A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Secure multi-party based cloud computing framework for statistical data analysis of encrypted data

Secure Multi-party Computation (SMC) is a paradigm used to accomplish a common computation among multiple users while keeping the data of each party secret from others. In recent years there has been a keen interest among the research community to look for techniques that can be adopted for the evolvement of SMC based solutions for improving its e ciency and performance. Cloud computing is a next generation computing solution in the eld of Information and Communication Technology (ICT) which allows its users to use high speed infrastructure and services provided by Cloud Service Providers (CSP) in a cost e ective manner with a higher availability. There- fore, deployment of cloud based architecture for SMCs would aid in improving its performance and e ciency. However, cloud based solutions raises concerns over secu- rity of users' private data, since data is handled by an external party that cannot be trusted. Hence, it is necessary to incorporate necessary security measures to ensure the security of users' private data. In this master's thesis we have addressed this issue by proposing a Secure Multi- party based Cloud Computing Framework which can ensure security, privacy and anonymity of users private data. In order to achieve this, we have formulated a case involving sales data analysis of a certain organization through computing statistical parameters of sales persons private sales data on a cloud environment. Furthermore, we have implemented a prototype of the proposed security framework which aids us to evaluate its performance. Moreover, considering the results that we have obtained, it is conclusive that cloud platforms can be successfully deployed to improve e ciency of SMCs while ensuring the security of users' private data; which in turn provides evidence for the practicability of multi-party based cloud computing solutions

Deploying secure multi-party computation for financial data analysis

In this paper we describe a secure system for jointly collecting and analyzing financial data for a consortium of ICT companies. To guarantee each participant\u27s privacy, we use secret sharing and secure multi-party computation (MPC) techniques. While MPC has been used to solve real-life problems beforehand, this is the first time where the actual MPC computation was done over the internet with computing nodes spread geographically apart. We describe the system architecture, security considerations and implementation details. We also present the user feedback analysis revealing that secure multi-party computation techniques give sufficient assurance for data donors to submit their sensitive information, and act as a critical enabling feature for privacy-preserving data mining

Applying Secure Multi-party Computation in Practice

In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them. The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency

Fast Privacy-Preserving Text Classification based on Secure Multiparty Computation

We propose a privacy-preserving Naive Bayes classifier and apply it to the problem of private text classification. In this setting, a party (Alice) holds a text message, while another party (Bob) holds a classifier. At the end of the protocol, Alice will only learn the result of the classifier applied to her text input and Bob learns nothing. Our solution is based on Secure Multiparty Computation (SMC). Our Rust implementation provides a fast and secure solution for the classification of unstructured text. Applying our solution to the case of spam detection (the solution is generic, and can be used in any other scenario in which the Naive Bayes classifier can be employed), we can classify an SMS as spam or ham in less than 340ms in the case where the dictionary size of Bob's model includes all words (n = 5200) and Alice's SMS has at most m = 160 unigrams. In the case with n = 369 and m = 8 (the average of a spam SMS in the database), our solution takes only 21ms

Innovative Verfahren für die standortübergreifende Datennutzung in der medizinischen Forschung

