Tenured faculty member of cybersecurity group @EEMCS

Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

Distinguished Reviewer Award by ESORICS 2024

less than 1 minute read

Published:

I am pleased to share that I was honored with the Distinguished Reviewer Award by ESORICS 2024. This recognition highlights the contributions and dedication to maintaining the highest standards of peer review in the field of computer security. The Distinguished Reviewer Award is bestowed upon individuals who demonstrate outstanding commitment to ensuring the quality, rigor, and integrity of the whole ESORICS 2024 review process. I was selected for this honor based on meticulous and insightful reviews, timely feedback, and consistent efforts to help advance the cybersecurity community.

Open positions for PhD and Post-Doc

less than 1 minute read

Published:

We are recruiting self-motivated PhD and Post-Doc in blockchain and post-quantum security. Some basic requirements: PhD/MSc in computer science, math, or related field, strong knowledge of applied cryptography and interested in blockchain, strong analytical and problem-solving skills, sufficient programming knowledge, excellent communication and teamwork skills. Contract based, post-doc at least 2 years, PhD 4 years, full scholarship supported and tuition fee exempt. If you are interested, please feel free to share your CV and English certificate with me.

Opening MSc projects

less than 1 minute read

Published:

If you are interested in the MSc projects w.r.t. privacy-preserving federated learning, AI based attacks or attacks on AI, searchable encryption and its attacks, secure blockchain and smart contract, please check the “Final Project/Thesis MSc Computer Science Research group themes” in project forum or some examples at CRYPTAI lab.

Opening positions for CRYPTAI LAB

less than 1 minute read

Published:

We are currently recruiting self-motivated, talented and diligent PhD and post-docs in security and AI, post-quantum cryptography and blockchain related topics. Please feel free to contact us along with CV, list of publication, Egnlish level certificate.

EAI SECURECOMM 2022 was successfully concluded

less than 1 minute read

Published:

Many thanks for Fengjun Li (Uni. Kansas), Zhiqiang Lin (Ohio State Uni.), Sokratis Katsikas (NTNU), keynotes, all chairs and attendees of SecureComm 2022.

portfolio

CRYPTAI LAB Brief Intro

As the world top 10 engineering and technology University, TU Delft is keen to deliver the world-leading cybersecurity and AI R&D. The CRYPTAI lab (applied cryptography & AI) was found in 2021, and its vision is to pave the way to applied cryptography, information security and machine learning tools to achieve real-world intelligent security and privacy. The lab, led by Dr. Liang, focuses on the R&D on: (1) data protection mechanisms, in particular practical data protection and sharing for encrypted outsourced data solutions, searchable encryption, updatable encryption, lattice-based encryption/signature (post-quantum cryptography); (2) privacy-preserving machine/federated learning: attacks and countermeasures; and (3) application-driven blockchain (e.g., smart contract, oracles) development.

CRYPTAI’s projects

Horizon Europe TENSOR: provide Police Authorities a platform that facilitates the biometric evidence extraction, sharing, and storage in cross border environments, allowing them to share best practices in an automated, robust, secure, privacy-preserving and scalable manner. The full potential of biometrics technologies will be exploited, as well as their fusion with less distinctive features in case of partial evidence gathered.

publications

Incrementally Updateable Honey Password Vaults

Published in USENIX Security (A* conference), 2021

Password vault applications allow a user to store multiple passwords in a vault and choose a master password to encrypt the vault. In practice, attackers may steal the storage file of the vault and further compromise all stored passwords by offline guessing the master password. Honey vaults have been proposed to address the threat. By producing plausible-looking decoy vaults for wrong master passwords, honey vaults force attackers to shift offline guessing to online verifications.

