Abstract for Percival: Securely Searching a Secret Split Archive
Encryption is not well suited for long-term data archival of sensitive information. Fundamentally one can think of encryption as delayed release for a determined adversary. Previous work proposed an archive based on Shamir secret splitting. Such systems offer great promise and can operate under the assumption of adversarial compromise. Nevertheless without the ability to search an archive it is highly likely any realistic deployment would have users holding pointers to sensitive information in convenient locations. Security would degrade to the archival equivalent of postits with passwords.
To address this need we present Percival, a novel technique to enable search across a secret split archive, wherein the bulk of work in searching is done by the data repositories, which are not only blinded to the data specifics of the search request, but also remain blind to the data in the archive. All of this is accomplished in an environment which provides information-theoretic secure data protection from external adversaries and inhibits insider threats yet simultaneously fosters information sharing of vital and sensitive data.
Percival leverages pre-indexing, keyed hashing and bloom filters to enable searching across data in such a way that, even if the archive is compromised, no information is exposed. When testing this design using both the Gutenberg Library and Wikipedia as corpora, it was found that data can be ingested at a rate of 20 MB/sec, and searches can be conducted at a rate of 5 micro-sec per file with negligible false positive rate.
Presenter: Joel C. Frank, Second year, University of California, Santa Cruz