In many computer systems today, an attacker that compromises just one system component can steal many users’ data. Unfortunately, past experience shows that attackers are very effective at compromising system components, whether by exploiting some software vulnerability, compromising hardware, or launching a phishing attack.
In this thesis, we show how to build systems that provide strong security and privacy properties even if the individual components are insecure. This way, even if an attacker compromises any single component in the system, it cannot compromise user security and privacy. While this property is possible to achieve in theory using general-purpose cryptographic techniques, the challenge is to instantiate it efficiently in practice. The key idea is to co-design the system with the cryptography to reduce costs.
We examined two core aspects of this problem: hiding queries and securing accounts. Users who store their data encrypted at servers still need to query their data. We built systems that provide both strong privacy guarantees and good concrete efficiency for keyword search (DORY), time-series analytics queries (Waldo), and object stores (Snoopy). Users also need to protect their accounts in the event of client device loss or compromise, but also in the event of service provider compromise. We built an encrypted backup system that relies on secure hardware without fully trusting it (SafetyPin) and a service that records every authentication without learning private information (larch).
The Signal end-to-end encrypted messaging application uses some of the techniques in Snoopy to scale its private contact discovery service, which privately matches user contacts to Signal users.