Download here

Incrementally Updateable Honey Password Vaults

Published in USENIX Security (A* conference), 2021

Password vault applications allow a user to store multiple passwords in a vault and choose a master password to encrypt the vault. In practice, attackers may steal the storage file of the vault and further compromise all stored passwords by offline guessing the master password. Honey vaults have been proposed to address the threat. By producing plausible-looking decoy vaults for wrong master passwords, honey vaults force attackers to shift offline guessing to online verifications.

Download here

No-directional and Backward-leak Uni-directional Updatable Encryption are Equivalent

Published in ESORICS (A conference), 2022

Updatable encryption (UE) enables the cloud server to update the previously sourced encrypted data to a new key with only an update token received from the client. Two interesting works have been proposed to clarify the relationships among various UE security notions. Jiang (ASIACRYPT 2020) proved the equivalence of every security notion in the bi-directional and uni-directional key update settings and further, the security notion in the no-directional key update setting is strictly stronger than the above two. In contrast, Nishimaki (PKC 2022) proposed a new definition of uni-directional key update that is called the backward-leak uni-directional key update, and showed the equivalence relation by Jiang does not hold in this setting. We present a detailed comparison of every security notion in the four key update settings and prove that the security in the backward-leak uni-directional key update setting is actually equivalent to that in the no-directional key update setting. Our result reduces the hard problem of constructing no-directional key update UE schemes to the construction of those with backward-leak uni-directional key updates.

Download here

DEKS: a Secure Cloud-based Searchable Service can Make Attackers Pay

Published in ESORICS (A conference), 2022

Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based searchable services. Avoiding the use of complex (and unreasonable) assumptions, as compared to existing works, DEKS optionally leverages a catalyst that enables one (e.g., a valid data user) to easily execute encryption; without the catalyst, any unauthenticated system insiders and outsiders take severe time consumption on encryption. By this, DEKS can overwhelm a KGA attacker in the encryption stage before it obtains any advantage. We leverage the repeated squaring function, which is the core building block of our design, to construct the first DEKS instance. The experimental results show that DEKS is practical in thwarting KGA for both small and large-scale datasets. For example, in the Wikipedia, a KGA attacker averagely takes 7.23 years to break DEKS when the delay parameter T=2^{24}. The parameter T can be flexibly adjusted based on practical needs, and theoretically, its upper bound is infinite.

Download here

DEFEAT: Deep Hidden Feature Backdoor Attacks by Imperceptible Perturbation and Latent Representation Constraints

Published in CVPR (A* conference), 2022

Backdoor attack is a type of serious security threat to deep learning models. An adversary can provide users with a model trained on poisoned data to manipulate prediction behavior in test stage using a backdoor. The backdoored models behave normally on clean images, yet can be activated and output incorrect prediction if the input is stamped with a specific trigger pattern. Most existing backdoor attacks focus on manually defining imperceptible triggers in input space without considering the abnormality of triggers’ latent representations in the poisoned model. These attacks are susceptible to backdoor detection algorithms and even visual inspection. In this paper, We propose a novel and stealthy backdoor attack - DEFEAT. It poisons the clean data using adaptive imperceptible perturbation and restricts latent representation during training process to strengthen our attack’s stealthiness and resistance to defense algorithms. We conduct extensive experiments on multiple image classifiers using real-world datasets to demonstrate that our attack can 1) hold against the state-of-the-art defenses, 2) deceive the victim model with high attack success without jeopardizing model utility, and 3) provide practical stealthiness on image data.

Download here

High Recovery with Fewer Injections: Practical Binary Volumetric Injection Attacks against Dynamic Searchable Encryption

Published in USENIX Security (A* conference), 2023

Searchable symmetric encryption enables private queries over an encrypted database, but it can also result in information leakages. Adversaries can exploit these leakages to launch injection attacks (Zhang et al., USENIX Security’16) to recover the underlying keywords from queries. The performance of the existing injection attacks is strongly dependent on the amount of leaked information or injection. In this work, we propose two new injection attacks, namely BVA and BVMA, by leveraging a binary volumetric approach. We enable adversaries to inject fewer files than the existing volumetric attacks by using the known keywords and reveal the queries by observing the volume of the query results. Our attacks can thwart well-studied defenses (e.g., threshold countermeasure, padding) without exploiting the distribution of target queries and client databases. We evaluate the proposed attacks empirically in real-world datasets with practical queries. The results show that our attacks can obtain a high recovery rate (> 80\%) in the best-case scenario and a roughly 60\% recovery even under a large-scale dataset with a small number of injections (< 20 files)

