Hello, I am Tarik Moataz

Ph.D. Student at Colorado State University and Telecom Bretagne.

I am a 4th year Ph.D. student in Computer Science. I am pursuing a French-American join Ph.D. program between Telecom Bretagne and Colorado State University, my supervisors in CSU are Prof. Indrakshi Ray and Prof. Indrajit Ray and my supervisors in TB are Prof. Nora Cuppens and Prof. Frédéric Cuppens.

I have the chance to work closely with awesome researchers. I spent summer 2014 as a visiting research student at Northeastern University working with Erik-Oliver Blass, Travis Mayberry and Guevara Noubir.

I was also fortunate to spend summer 2015 as a research intern in the Cryptography Group at Microsoft Research working with Seny Kamara.

I have spent two months of Spring 2016 as a Visting Research student at School of Computing National University of Singapore working with Yaoqi Jia, Shruti Tople, and Prateek Saxena.

Check out Clusion! A library implementing recent symmetric searchable encryption schemes including 2Lev (Cash et al. NDSS14), ZMF, IEX-ZMF, IEX-2Lev.

Here are my DBLP and Google Scholar links.

Research Intern

Spring 2016 (2 months)School of Computing National University of SingaporeHost: Prateek Saxena

We have been interested on investigating new directions to prevent traffic analysis on Peer-to-peer Content Sharing System (such as BitTorrent). We introduced a new construction, OblivP2P, based on recent advances of Oblivious RAM and Information-theoretic Private information retrieval that hides users' access pattern.

Research Intern

Summer 2015Microsoft Research, Redmond WA, USAHost: Seny Kamara

The internship had two main goals: first, symmetric searchable encryption schemes' enhancement in terms of efficiency and expressiveness, and designing a new construction for encrypted relational databases.

Visiting Research Student

Summer 2014Northeastern University, Boston MA, USAHost: Erik-Oliver Blass

We have been interested to many aspects of Oblivious RAM primitive, namely, tree-based Oblivious RAM bandwidth's enhancement, as well as resizable ORAM investigation.

Research Intern

Spring and Summer 2012Bell Labs, Alcatel-Lucent, Paris, FranceHost: Abdullatif Shikfa

We focused on comparing different schemes of searchable encryption based on several features such as storage and search overhead, security guarantees as well as expressiveness. Also, we came up with more expressive constructions, while providing implementation of some notable searchable encryption schemes.

CS480 Introduction to Big Data GTA and Guest Lecturer

Spring 2015

CS556dl Advanced Computer Security GTA and Guest Lecturer

Fall 2013 and 2014

CS356 Systems Security GTA and Guest Lecturer

Spring 2014

CS533dl Database Management Systems GTA and Guest Lecturer

Fall 2013

  • Prize of the best Internship in "Information technology - Telecommunications - High-Tech", in Bretagne and Pays de la Loire, France

    Talents croisés 2013
  • Second prize of the best student internship in Telecommunication Institute in France.

    Prix de la Fondation Telecom 2013
  • Collaboration with experts from Bells Labs, ALU and Orange Labs France, Study trip to NY & Boston.

    First Project
  • SQL on Structurally-Encrypted Databases

    Seny Kamara and Tarik Moataz

    Link to PDF
  • Oblivious Substring Search over Encrypted Data

    Tarik Moataz and Erik-Oliver Blass

    Link to PDF
  • Constant Communication ORAM without encryption

    Tarik Moataz, Erik-Oliver Blass, Travis Mayberry

    Link to PDF
  • Generalized Boolean Searchable Encryption

    Tarik Moataz, Abdullatif Shikfa

    US patent,European Patent, Bell Labs, Alcatel-Lucent, France

    Link
  • Semantic Search Over Encrypted Data

    Abdullatif Shikfa, Tarik Moataz

    European Patent, Bell Labs, Alcatel-Lucent, France

    Link
  • Constant Communication ORAM with small Blocksize

    MPC workshop, Aarhus, Denmark, June 2016

    ACM CCS, Denver, CO, USA, October 2015

    Microsoft Research, Redmond WA, USA, July 2015

    ESSA, Bertinoro, Italy, June 2015

    Slides
  • Oblivious Substring search over encrypted data

    Microsoft Research, Redmond WA, USA, August 2015

    Slides
  • Recursive Trees for Practical ORAM

    PETS, Philadelphia, USA, July 2015

    Microsoft Research, Redmond WA, USA, November 2014

    Slides
  • Resizable Tree-Based Oblivious RAM

    Financial Crypto, San Juan, Puerto Rico,January 2015

    DBSec Research Group, Fort Collins CO, USA, November 2014

    Microsoft Research, Redmond WA, USA, November 2014

    Slides
  • ELITE: zero links identity management system

    DBSec, Vienna, Austria, July 2014

    DBSec Research Group, Fort Collins CO, USA, May 2014

    Slides
  • Privacy-preserving multiple keyword search on outsourced data in the clouds

