Earlier this week, I presented the paper Inference Attacks on Property-Preserving Encrypted Databases by Naveed, Kamara and Wright, published in 2015, as part of the seminar Current Topics in Information Security. The slides of my talk can be found here.

The main goals of the seminar are the independent study of scientific literature and assessment of its contributions. The focus was on the critical evaluation of the paper. Throughout the preparation for the presentation, I was supervised by Prof. Dr. Kenny Paterson.

I was particularly intrigued by the insight that, despite much theoretical evidence, it is often only possible to convince the interested public of the insecurity of a technology with tangible practical findings. In the case of the paper by Naveed, Kamara and Wright, the insecurity of property-preserving encrypted databases - especially deterministic encryption and order-preserving encryption - had already been proven in numerous well-known papers many years before its publication. But it was only with the practical evidence of the inference attacks using an illustrative example (electronic medical records) that a broader public could be reached.