Implementing modern data-driven medical research approaches ("Artificial intelligence", "Data Science") requires access to large amounts of data ("Big Data"). Typically, this can only be achieved through cross-institutional data use and exchange ("Data Sharing"). In this process, the protection of the privacy of patients and probands affected is a central challenge. Various methods can be used to meet this challenge, such as anonymization or federation. However, data sharing is currently put into practice only to a limited extent, although it is demanded and promoted from many sides. One reason for this is the lack of clarity about the advantages and disadvantages of different data sharing approaches. The first goal of this thesis was to develop an instrument that makes these advantages and disadvantages more transparent. The instrument systematizes approaches based on two dimensions - utility and protection - where each dimension is further differentiated with three axes describing different aspects of the dimensions, such as the degree of privacy protection provided by the results of performed analyses or the flexibility of a platform regarding the types of analyses that can be performed. The instrument was used for evaluation purposes to analyze the status quo and to identify gaps and potentials for innovative approaches. Next, and as a second goal, an innovative tool for the practical use of cryptographic data sharing methods has been designed and implemented. So far, such approaches are only rarely used in practice due to two main obstacles: (1) the technical complexity of setting up a cryptography-based data sharing infrastructure and (2) a lack of user-friendliness of cryptographic data sharing methods, especially for medical researchers. The tool EasySMPC, which was developed as part of this work, is characterized by the fact that it allows cryptographically secure computation of sums (e.g., frequencies of diagnoses) across institutional boundaries based on an easy-to-use graphical user interface. Neither technical expertise nor the deployment of specific infrastructure components is necessary for its practical use. The practicability of EasySMPC was analyzed experimentally in a detailed performance evaluation.Moderne datengetriebene medizinische Forschungsansätze („Künstliche Intelligenz“, „Data Science“) benötigen große Datenmengen („Big Data“). Dies kann im Regelfall nur durch eine institutionsübergreifende Datennutzung erreicht werden („Data Sharing“). Datenschutz und der Schutz der Privatsphäre der Betroffenen ist dabei eine zentrale Herausforderung. Um dieser zu begegnen, können verschiedene Methoden, wie etwa Anonymisierungsverfahren oder föderierte Auswertungen, eingesetzt werden. Allerdings findet Data Sharing in der Praxis nur selten statt, obwohl es von vielen Seiten gefordert und gefördert wird. Ein Grund hierfür ist die Unklarheit ¸über Vor- und Nachteile verschiedener Data Sharing-Ansätze. Erstes Ziel dieser Arbeit war es, ein Instrument zu entwickeln, welches diese Vor- und Nachteile transparent macht. Das Instrument bewertet Ansätze anhand von zwei Dimensionen - Nutzen und Schutz - wobei jede Dimension mit drei Achsen weiter differenziert ist. Die Achsen bestehen etwa aus dem Grad des Schutzes der Privatsphäre, der durch die Ergebnisse der durchgeführten Analysen gewährleistet wird oder der Flexibilität einer Plattform hinsichtlich der Arten von Analysen, die durchgeführt werden können. Das Instrument wurde zu Evaluationszwecken für die Analyse des Status Quo sowie zur Identifikation von Lücken und Potenzialen für innovative Verfahren eingesetzt. Als zweites Ziel wurde anschließend ein innovatives Werkzeug für den praktischen Einsatz von kryptographischen Data Sharing-Verfahren entwickelt. Der Einsatz entsprechender Ansätze scheitert bisher vor allem an zwei Barrieren: (1) der technischen Komplexität beim Aufbau einer Kryptographie-basierten Data Sharing-Infrastruktur und (2) der Benutzerfreundlichkeit kryptographischer Data Sharing-Verfahren, insbesondere für medizinische Forschende. Das neue Werkzeug EasySMPC zeichnet sich dadurch aus, dass es eine kryptographisch sichere Berechnung von Summen (beispielsweise Häufigkeiten von Diagnosen) über Institutionsgrenzen hinweg auf Basis einer einfach zu bedienenden graphischen Benutzeroberfläche ermöglicht. Zur Anwendung ist weder technische Expertise noch der Aufbau spezieller Infrastrukturkomponenten notwendig. Die Praxistauglichkeit von EasySMPC wurde in einer ausführlichen Performance-Evaluation experimentell analysiert

