876 research outputs found
A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view
Secure multi-party based cloud computing framework for statistical data analysis of encrypted data
Secure Multi-party Computation (SMC) is a paradigm used to accomplish a common
computation among multiple users while keeping the data of each party secret from
others. In recent years there has been a keen interest among the research community
to look for techniques that can be adopted for the evolvement of SMC based solutions
for improving its e ciency and performance. Cloud computing is a next generation
computing solution in the eld of Information and Communication Technology (ICT)
which allows its users to use high speed infrastructure and services provided by Cloud
Service Providers (CSP) in a cost e ective manner with a higher availability. There-
fore, deployment of cloud based architecture for SMCs would aid in improving its
performance and e ciency. However, cloud based solutions raises concerns over secu-
rity of users' private data, since data is handled by an external party that cannot be
trusted. Hence, it is necessary to incorporate necessary security measures to ensure
the security of users' private data.
In this master's thesis we have addressed this issue by proposing a Secure Multi-
party based Cloud Computing Framework which can ensure security, privacy and
anonymity of users private data. In order to achieve this, we have formulated a case
involving sales data analysis of a certain organization through computing statistical
parameters of sales persons private sales data on a cloud environment. Furthermore,
we have implemented a prototype of the proposed security framework which aids us
to evaluate its performance. Moreover, considering the results that we have obtained,
it is conclusive that cloud platforms can be successfully deployed to improve e ciency
of SMCs while ensuring the security of users' private data; which in turn provides
evidence for the practicability of multi-party based cloud computing solutions
Deploying secure multi-party computation for financial data analysis
In this paper we describe a secure system for jointly collecting and analyzing financial data for a consortium of ICT companies. To guarantee each participant\u27s privacy, we use secret sharing and secure multi-party computation (MPC) techniques. While MPC has been used to solve real-life problems beforehand, this is the first time where the actual MPC computation was done over the internet with computing nodes spread geographically apart. We describe the system architecture, security considerations and implementation details. We also present the user feedback analysis revealing that secure multi-party computation techniques give sufficient assurance for data donors to submit their sensitive information, and act as a critical enabling feature for privacy-preserving data mining
Applying Secure Multi-party Computation in Practice
In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them.
The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency
Fast Privacy-Preserving Text Classification based on Secure Multiparty Computation
We propose a privacy-preserving Naive Bayes classifier and apply it to the
problem of private text classification. In this setting, a party (Alice) holds
a text message, while another party (Bob) holds a classifier. At the end of the
protocol, Alice will only learn the result of the classifier applied to her
text input and Bob learns nothing. Our solution is based on Secure Multiparty
Computation (SMC). Our Rust implementation provides a fast and secure solution
for the classification of unstructured text. Applying our solution to the case
of spam detection (the solution is generic, and can be used in any other
scenario in which the Naive Bayes classifier can be employed), we can classify
an SMS as spam or ham in less than 340ms in the case where the dictionary size
of Bob's model includes all words (n = 5200) and Alice's SMS has at most m =
160 unigrams. In the case with n = 369 and m = 8 (the average of a spam SMS in
the database), our solution takes only 21ms
Innovative Verfahren für die standortübergreifende Datennutzung in der medizinischen Forschung
Implementing modern data-driven medical research approaches ("Artificial intelligence", "Data Science") requires access to large amounts of data ("Big Data"). Typically, this can only be achieved through cross-institutional data use and exchange ("Data Sharing"). In this process, the protection of the privacy of patients and probands affected is a central challenge. Various methods can be used to meet this challenge, such as anonymization or federation. However, data sharing is currently put into practice only to a limited extent, although it is demanded and promoted from many sides. One reason for this is the lack of clarity about the advantages and disadvantages of different data sharing approaches. The first goal of this thesis was to develop an instrument that makes these advantages and disadvantages more transparent. The instrument systematizes approaches based on two dimensions - utility and protection - where each dimension is further differentiated with three axes describing different aspects of the dimensions, such as the degree of privacy protection provided by the results of performed analyses or the flexibility of a platform regarding the types of analyses that can be performed. The instrument was used for evaluation purposes to analyze the status quo and to identify gaps and potentials for innovative approaches. Next, and as a second goal, an innovative tool for the practical use of cryptographic data sharing methods has been designed and implemented. So far, such approaches are only rarely used in practice due to two main obstacles: (1) the technical complexity of setting up a cryptography-based data sharing infrastructure and (2) a lack of user-friendliness of cryptographic data sharing methods, especially for medical researchers. The tool EasySMPC, which was developed as part of this work, is characterized by the fact that it allows cryptographically secure computation of sums (e.g., frequencies of diagnoses) across institutional boundaries based on an easy-to-use graphical user interface. Neither technical expertise nor the deployment of specific infrastructure components is necessary for its practical use. The practicability of EasySMPC was analyzed experimentally in a detailed performance evaluation.Moderne datengetriebene medizinische Forschungsansätze („Künstliche Intelligenz“,
„Data Science“) benötigen große Datenmengen („Big Data“). Dies kann im Regelfall nur
durch eine institutionsübergreifende Datennutzung erreicht werden („Data Sharing“).
