Reducing Metadata Leakage from Encrypted Files and Communication with PURBs

  title={Reducing Metadata Leakage from Encrypted Files and Communication with PURBs},
  author={Kirill Nikitin and Ludovic Barman and Matthew Underwood and Bryan Ford},
  journal={Proceedings on Privacy Enhancing Technologies},
  pages={33 - 6}
Abstract Most encrypted data formats leak metadata via their plaintext headers, such as format version, encryption schemes used, number of recipients who can decrypt the data, and even the recipients’ identities. This leakage can pose security and privacy risks to users, e.g., by revealing the full membership of a group of collaborators from a single encrypted e-mail, or by enabling an eavesdropper to fingerprint the precise encryption software version and configuration the sender used. We… Expand
2FE: Two-Factor Encryption for Cloud Storage
Two-Factor Encryption (2FE) is designed, which draws inspiration from two-factor authentication and turns file encryption and decryption into an interactive process where two user devices, like a laptop and a smartphone, must interact and provides strong confidentiality and availability guarantees. Expand
SoK: why Johnny can't fix PGP standardization
The core reason for the inability to "fix" PGP is the lack of a simple AEAD interface which in turn requires a decentralized public key infrastructure to work with email, yet even if standards like MLS replace PGP, the deployment of a decentralized PKI remains an open issue. Expand
Federated Learning Framework with Straggling Mitigation and Privacy-Awareness for AI-based Mobile Application Services
In this work, we propose a novel framework to address straggling and privacy issues for federated learning (FL)-based mobile application services, taking into account limited computing/communicationsExpand
Optimally Hiding Object Sizes with Constrained Padding
This paper gives algorithms to compute privacy-optimal padding schemes—specifically that minimize the network observer's information gain from a downloaded object’s padded size—in several scenarios of interest, comparing them to recent contenders in the research literature, and evaluating their performance on practical datasets. Expand
Deniable Upload and Download via Passive Participation
CoverUp is a system that enables users to asynchronously upload and download data and introduces a trusted party to involve visitors from a collaborating website, to enable plausible deniability while providing or accessing controversial information. Expand
The Computer for the 21st Century – Second Edition for Europe: Open-source Projects, Consumer Activism, and Collaboration Will Make Privacy the Central Pillar of Innovation and Cause a Technology Industry Where Creative Ideas From Small Market Players Can Flourish
The privacy of personal data is a human right that is systematically violated in the computing industry, according to human rights organisations. The vision that technology would help societyExpand
  • Harry Halpin
  • Proceedings of the 15th International Conference on Availability, Reliability and Security
  • 2020


Key-Privacy in Public-Key Encryption
It is proved that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme providing anonymity under choosing-ciphertext attack under the same assumption. Expand
Privacy in Encrypted Content Distribution Using Private Broadcast Encryption
A private broadcast scheme is constructed, with a strong privacy guarantee against an active attacker, that achieves ciphertext length, encryption time, and decryption time comparable with the non-private schemes currently used in encrypted file systems. Expand
Nonce-Based Symmetric Encryption
This work investigates an alternative syntax for an encryption scheme, where the encryption process e is a deterministic function that surfaces an initialization vector (IV) that is guaranteed to be a nonce-something that takes on a new value with every message one encrypts. Expand
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered. Expand
Outsider-Anonymous Broadcast Encryption with Sublinear Ciphertexts
This paper proposes the first broadcast encryption scheme with sublinear ciphertexts to attain meaningful guarantees of receiver anonymity, and formalizes the notion of outsider-anonymous broadcast encryption (oABE), and describes generic constructions in the standard model that achieve outsider- anonymity under adaptive corruption in the chosen-plaintext and chosen-ciphertext settings. Expand
Compression and Information Leakage of Plaintext
This paper describes a somewhat different kind of side-channel provided by data compression algorithms, yielding information about their inputs by the size of their outputs, and discusses ways to use this apparently very small leak of information in surprisingly powerful ways. Expand
Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML
  • Donald T. Davis
  • Computer Science
  • USENIX Annual Technical Conference, General Track
  • 2001
This paper analyzes the Sign & Encrypt protocol, reviews the defective sign/encrypt standards, and describes a comprehensive set of simple repairs, which all have a common feature: when signing and encryption are combined, the inner crypto layer must somehow depend on the outer layer, so as to reveal any tampering with the inner layer. Expand
Multi-Recipient Encryption Schemes : Efficient Constructions and their Security
This paper proposes several new schemes which allow a sender to send encrypted messages to multiple recipients more efficiently (in terms of bandwidth and computation) than by using a standardExpand
Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier
A novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes and outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values. Expand
Multirecipient Encryption Schemes: How to Save on Bandwidth and Computation Without Sacrificing Security
A way to avoid ad hoc analyses is shown by providing a general test that can be applied to a standard encryption scheme to determine whether the associated randomness reusing MRES is secure. Expand