smartFHE: Privacy-Preserving Smart Contracts from Fully Homomorphic Encryption

Despite the great potential and flexibility of smart contract-enabled blockchains, building privacy-preserving applications using these platforms remains an open question. Existing solutions fall short since they ask end users to coordinate and perform the computation off-chain themselves. While such an approach reduces the burden of the miners of the system, it largely limits the ability of lightweight users to enjoy privacy since performing the actual computation on their own and attesting to its correctness is expensive even with state-of-the-art proof systems. To address this limitation, we propose smartFHE, a framework to support private smart contracts using fully homomorphic encryption (FHE). To the best of our knowledge, smartFHE is the first to use FHE in the blockchain model; moreover, it is the first to support arbitrary privacy-preserving applications for lightweight users under the same computation-on-demand model pioneered by Ethereum. smartFHE does not overload the user since miners are instead responsible for performing the private computation. This is achieved by employing FHE so miners can compute over encrypted data and account balances. Users are only responsible for proving well-formedness of their private inputs using efficient zero-knowledge proof systems (ZKPs). We formulate a notion for a privacy-preserving smart contract (PPSC) scheme and show a concrete instantiation of our smartFHE framework. We address challenges resulting from using FHE in the blockchain setting---including concurrency and dealing with leveled schemes. We also show how to choose suitable FHE and ZKP schemes to instantiate our framework, since naively choosing these will lead to poor performance in practice. We formally prove correctness and security of our construction. Finally, we conduct experiments to evaluate its efficiency, including comparisons with a state-of-the-art scheme and testing several private smart contract applications. We have open-sourced our (highly optimized) ZKP library, which could be of independent interest