Datenschutz und der Schutz der Privatsphäre der Betroffenen ist dabei eine zentrale
Herausforderung. Um dieser zu begegnen, können verschiedene Methoden, wie etwa
Anonymisierungsverfahren oder föderierte Auswertungen, eingesetzt werden. Allerdings
findet Data Sharing in der Praxis nur selten statt, obwohl es von vielen Seiten gefordert
und gefördert wird. Ein Grund hierfür ist die Unklarheit ¸über Vor- und Nachteile
verschiedener Data Sharing-Ansätze. Erstes Ziel dieser Arbeit war es, ein Instrument zu
entwickeln, welches diese Vor- und Nachteile transparent macht. Das Instrument
bewertet Ansätze anhand von zwei Dimensionen - Nutzen und Schutz - wobei jede
Dimension mit drei Achsen weiter differenziert ist. Die Achsen bestehen etwa aus dem
Grad des Schutzes der Privatsphäre, der durch die Ergebnisse der durchgeführten
Analysen gewährleistet wird oder der Flexibilität einer Plattform hinsichtlich der Arten von
Analysen, die durchgeführt werden können. Das Instrument wurde zu
Evaluationszwecken für die Analyse des Status Quo sowie zur Identifikation von Lücken
und Potenzialen für innovative Verfahren eingesetzt. Als zweites Ziel wurde anschließend
ein innovatives Werkzeug für den praktischen Einsatz von kryptographischen Data
Sharing-Verfahren entwickelt. Der Einsatz entsprechender Ansätze scheitert bisher vor
allem an zwei Barrieren: (1) der technischen Komplexität beim Aufbau einer
Kryptographie-basierten Data Sharing-Infrastruktur und (2) der Benutzerfreundlichkeit
kryptographischer Data Sharing-Verfahren, insbesondere für medizinische Forschende.
Das neue Werkzeug EasySMPC zeichnet sich dadurch aus, dass es eine
kryptographisch sichere Berechnung von Summen (beispielsweise Häufigkeiten von
Diagnosen) über Institutionsgrenzen hinweg auf Basis einer einfach zu bedienenden
graphischen Benutzeroberfläche ermöglicht. Zur Anwendung ist weder technische
Expertise noch der Aufbau spezieller Infrastrukturkomponenten notwendig. Die
Praxistauglichkeit von EasySMPC wurde in einer ausführlichen Performance-Evaluation
experimentell analysiert
smartFHE: Privacy-Preserving Smart Contracts from Fully Homomorphic Encryption
Despite the great potential and flexibility of smart contract-enabled blockchains, building privacy-preserving applications using these platforms remains an open question. Existing solutions fall short since they ask end users to coordinate and perform the computation off-chain themselves. While such an approach reduces the burden of the miners of the system, it largely limits the ability of lightweight users to enjoy privacy since performing the actual computation on their own and attesting to its correctness is expensive even with state-of-the-art proof systems.
