State of The Art and Hot Aspects in Cloud Data Storage Security

Along with the evolution of cloud computing and cloud storage towards matu- rity, researchers have analyzed an increasing range of cloud computing security aspects, data security being an important topic in this area. In this paper, we examine the state of the art in cloud storage security through an overview of selected peer reviewed publications. We address the question of defining cloud storage security and its different aspects, as well as enumerate the main vec- tors of attack on cloud storage. The reviewed papers present techniques for key management and controlled disclosure of encrypted data in cloud storage, while novel ideas regarding secure operations on encrypted data and methods for pro- tection of data in fully virtualized environments provide a glimpse of the toolbox available for securing cloud storage. Finally, new challenges such as emergent government regulation call for solutions to problems that did not receive enough attention in earlier stages of cloud computing, such as for example geographical location of data. The methods presented in the papers selected for this review represent only a small fraction of the wide research effort within cloud storage security. Nevertheless, they serve as an indication of the diversity of problems that are being addressed

A Simple Approach for State-Action Abstraction using a Learned MDP Homomorphism

Animals are able to rapidly infer from limited experience when sets of state action pairs have equivalent reward and transition dynamics. On the other hand, modern reinforcement learning systems must painstakingly learn through trial and error that sets of state action pairs are value equivalent -- requiring an often prohibitively large amount of samples from their environment. MDP homomorphisms have been proposed that reduce the observed MDP of an environment to an abstract MDP, which can enable more sample efficient policy learning. Consequently, impressive improvements in sample efficiency have been achieved when a suitable MDP homomorphism can be constructed a priori -- usually by exploiting a practioner's knowledge of environment symmetries. We propose a novel approach to constructing a homomorphism in discrete action spaces, which uses a partial model of environment dynamics to infer which state action pairs lead to the same state -- reducing the size of the state-action space by a factor equal to the cardinality of the action space. We call this method equivalent effect abstraction. In a gridworld setting, we demonstrate empirically that equivalent effect abstraction can improve sample efficiency in a model-free setting and planning efficiency for modelbased approaches. Furthermore, we show on cartpole that our approach outperforms an existing method for learning homomorphisms, while using 33x less training data.Comment: Previously Presented at the Multi-disciplinary Conference on Reinforcement Learning and Decision Making (RLDM) 202

Applications of Locality and Asymmetry to Quantum Fault-Tolerance

Quantum computing sounds like something out of a science-fiction novel. If we can exert control over unimaginably small systems, then we can harness their quantum mechanical behavior as a computational resource. This resource allows for astounding computational feats, and a new perspective on information-theory as a whole. But there's a caveat. The events we have to control are so fast and so small that they can hardly be said to have occurred at all. For a long time after Feynman's proposal and even still, there are some who believe that the barriers to controlling such events are fundamental. While we have yet to find anything insurmountable, the road is so pockmarked with challenges both experimental and theoretical that it is often difficult to see the road at all. Only a marriage of both engineering and theory in concert can hope to find the way forward. Quantum error-correction, and more broadly quantum fault-tolerance, is an unfinished answer to this question. It concerns the scaling of these microscopic systems into macroscopic regimes which we can fully control, straddling practical and theoretical considerations in its design. We will explore and prove several results on the theory of quantum fault-tolerance, but which are guided by the ultimate goal of realizing a physical quantum computer. In this thesis, we demonstrate applications of locality and asymmetry to quantum fault-tolerance. We introduce novel code families which we use to probe the behavior of thresholds in quantum subsystem codes. We also demonstrate codes in this family that are well-suited to efficiently correct asymmetric noise models, and determine their parameters. Next we show that quantum error-correcting encodings are incommensurate with transversal implementations of universal classical-reversible computation. Along the way, we resolve an open question concerning almost information-theoretically secure quantum fully homomorphic encryption, showing that it is impossible. Finally, we augment a framework for transversally mapping between stabilizer subspace codes, and discuss prospects for fault-tolerance.PHDMathematicsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/145948/1/mgnewman_1.pd

Encrypted control for networked systems -- An illustrative introduction and current challenges

Cloud computing and distributed computing are becoming ubiquitous in many modern control systems such as smart grids, building automation, robot swarms or intelligent transportation systems. Compared to "isolated" control systems, the advantages of cloud-based and distributed control systems are, in particular, resource pooling and outsourcing, rapid scalability, and high performance. However, these capabilities do not come without risks. In fact, the involved communication and processing of sensitive data via public networks and on third-party platforms promote, among other cyberthreats, eavesdropping and manipulation of data. Encrypted control addresses this security gap and provides confidentiality of the processed data in the entire control loop. This paper presents a tutorial-style introduction to this young but emerging field in the framework of secure control for networked dynamical systems.Comment: The paper is a preprint of an accepted paper in the IEEE Control Systems Magazin