    DBSec, Vienna, Austria, July 2014

    DBSec Research Group, Fort Collins CO, USA, May 2014

    Slides
  • Semantic search over encrypted data

    ICT, Casablanca, Morocco, May 2013

    Journée LUSSI, Brest, France, June 2014

    Slides
  • Boolean symmetric searchable encryption

    (Poster) Financial Cryptography, Okinawa, Japan, April 2013

    Bell Labs, Alcatel-Lucent, Paris, France, August 2012

    Slides
  • OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

    Yaoqi Jia, Tarik Moataz, Shruti Tople, Prateek Saxena

    to appear at USENIX 2016

  • Constant Communication ORAM with small Blocksize

    Tarik Moataz, Travis Mayberry, and Erik-Oliver Blass

    ACM CCS 2015

    Proceeding version
  • Recursive Trees for Practical ORAM

    Tarik Moataz, Erik-Oliver Blass, and Guevara Noubir

    In 15th Privacy Enhancing Technologies Symposium, PETS 2015

    Proceeding version
  • Privacy Preserving Record Matching Using Automated Semi-trusted Broker

    Ibrahim Lazrig, Tarik Moataz, Indrajit Ray, Indrakshi Ray, Toan Ong, Michael G. Kahn, Frédéric Cuppens, and Nora Cuppens-Boulahia

    In 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSec 2015

    Proceeding version
  • Resizable Tree-Based Oblivious RAM

    Tarik Moataz, Travis Mayberry, Erik-Oliver Blass, and Agnes Hui Chan

    In Financial Cryptography and Data Security, FC 2015

    Proceeding version
  • Privacy-Preserving Multiple Keyword Search on Outsourced Data in the Clouds

    Tarik Moataz, Nora Cuppens-Boulahia, Frédéric Cuppens, Indrajit Ray, and Indrakshi Ray

    In 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSec 2014

    Proceeding version
  • ELITE: zEro Links Identity managemenT systEm

    Tarik Moataz, Nora Cuppens-Boulahia, Frédéric Cuppens, Indrajit Ray, and Indrakshi Ray

    In 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, DBSec 2014

    Proceeding version
  • Searching over encrypted data

    Tarik Moataz and Abdullatif Shikfa

    Bell Labs Technical Journal (accepted but not published)

  • Semantic search over encrypted data

    Tarik Moataz, Abdullatif Shikfa, Nora Cuppens-Boulahia, and Frédéric Cuppens

    In 20th International Conference on Telecommunications, IEEE ICT 2013

    Proceeding version
  • Boolean symmetric searchable encryption

    Tarik Moataz and Abdullatif Shikfa

    In 8th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2013

    Proceeding version

    Poster: Searchable encryption supporting general boolean expression queries

    In 17th Financial Cryptography and Data Security, FC 2013

  • Handling stateful firewall anomalies

    Frédéric Cuppens, Nora Cuppens-Boulahia, Joaquin Garcia Alfaro, Tarik Moataz, and Xavier Rimasson

    In 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012

    Proceeding version

    French conference: Detection des anomalies dans les pare-feux de nouvelles generations

    In Proceedings of the 7th Conference on Network and Information Systems Security,SARSSI 2012


The cloud computing paradigm brings several novel information processing opportunities to the end user. Among them, the availability of potentially unlimited amount of managed storage space together with the promise of almost ubiquitous access to the cloud whenever needed, outsourcing of data to the cloud is one of the most appealing opportunities. However, concerns related to confidentiality and privacy of the outsourced data remain a significant bottleneck towards the widespread adoption of the cloud computing paradigm. One way to mitigate the confidentiality and integrity concerns is to encrypt the data before outsourcing them to the remote servers. This solution, however, reduces the functionality of many services in particular the ability to search the data efficiently in the cloud. Once the user encrypts his data, he may need to download his entire data set for every search, decrypt the data and then perform the search. It is clear that this solution is not scalable in a real life scenario where the user stores a huge amount of data since it may overload the network bandwidth, the storage in the Cloud may exceed the storage capacity at the user side, and certainly it will take too much time. Researchers, consequently, got interested in the following question: How can one perform secure search on the encrypted data on the cloud server side while guaranteeing a well-defined security assurance and practical search and storage overhead". Searchable Encryption has been a major attempt towards answering this question. Searchable encryption, later generalized to structured encryption, is a cryptographic primitive that allows the user to search for keywords in an encrypted corpus, by issuing encrypted queries. The cloud server can search for the encrypted keywords without knowing either the content of the documents or the queries, while being able to generate correct results, that is, the resulting answers are equivalent to ones if the server had performed a plaintext search.

Picture from http://www.nextpowerup.com/news/1514/encryption-hinders-wiretaps-for-first-time-says-federal-report/


Oblivious RAM is an active research area launched by the seminal paper of Goldreich and Ostrovsky around 1990. The idea was applied to software protection rather than Cloud Computing. With the advent of data outsourcing, the community has started to renew its interest on this cryptographic primitive that enables to hide (nearly) everything from the server. The access pattern is totally hidden while performing read and write operations. High communication overhead of prior works negated any possible usage in data outsourcing scenarios and this lasted for more than a decade.

Recent research has introducesd tree-based ORAM, and has shown how to get poly-logarithmic overhead in the worst case in an effcient way (small constants in the big O-notation). Researchers, now, tackle many aspects in order to improve ORAM such as the bandwidth, the number of interactions between a client and a server, the number of bits stored on the client side, as well as the storage and computation overhead on the server side.

Practitioners interested on applying ORAM on search scenarios should be very careful though on the offered security guarantees. To hide the access pattern, the program running time needs to be exactly the same for any two different accesses, otherwise an adversary can easily distinguish between the two accesses. This translates, for example in search scenarios, to the number of bits retrieved or writen whenever a search or an update takes place. That is, in these scenarios, it is not clear whether ORAM offers better security guarantees when compared to symmetric searchable encryption techniques, as an instance.

Picture from http://radix-communications.com/randomness/