Distributed Cryptographic Protocols

[ES] La confianza es la base de las sociedades modernas. Sin embargo, las relaciones basadas en confianza son difíciles de establecer y pueden ser explotadas fácilmente con resultados devastadores. En esta tesis exploramos el uso de protocolos criptográficos distribuidos para construir sistemas confiables donde la confianza se vea reemplazada por garantías matemáticas y criptográficas. En estos nuevos sistemas dinámicos, incluso si una de las partes se comporta de manera deshonesta, la integridad y resiliencia del sistema están garantizadas, ya que existen mecanismos para superar este tipo de situaciones. Por lo tanto, hay una transición de sistemas basados en la confianza, a esquemas donde esta misma confianza es descentralizada entre un conjunto de individuos o entidades. Cada miembro de este conjunto puede ser auditado, y la verificación universal asegura que todos los usuarios puedan calcular el estado final en cada uno de estos métodos, sin comprometer la privacidad individual de los usuarios. La mayoría de los problemas de colaboración a los que nos enfrentamos como sociedad, pueden reducirse a dos grandes dilemas: el votar una propuesta, o un representante político, ó identificarnos a nosotros mismos como miembros de un colectivo con derecho de acceso a un recurso o servicio. Por ello, esta tesis doctoral se centra en los protocolos criptográficos distribuidos aplicados al voto electrónico y la identificación anónima. Hemos desarrollado tres protocolos para el voto electrónico que complementan y mejoran a los métodos más tradicionales, y además protegen la privacidad de los votantes al mismo tiempo que aseguran la integridad del proceso de voto. En estos sistemas, hemos empleado diferentes mecanismos criptográficos que proveen, bajo diferentes asunciones, de las propiedades de seguridad que todo sistema de voto debe tener. Algunos de estos sistemas son seguros incluso en escenarios pos-cuánticos. También hemos calculado minuciosamente la complejidad temporal de los métodos para demostrar que son eficientes y factibles de ser implementados. Además, hemos implementado algunos de estos sistemas, o partes de ellos, y llevado a cabo una detallada experimentación para demostrar el potencial de nuestras contribuciones. Finalmente, estudiamos en detalle el problema de la identificación y proponemos tres métodos no interactivos y distribuidos que permiten el registro y acceso anónimo. Estos protocolos son especialmente ligeros y agnósticos en su implementación, lo que permite que puedan ser integrados con múltiples propósitos. Hemos formalizado y demostrado la seguridad de nuestros protocolos de identificación, y hemos realizado una implementación completa de ellos para, una vez más, demostrar la factibilidad y eficiencia de las soluciones propuestas. Bajo este marco teórico de identificación, somos capaces de asegurar el recurso custodiado, sin que ello suponga una violación para el anonimato de los usuarios.[CA] La confiança és la base de les societats modernes. No obstant això, les relacions basades en confiança són difícils d’establir i poden ser explotades fàcilment amb resultats devastadors. En aquesta tesi explorem l’ús de protocols criptogràfics distribuïts per a construir sistemes de confiança on la confiança es veja reemplaçada per garanties matemàtiques i criptogràfiques. En aquests nous sistemes dinàmics, fins i tot si una de les parts es comporta de manera deshonesta, la integritat i resiliència del sistema estan garantides, ja que existeixen mecanismes per a superar aquest tipus de situacions. Per tant, hi ha una transició de sistemes basats en la confiança, a esquemes on aquesta acarona confiança és descentralitzada entre un conjunt d’individus o entitats. Cada membre d’aquest conjunt pot ser auditat, i la verificació universal assegura que tots els usuaris puguen calcular l’estat final en cadascun d’aquests mètodes, sense comprometre la privacitat individual dels usuaris. La majoria dels problemes de colůlaboració als quals ens enfrontem com a societat, poden reduir-se a dos grans dilemes: el votar una proposta, o un representant polític, o identificar-nos a nosaltres mateixos com a membres d’un colůlectiu amb dret d’accés a un recurs o servei. Per això, aquesta tesi doctoral se centra en els protocols criptogràfics distribuïts aplicats al vot electrònic i la identificació anònima. Hem desenvolupat tres protocols per al vot electrònic que complementen i milloren als mètodes més tradicionals, i a més protegeixen la privacitat dels votants al mateix temps que asseguren la integritat del procés de vot. En aquests sistemes, hem emprat diferents mecanismes criptogràfics que proveeixen, baix diferents assumpcions, de les propietats de seguretat que tot sistema de vot ha de tindre. Alguns d’aquests sistemes són segurs fins i tot en escenaris post-quàntics. També hem calculat minuciosament la complexitat temporal dels mètodes per a demostrar que són eficients i factibles de ser implementats. A més, hem implementats alguns d’aquests sistemes, o parts d’ells, i dut a terme una detallada experimentació per a demostrar la potencial de les nostres contribucions. Finalment, estudiem detalladament el problema de la identificació i proposem tres mètodes no interactius i distribuïts que permeten el registre i accés anònim. Aquests protocols són especialment lleugers i agnòstics en la seua implementació, la qual cosa permet que puguen ser integrats amb múltiples propòsits. Hem formalitzat i demostrat la seguretat dels nostres protocols d’identificació, i hem realitzat una implementació completa d’ells per a, una vegada més, demostrar la factibilitat i eficiència de les solucions proposades. Sota aquest marc teòric d’identificació, som capaces d’assegurar el recurs custodiat, sense que això supose una violació per a l’anonimat dels usuaris.[EN] Trust is the base of modern societies. However, trust is difficult to achieve and can be exploited easily with devastating results. In this thesis, we explore the use of distributed cryptographic protocols to build reliable systems where trust can be replaced by cryptographic and mathematical guarantees. In these adaptive systems, even if one involved party acts dishonestly, the integrity and robustness of the system can be ensured as there exist mechanisms to overcome these scenarios. Therefore, there is a transition from systems based in trust, to schemes where trust is distributed between decentralized parties. Individual parties can be audited, and universal verifiability ensures that any user can compute the final state of these methods, without compromising individual users’ privacy. Most collaboration problems we face as societies can be reduced to two main dilemmas: voting on a proposal or electing political representatives, or identifying ourselves as valid members of a collective to access a service or resource. Hence, this doctoral thesis focuses on distributed cryptographic protocols for electronic voting and anonymous identification. We have developed three electronic voting schemes that enhance traditional methods, and protect the privacy of electors while ensuring the integrity of the whole election. In these systems, we have employed different cryptographic mechanisms, that fulfill all the desired security properties of an electronic voting scheme, under different assumptions. Some of them are secure even in post-quantum scenarios. We have provided a detailed time-complexity analysis to prove that our proposed methods are efficient and feasible to implement. We also implemented some voting protocols, or parts of them, and carried out meticulous experimentation to show the potential of our contributions. Finally, we study in detail the identification problem and propose three distributed and non-interactive methods for anonymous registration and access. These three protocols are especially lightweight and application agnostic, making them feasible to be integrated with many purposes. We formally analyze and demonstrate the security of our identification protocols, and provide a complete implementation of them to once again show the feasibility and effectiveness of the developed solutions. Using this identification framework, we can ensure the security of the guarded resource, while also preserving the anonymity of the users.Larriba Flor, AM. (2023). Distributed Cryptographic Protocols [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19810