Download here

The Power of Bamboo: On the Post-Compromise Security for Searchable Symmetric Encryption

Published in NDSS (A* conference), 2023

Dynamic searchable symmetric encryption (DSSE) enables users to delegate the keyword search over dynamically updated encrypted databases to an honest-but-curious server without losing keyword privacy. This paper studies a new and practical security risk to DSSE, namely, secret key compromise (e.g., a user’s secret key is leaked or stolen), which threatens all the security guarantees offered by existing DSSE schemes. To address this open problem, we introduce the notion of searchable encryption with key-update (SEKU) that provides users with the option of non-interactive key updates. We further define the notion of post-compromise secure with respect to leakage functions to study whether DSSE schemes can still provide data security after the client’s secret key is compromised. We demonstrate that post-compromise security is achievable with a proposed protocol called ``Bamboo”. Interestingly, the leakage functions of Bamboo satisfy the requirements for both forward and backward security. We conduct a performance evaluation of Bamboo using a real-world dataset and compare its runtime efficiency with the existing forward-and-backward secure DSSE schemes. The result shows that Bamboo provides strong security with better or comparable performance.

Download here

CCA-1 Secure Updatable Encryption with Adaptive Security

Published in ASIACRYPT (A conference), 2023

Updatable encryption (UE) enables a cloud server to update ciphertexts using client-generated tokens. There are two types of UE: ciphertext-independent (c-i) and ciphertext-dependent (c-d). In terms of construction and efficiency, c-i UE utilizes a single token to update all ciphertexts. The update mechanism relies mainly on the homomorphic properties of exponentiation, which limits the efficiency of encryption and updating. Although c-d UE may seem inconvenient as it requires downloading parts of the ciphertexts during token generation, it allows for easy implementation of the Dec-then-Enc structure. This methodology significantly simplifies the construction of the update mechanism. Notably, the c-d UE scheme proposed by Boneh et al. (ASIACRYPT’20) has been reported to be 200 times faster than prior UE schemes based on DDH hardness, which is the case for most existing c-i UE schemes. Furthermore, c-d UE ensures a high level of security as the token does not reveal any information about the key, which is difficult for c-i UE to achieve. However, previous security studies on c-d UE only addressed selective security; the studies for adaptive security remain an open problem.

Download here

Similar Data is Powerful: Enhancing Inference Attacks on SSE with Volume Leakages

Published in ESORICS (A conference), 2024

Searchable symmetric encryption (SSE) schemes provide users with the ability to perform keyword searches on encrypted databases without the need for decryption. While this functionality is advantageous, it introduces the potential for inadvertent information disclosure, thereby exposing SSE systems to various types of attacks. In this work, we introduce a new inference attack aimed at enhancing the query recovery accuracy of RefScore (presented at USENIX 2021). The proposed approach capitalizes on both similar data knowledge and an additional volume leakage as auxiliary information, facilitating the extraction of keyword matches from leaked data. Empirical evaluations conducted on multiple real-world datasets demonstrate a notable enhancement in query recovery accuracy, up to 19.5\%. We also analyze the performance of the proposed attack in the presence of diverse countermeasures.

