Skip to Main content Skip to Navigation
New interface
Conference papers

The Power of Evil Choices in Bloom Filters

Thomas Gerbet 1 Amrit Kumar 2 Cédric Lauradoux 2 
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : A Bloom filter is a probabilistic hash-based data structure extensively used in software including online security applications. This paper raises the following important question: Are Bloom filters correctly designed in a security context? The answer is no and the reasons are multiple: bad choices of parameters, lack of adversary models and misused hash functions. Indeed, developers truncate cryptographic digests without a second thought on the security implications. This work constructs adversary models for Bloom filters and illustrates attacks on three applications, namely Scrapy web spider, Bitly Dablooms spam filter and Squid cache proxy. As a general impact, filters are forced to systematically exhibit worst-case behavior. One of the reasons being that Bloom filter parameters are always computed in the average case. We compute the worst-case parameters in adversarial settings, show how to securely and efficiently use cryptographic hash functions and propose several other countermeasures to mitigate our attacks.
Document type :
Conference papers
Complete list of metadata
Contributor : Cédric Lauradoux Connect in order to contact the contributor
Submitted on : Tuesday, September 15, 2015 - 8:03:36 AM
Last modification on : Thursday, August 4, 2022 - 5:18:35 PM


  • HAL Id : hal-01199150, version 1



Thomas Gerbet, Amrit Kumar, Cédric Lauradoux. The Power of Evil Choices in Bloom Filters. Annual IEEE/IFIP International Conference on Dependable Systems and Networks - DSN 2015, Jun 2015, Rio De Janeiro, Brazil. ⟨hal-01199150⟩



Record views