Zero-Knowledge Arguments for Subverted RSA Groups

This work investigates zero-knowledge protocols in subverted RSA groups where the prover can choose the modulus and where the verifier does not know the group order. We introduce a novel technique for extracting the witness from a general homomorphism over a group of unknown order that does not require parallel repetitions. We present a NIZK range proof for general homomorphisms such as Paillier encryptions in the designated verifier model that works under a subverted setup. The key ingredient of our proof is a constant sized NIZK proof of knowledge for a plaintext. Security is proven in the ROM assuming an IND-CPA additively homomorphic encryption scheme. The verifier\u27s public key is reusable, can be maliciously generated and is linear in the number of proofs to be verified

Security and privacy issues in some special-puropse networks

This thesis is about providing security and privacy to new emergent applications which are based on special-purpose networks. More precisely, we study different aspects regarding security and privacy issues related to sensor networks, mobile ad hoc networks, vehicular ad hoc networks and social networks.Sensor networks consist of resource-constrained wireless devices with sensor capabilities. This emerging technology has a wide variety of applications related to event surveillance like emergency response, habitat monitoring or defense-related networks.Ad hoc networks are suited for use in situations where deploying an infrastructure is not cost effective or is not possible for any other reason. When the nodes of an ad hoc network are small mobile devices (e.g. cell phones or PDAs), such a network is called mobile ad hoc network. One of many possible uses of MANETs is to provide crisis management services applications, such as in disaster recovery, where the entire communication infrastructure is destroyed and reestablishing communication quickly is crucial. Another useful situation for MANETs is a scenario without fixed communication systems where there is the need for any kind of collaborative computing. Such situation can occur in both business and military environments.When the mobile nodes of a MANET are embedded in cars, such a network is called Vehicular Ad hoc Network (VANET). This kind of networks can be very useful to increase the road traffic safety and they will be deployed for real use in the forthcoming years. As a proof of that, eight important European vehicle manufacturers have founded the CAR 2 CAR Communication Consortium. This non-profit organisation is dedicated to the objective of further increasing traffic safety and efficiency by means of inter-vehicle communications.Social networks differ from the special-purpose networks commented above in that they are not physical networks. Social networks are applications that work through classic networks. They can be defined as a community of web users where each user can publish and share information and services. Social networks have become an object of study both in computer and social sciences, with even dedicated journals and conferences.The special-purpose networks described above provide a wide range of new services and applications. Even though they are expected to improve the society in several ways, these innovative networks and their related applications bring also security and privacy issues that must be addressed.This thesis solves some security and privacy issues related to such new applications and services. More specifically, it focuses on:·Secure information transmission in many-to-one scenarios with resource-constrained devices such as sensor networks.·Secure and private information sharing in MANETs.·Secure and private information spread in VANETs.·Private resource access in social networks.Results presented in this thesis include four contributions published in ISI JCR journals (IEEE Transactions on Vehicular Technology, Computer Networks (2) and Computer Communications) and two contributions published in two international conferences (Lecture Notes in Computer Science).Esta tesis trata diversos problemas de seguridad y privacidad que surgen al implantar en escenarios reales novedosas aplicaciones basadas en nuevos y emergentes modelos de red. Estos nuevos modelos de red difieren significativamente de las redes de computadores clásicas y son catalogadas como redes de propósito especial. Específicamente, en este trabajo se estudian diferentes aspectos relacionados con la seguridad de la información y la privacidad de los usuarios en redes de sensores, redes ad hoc móviles (MANETs), redes ad hoc vehiculares (VANETs) y redes sociales.Las redes de sensores están formadas por dispositivos inalámbricos muy limitados a nivel de recursos (capacidad de computación y batería) que detectan eventos o condiciones del entorno donde se instalan. Esta tecnología tiene una amplia variedad de aplicaciones entre las que destacan la detección de emergencias o la creación de perímetros de seguridad. Una MANET esta formada por nodos móviles conectados entre ellos mediante conexiones inalámbricas y de forma auto-organizada. Este tipo de redes se constituye sin la ayuda de infraestructuras, por ello son especialmente útiles en situaciones donde implantar una infraestructura es inviable por ser su coste demasiado elevado o por cualquier otra razón. Una de las muchas aplicaciones de las MANETs es proporcionar servicio en situaciones críticas (por ejemplo desastres naturales) donde la infraestructura de comunicaciones ha sido destruida y proporcionar conectividad rápidamente es crucial. Otra aplicación directa aparece en escenarios sin sistemas de comunicación fijos donde existe la necesidad de realizar algún tipo de computación colaborativa entre diversas máquinas. Esta situación se da tanto en ámbitos empresariales como militares.Cuando los nodos móviles de una MANET se asocian a vehículos (coches, camiones.), dicha red se denomina red ad hoc vehicular o VANET. Este tipo de redes pueden ser muy útiles para incrementar la seguridad vial y se espera su implantación para uso real en los próximos años. Como prueba de la gran importancia que tiene esta tecnología, los ocho fabricantes europeos más importantes han fundado la CAR 2 CAR Communication Consortium. Esta organización tiene como objetivo incrementar la seguridad y la eficiencia del tráfico mediante el uso de comunicaciones entre los vehículos.Las redes sociales se diferencian de las redes especiales descritas anteriormente en que éstas no son redes físicas. Las redes sociales son aplicaciones que funcionan a través de las redes de computadores clásicas. Una red de este tipo puede ser definida como una comunidad de usuarios web en donde dichos usuarios pueden publicar y compartir información y servicios. En la actualidad, las redes sociales han adquirido gran importancia ofreciendo un amplio abanico de posibilidades a sus usuarios: trabajar de forma colaborativa, compartir ficheros, búsqueda de nuevos amigos, etc.A continuación se resumen las aplicaciones en las que esta tesis se centra según el tipo de red asociada:·Transmisión segura de información en escenarios muchos-a-uno (múltiples emisores y un solo receptor) donde los dispositivos en uso poseen recursos muy limitados. Este escenario es el habitual en redes de sensores.·Distribución de información de forma segura y preservando la privacidad de los usuarios en redes ad hoc móviles.·Difusión de información (con el objeto de incrementar la seguridad vial) fidedigna preservando la privacidad de los usuarios en redes ad hoc vehiculares.·Acceso a recursos en redes sociales preservando la privacidad de los usuarios. Los resultados de la tesis incluyen cuatro publicaciones en revistas ISI JCR (IEEE Transactions on Vehicular Technology, Computer Networks (2) y Computer Communications) y dos publicaciones en congresos internacionales(Lecture Notes in Computer Science)

