Florian Kerschbaum (SAP)Title: On Leaking EncryptionIn the last decade we have seen a number of new encryption schemes for computing over encrypted data, such as searchable or property-preserving encryption. In particular in the database community these have become popular for the search over encrypted data, which is a reasonably well-defined functionality. Many of the encryption schemes leak some information about the plaintext. This allows to speed up computation and the term leakage has become central to the scientific discussion. In this talk I will first review some recent developments of these schemes particularly for range queries over encrypted data which turns out to be a very tricky problem. Then I will abstract from the discussion of the particular schemes and highlight some research challenges on the science behind these schemes. It turns out that we currently do not possess the necessary tools to make informed decisions about the security of these schemes. The slides of the presentation are available here: Florian Kerschbaum is chief research expert at SAP in Karlsruhe, Germany. His research interests are applied cryptography, security and privacy in cloud computing, big data and the Internet of Things. He defines SAP's security research strategy for applied cryptography and anonymization. He is author of 100 papers and inventor of 50 patents. He serves as associate editor (ACM Transactions on Information and Systems Security, IEEE Transactions on Dependable and Secure Computing) and program chair (ACM SACMAT 2015, 2016, ACM CCSW 2015 and ACM WISCS 2016). He participated in several EU projects including as coordinator of SecureSCM and technical lead of PRACTICE. He holds a Ph.D. in computer science from the Karlsruhe Institute of Technology, a master's degree from Purdue University, and a bachelor's degree from Berufsakademie Mannheim.BioLuca Viganò (King's College London)Title: Alpha-Beta PrivacyFormally specifying privacy goals is not trivial. The most widely used approach in formal methods is based on the static equivalence of frames in the applied pi-calculus, basically asking whether or not the intruder is able to distinguish two given worlds. A subtle question is how we can be sure that we have specified all pairs of worlds to properly reflect our intuitive privacy goal. To address this problem, we introduce a novel and declarative way to specify privacy goals, called "alpha-beta privacy", and relate it to static equivalence. This new approach is based on specifying two formulae alpha and beta in first-order logic with Herbrand universes, where alpha reflects the intentionally released information and beta includes the actual cryptographic ("technical") messages the intruder can see. Then alpha-beta privacy means that the intruder cannot derive any "non-technical" statement from beta that he cannot derive from alpha already. We describe by a variety of examples how this notion can be used in practice. Even though alpha-beta privacy does not directly contain a notion of distinguishing between worlds, there is a close relationship to static equivalence of frames that we investigate formally. This allows us to justify (and criticize) the specifications that are currently used in verification tools, and obtain partial tool support for alpha-beta privacy. Joint work with Sebastian Moedersheim and Thomas Gross. The slides of the presentation are available here: Luca Viganò graduated in Electronic Engineering at the university of his hometown, Genova, Italy, in 1994 and received his PhD in Computer Science from Saarland University, Germany, in 1997. He held a senior research scientist position at the University of Freiburg, Germany, from October 1997 to December 2002, and one at ETH Zurich, Switzerland, from January 2003 to September 2006, when he was appointed Associate Professor of Computer Science at the University of Verona, Italy. He joined King's College London in October 2013 as a Professor of Computer Science, Software Modelling and Applied Logic.BioHis research focuses on formal methods and tools for the specification, verification, and construction of secure systems, and on the theory and applications of non-classical and security logics. On these topics, he has published extensively, coordinated and participated in a large number of research and industrial projects, and taught several courses, tutorials and industrial courses. |

Conference > Program >