Scalable Encrypted Verifiable Search
Download
Report
Transcript Scalable Encrypted Verifiable Search
Scalable Encrypted Verifiable
Search
Progress Update
Daniel Intskirveli & Johannes Christ
Progress
• Command line interactive search tool
• Server rewrite: Java → Scala
• Search protocol implementation
• Login/sign-up flow polish
• Database schema optimization (3NF, indexes)
• Lots of bug fixes in databases generation code:
• Serialization from big integer to byte array and back
• Authenticated set edge cases
• Authenticated set bucketing
Search protocol
Client
Server
Authentication request
Verify credentials, send auth. Token
Use auth. token for communication
Stage 1: query authenticated word set
Verify word set
Stage 2: query tag set
Verify tags
(exit for single-word searches)
Stage 3: query cross tag set
Verify cross tags
List results with matches.
Request for end of session
Create search session (UUID)
Store search token as well as public/shared
keys retrieved from database
Query word set and send result
Retrieve tags for search token, store them
Send tags for verification
Query cross tag set.
For found tags, find document name.
Send cross tags and document names.
Destroy session for user’s search session
cookie.
Search demo
Database generated with small excerpts from:
•
•
•
•
•
•
•
•
1984, George Orwell
Alice’s Adventures in Wonderland, Lewis Carroll
Inaugural address, John F. Kennedy
The Corps, and The Corps, and The Corps, Douglass MacArthur
Slaughterhouse-Five, Kurt Vonnegut
A Tale of Two Cities, Charles Dickens
20,000 Leagues Under The Sea, Jules Verne
I Have a Dream, Martin Luther King
Server Signup/Login Flow (Demo)
Signup
1. User provides email
2. User receives sign-up link via email
3. User enters details
4. Server finds Gravatar
Login
1. User enters credentials
2. Credentials are sent to server
(password is bcrypt32 hashed +
salted)
3. User reaches home page
API Authentication
1. Send credentials to /auth endpoint,
receive authentication token as
response
2. Token can be used for subsequent API
calls
Reset Password
1. Enter email
2. Receive link via email
3. Enter new password
//TODO
• Client application
• Search UI
• Third-party data requests
• Package server for deployment (RPM)
• Non-MR database generation for small datasets
• Ability to opt-out of auth. set generation (less secure but faster +
mutable database)
• Move to serialization with cross-platform support
Thanks!
Questions?