Variance: Secure Two-Party Protocol for Solving Yao\u27s Millionaires\u27 Problem in Bitcoin

Secure multiparty protocols are useful tools for parties wishing to jointly compute a function while keeping their input data secret. The millionaires’ problem is the first secure two-party computation problem, where the goal is to securely compare two private numbers without a trusted third-party. There have been several solutions to the problem, including Yao’s protocol [Yao, 1982] and Mix and Match [Jakobsson and Juels, 2000]. However, Yao’s Protocol is not secure in the malicious model and Mix and Match unnecessarily releases theoretically breakable encryptions of information about the data that is not needed for the comparison. In addition, neither protocol has any verification of the validity of the inputs before they are used. In this thesis, we introduce Variance, a privacy-preserving two-party protocol for solving the Yao’s millionaires’ problem in a Bitcoin setting, in which each party controls several Bitcoin accounts (public Bitcoin addresses) and they want to find out who owns more bitcoins without revealing (1) how many accounts they own and the balance of each account, (2) the addresses associated with their accounts, and (3) their total wealth of bitcoins while assuring the other party that they are not claiming more bitcoin than they possess. We utilize commitments, encryptions, zero knowledge proofs, and homomorphisms as the major computational tools to provide a solution to the problem, and subsequently prove that the solution is secure against active adversaries in the malicious model

Gazelle: A Low Latency Framework for Secure Neural Network Inference

The growing popularity of cloud-based machine learning raises a natural question about the privacy guarantees that can be provided in such a setting. Our work tackles this problem in the context where a client wishes to classify private images using a convolutional neural network (CNN) trained by a server. Our goal is to build efficient protocols whereby the client can acquire the classification result without revealing their input to the server, while guaranteeing the privacy of the server's neural network. To this end, we design Gazelle, a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as garbled circuits). Gazelle makes three contributions. First, we design the Gazelle homomorphic encryption library which provides fast algorithms for basic homomorphic operations such as SIMD (single instruction multiple data) addition, SIMD multiplication and ciphertext permutation. Second, we implement the Gazelle homomorphic linear algebra kernels which map neural network layers to optimized homomorphic matrix-vector multiplication and convolution routines. Third, we design optimized encryption switching protocols which seamlessly convert between homomorphic and garbled circuit encodings to enable implementation of complete neural network inference. We evaluate our protocols on benchmark neural networks trained on the MNIST and CIFAR-10 datasets and show that Gazelle outperforms the best existing systems such as MiniONN (ACM CCS 2017) by 20 times and Chameleon (Crypto Eprint 2017/1164) by 30 times in online runtime. Similarly when compared with fully homomorphic approaches like CryptoNets (ICML 2016) we demonstrate three orders of magnitude faster online run-time