Download here

Query Recovery from Easy to Hard: Jigsaw Attack against SSE

Published in USENIX Security (A* conference), 2024

Searchable symmetric encryption schemes often unintentionally disclose certain sensitive information, such as access, volume, and search patterns. Attackers can exploit such leakages and other available knowledge related to the user’s database to recover queries. We find that the effectiveness of query recovery attacks depends on the volume or frequency distribution of keywords. Queries containing keywords with high volumes or frequencies are more susceptible to recovery, even when countermeasures are implemented. Attackers can also effectively leverage these “special” queries to recover all others. By exploiting the above finding, we propose a Jigsaw attack that begins by accurately identifying and recovering those distinctive queries. Leveraging the volume, frequency, and co-occurrence information, our attack achieves 90\% accuracy in three tested datasets, which is comparable to previous attacks (Oya et al., USENIX22 and Damie et al., USENIX21). With the same runtime, our attack demonstrates an advantage over the attack proposed by Oya et al (approximately 15\% more accuracy when the keyword universe size is 15k). Furthermore, our proposed attack outperforms existing attacks against widely studied countermeasures, achieving roughly 60\% and 85\% accuracy against the padding and the obfuscation, respectively. In this context, with a large keyword universe (>=3k), it surpasses current state-of-the-art attacks by more than 20\%.

Download here

Inject Less, Recover More: Unlocking the Potential of Document Recovery in Injection Attacks Against SSE

Published in IEEE CSF (A conference), 2024

Searchable symmetric encryption has been vulnerable to inference attacks that rely on uniqueness in leakage patterns. However, many keywords in datasets lack distinctive leakage patterns, limiting the effectiveness of such attacks. The file injection attacks, initially proposed by Cash et al. (CCS 2015), have shown impressive performance with 100\% accuracy and no prior knowledge requirement. Nevertheless, this attack fails to recover queries with underlying keywords not present in the injected files. To address these limitations, our research introduces a novel attack strategy called LEAP-Hierarchical Fusion Attack (LHFA) that combines the strengths of both file injection attacks and inference attacks. Before initiating keyword injection, we introduce a new approach for inert/active keyword selection. In the phase of selecting injected keywords, we focus on keywords without unique leakage patterns and recover them, leveraging their presence for document recovery. Our goal is to achieve an amplified effect in query recovery. We demonstrate a minimum query recovery rate of 1.3 queries per injected keyword with a 10\% data leakage of a real-life dataset, and initiate further research to overcome challenges associated with non-distinctive keywords.

Download here

d-DSE: Distinct Dynamic Searchable Encryption Resisting Volume Leakage in Encrypted Databases

Published in USENIX Security (A* conference), 2024

Dynamic Searchable Encryption (DSE) has emerged as a solution to efficiently handle and protect large-scale data storage in encrypted databases (EDBs). Volume leakage poses a significant threat, as it enables adversaries to reconstruct search queries and potentially compromise the security and privacy of data. Padding strategies are common countermeasures for the leakage, but they significantly increase storage and communication costs. In this work, we develop a new perspective to handle volume leakage. We start with distinct search and further explore a new concept called \textit{distinct} DSE (\textit{d}-DSE). We also define new security notions, in particular Distinct with Volume-Hiding security, as well as forward and backward privacy, for the new concept. Based on \textit{d}-DSE, we construct the \textit{d}-DSE designed EDB with related constructions for distinct keyword (d-KW-\textit{d}DSE), keyword (KW-\textit{d}DSE), and join queries (JOIN-\textit{d}DSE) and update queries in encrypted databases. We instantiate a concrete scheme \textsf{BF-SRE}, employing Symmetric Revocable Encryption. We conduct extensive experiments on real-world datasets, such as Crime, Wikipedia, and Enron, for performance evaluation. The results demonstrate that our scheme is practical in data search and with comparable computational performance to the SOTA DSE scheme (\textsf{MITRA}*, \textsf{AURA}) and padding strategies (\textsf{SEAL}, \textsf{ShieldDB}). Furthermore, our proposal sharply reduces the communication cost as compared to padding strategies, with roughly 6.36 to 53.14x advantage for search queries.

Download here

talks

teaching