted index. The former approach is called dynamic SSE, which has been extensively studied recently due to its importance. The latter approach has an advantage such that it can be directly applied to any existing SSE scheme without degrading its original functionalities, but previous methods are not satisfactory from a viewpoint of security, storage size, or efficiency. In this paper, we propose a simple document adding method that resolve the problem occurred in the latter approach. Our method is quite generic, and therefore can be applied to any existing SSE scheme (e.g. non-dynamic one with useful functionalities). Our key idea is to utilize publicly available information and hash chains in construction of encrypted indexes. In order to exhibit the ability of our method, we present a concrete scheme which is led by applying our method to the well-known and influential scheme SSE-2 (ACM CCS 2006). Thanks to the simplicity of our method, the scheme can be easily proved secure under a naturally generalized setting of the most widely used security model.

Probabilistic Generation of Trapdoors: Reducing Information Leakage of Searchable Symmetric Encryption

Searchable symmetric encryption (SSE) enables a user to outsource a collection of encrypted documents in the cloud and to perform keyword searching without revealing information about the contents of the documents and queries. On the other hand, the information (called search pattern) whether or not the same keyword is searched in each query is always leaked in almost all previous schemes whose trapdoors are generated deterministically. Therefore, reducing the search pattern leakage is outside the scope of almost all previous works. In this paper, we tackle to the leakage problem of search pattern, and study methodology to reduce this leakage. Especially, we discuss that it might be possible to reduce the search pattern leakage in cases where a trapdoor does not match any encrypted document. We also point out that the same search pattern is leaked regardless of probabilistic or deterministic generation of trapdoors when the user searches using a keyword which has already searched and matched a certain encrypted document. Thus, we further aim to construct SSE schemes with fast “re-search” process, in addition to reducing the search pattern leakage. In order to achieve the above, we introduce a new technique “trapdoor locked encryption” which can extract a deterministic trapdoor from a probabilistic trapdoor, and then propose a new SSE scheme which can generate trapdoors probabilistically and reduce the search pattern leakage. Our scheme is constructed by applying our technique to the well-known and influential scheme SSE-2 (ACM CCS 2006) and can be proved secure in the standard model.

Efficient Trapdoor Generation from Multiple Hashing in Searchable Symmetric Encryption.

Searchable symmetric encryption (SSE) which can search encrypted data using encrypted keywords has been extremely studied. In Asiacrypt’10, Chase and Kamara formalized structured encryption which is a generalization of SSE, and its concrete schemes were proposed. An efficient SSE scheme (hereafter, Chase-Kamara scheme) which has a very simple encrypted index is obtained by simplifying the concrete schemes, and its adaptive security can be proved, easily. In the Chase-Kamara scheme, a search result for a keyword is represented as a bit string in which the i-th bit is 1 when the i-th document contains the keyword, and the encrypted index is built by directly masking the search result with each bit of the output of a pseudo-random function. Therefore, the Chase-Kamara scheme requires pseudo-random functions whose output lengths are longer than the number of documents that users would like to store. As a result, the trapdoor size of the Chase-Kamara scheme depends on the number of stored documents. In this paper, we propose a modified scheme whose trapdoor size does not depend on the number of stored documents. The modified scheme is constructed by using our multiple hashing technique which can transform a trapdoor of short length to that of long length without any secret information. We also show that the modified scheme achieves the same adaptive security as the Chase-Kamara scheme in the random oracle model.

Token-Based Multi-input Functional Encryption

In this paper, we put forward the notion of a token-based multi-input functional encryption (token-based MIFE) scheme – a notion intended to give encryptors a mechanism to control the decryption of encrypted messages, by extending the encryption and decryption algorithms to additionally use tokens. The basic idea is that a decryptor must hold an appropriate decryption token in addition to his secrete key, to be able to decrypt. This type of scheme can address security concerns potentially arising in applications of functional encryption aimed at addressing the problem of privacy preserving data analysis. We firstly formalize token-based MIFE, and then provide two basic schemes based on an ordinary MIFE scheme and a public key encryption scheme and a pseudorandom function (PRF), respectively. Lastly, we extend the latter construction to allow decryption tokens to be restricted to specified set of encryptions, even if all encryptions have been done using the same encryption token. This is achieved by using a constrained PRF.

On methods for privacy-preserving energy disaggregation

Household energy monitoring via smart-meters motivates the problem of disaggregating the total energy usage signal into the component energy usage and operating patterns of individual appliances. While energy disaggregation enables useful analytics, it also raises privacy concerns because sensitive household information may also be revealed. Our goal is to preserve analytical utility while mitigating privacy concerns by processing the total energy usage signal. We consider processing methods that attempt to remove the contribution of a set of sensitive appliances from the total energy signal. We show that while a simple model-based approach is effective against an adversary making the same model assumptions, it is much less effective against a stronger adversary employing neural networks in an inference attack. We also investigate the performance of employing neural networks to estimate and remove the energy usage of sensitive appliances. The experiments used the publicly available UK-DALE dataset that was collected from actual households.

Privacy-Utility Tradeoff for Applications Using Energy Disaggregation of Smart-Meter Data

Privacy-preserving data mining technologies have been studied extensively, and as a general approach, du Pin Calmon and Fawaz have proposed a data distortion mechanism based on a statistical inference attack framework. This theory has been extended by Erdogdu et al. to time-series data and been applied to energy disaggregation of smart-meter data. However, their theory assumes both smart-meter data and sensitive appliance state information are available when applying the privacy-preserving mechanism, which is impractical in typical smart-meter systems where only the total power usage is available. In this paper, we extend their approach to enable the application of a privacy-utility tradeoff mechanism to such practical applications. Firstly, we define a system model which captures both the architecture of the smart-meter system and the practical constraints that the power usage of each appliance cannot be measured individually. This enables us to formalize the tradeoff problem more rigorously. Secondly, we propose a privacy-utility tradeoff mechanism for that system. We apply a linear Gaussian model assumption to the system and thereby reduce the problem of obtaining unobservable information to that of learning the system parameters. Finally, we conduct experiments of applying the proposed mechanism to the power usage data of an actual household. The experimental results show that the proposed mechanism works partly effectively; i.e., it prevents usage analysis of certain types of sensitive appliances while at the same time preserving that of non-sensitive appliances.

SEPM: Efficient Partial Keyword Search on Encrypted Data

Searchable encryption (SE) in the public key setting is that anyone can encrypt data by using a public key and store this ciphertext on a server, and a client who has the corresponding secret key can generate search queries (say, trapdoor) in order to search for the encrypted data on the server. In this paper, we focus on partial matching in the public key setting in order to enhance usability. We call this “Searchable Encryption with Partial Matching (SEPM)”. Few previous works of SEPM employed a strategy that a client generates ciphertexts or trapdoors on all similar words closely related to a keyword in order to realize the partial matching functionality. This means that the client has to generate trapdoors for all partial matching varieties. Therefore, this approach is inefficient due to its trapdoor size. In order to overcome this disadvantage, we introduce a new concept of trapdoor conversion. When a client searches for ciphertexts on the server, he generates only one trapdoor \(\mathsf{tk}\) and sends it to the server. Then, the server generates trapdoors related to tk by using a conversion secret key which is generated in the setup phase and stored in the server, and searches ciphertexts from them. Intuitively, this trapdoor generation process is achieved by moving locations of characters included in a searching keyword. In order to realize this situation, we introduce a new cryptographic primitive, inner-product encryption with trapdoor conversion (IPE-TC). We propose a specific construction of IPE-TC based on generalized inner-product encryption and basis conversion technique on a dual pairing vector spaces approach.