To address this limitation, we propose smartFHE, a framework to support private smart contracts using fully homomorphic encryption (FHE). To the best of our knowledge, smartFHE is the first to use FHE in the blockchain model; moreover, it is the first to support arbitrary privacy-preserving applications for lightweight users under the same computation-on-demand model pioneered by Ethereum. smartFHE does not overload the user since miners are instead responsible for performing the private computation. This is achieved by employing FHE so miners can compute over encrypted data and account balances. Users are only responsible for proving well-formedness of their private inputs using efficient zero-knowledge proof systems (ZKPs). We formulate a notion for a privacy-preserving smart contract (PPSC) scheme and show a concrete instantiation of our smartFHE framework. We address challenges resulting from using FHE in the blockchain setting---including concurrency and dealing with leveled schemes. We also show how to choose suitable FHE and ZKP schemes to instantiate our framework, since naively choosing these will lead to poor performance in practice. We formally prove correctness and security of our construction.
Finally, we conduct experiments to evaluate its efficiency, including comparisons with a state-of-the-art scheme and testing several private smart contract applications. We have open-sourced our (highly optimized) ZKP library, which could be of independent interest
Distributed Cryptographic Protocols
[ES] La confianza es la base de las sociedades modernas. Sin embargo, las relaciones basadas en confianza son difÃciles de establecer y pueden ser explotadas
fácilmente con resultados devastadores. En esta tesis exploramos el uso
de protocolos criptográficos distribuidos para construir sistemas confiables
donde la confianza se vea reemplazada por garantÃas matemáticas y criptográficas. En estos nuevos sistemas dinámicos, incluso si una de las partes
se comporta de manera deshonesta, la integridad y resiliencia del sistema
están garantizadas, ya que existen mecanismos para superar este tipo de
situaciones. Por lo tanto, hay una transición de sistemas basados en la confianza, a esquemas donde esta misma confianza es descentralizada entre un
conjunto de individuos o entidades. Cada miembro de este conjunto puede ser
auditado, y la verificación universal asegura que todos los usuarios puedan
calcular el estado final en cada uno de estos métodos, sin comprometer la
privacidad individual de los usuarios.
La mayorÃa de los problemas de colaboración a los que nos enfrentamos
como sociedad, pueden reducirse a dos grandes dilemas: el votar una propuesta, o un representante polÃtico, ó identificarnos a nosotros mismos como
miembros de un colectivo con derecho de acceso a un recurso o servicio. Por
ello, esta tesis doctoral se centra en los protocolos criptográficos distribuidos
aplicados al voto electrónico y la identificación anónima.
Hemos desarrollado tres protocolos para el voto electrónico que complementan y mejoran a los métodos más tradicionales, y además protegen la
privacidad de los votantes al mismo tiempo que aseguran la integridad del
proceso de voto. En estos sistemas, hemos empleado diferentes mecanismos
criptográficos que proveen, bajo diferentes asunciones, de las propiedades de
seguridad que todo sistema de voto debe tener. Algunos de estos sistemas son
seguros incluso en escenarios pos-cuánticos. También hemos calculado minuciosamente la complejidad temporal de los métodos para demostrar que son
eficientes y factibles de ser implementados. Además, hemos implementado
algunos de estos sistemas, o partes de ellos, y llevado a cabo una detallada
experimentación para demostrar el potencial de nuestras contribuciones.
Finalmente, estudiamos en detalle el problema de la identificación y proponemos tres métodos no interactivos y distribuidos que permiten el registro
y acceso anónimo. Estos protocolos son especialmente ligeros y agnósticos
en su implementación, lo que permite que puedan ser integrados con múltiples propósitos. Hemos formalizado y demostrado la seguridad de nuestros
protocolos de identificación, y hemos realizado una implementación completa
de ellos para, una vez más, demostrar la factibilidad y eficiencia de las soluciones propuestas. Bajo este marco teórico de identificación, somos capaces
de asegurar el recurso custodiado, sin que ello suponga una violación para el
anonimato de los usuarios.[CA] La confiança és la base de les societats modernes. No obstant això, les relacions basades en confiança són difÃcils d’establir i poden ser explotades fà cilment amb resultats devastadors. En aquesta tesi explorem l’ús de protocols
criptogrà fics distribuïts per a construir sistemes de confiança on la confiança es veja reemplaçada per garanties matemà tiques i criptogrà fiques. En
aquests nous sistemes dinà mics, fins i tot si una de les parts es comporta
de manera deshonesta, la integritat i resiliència del sistema estan garantides,
ja que existeixen mecanismes per a superar aquest tipus de situacions. Per
tant, hi ha una transició de sistemes basats en la confiança, a esquemes on
aquesta acarona confiança és descentralitzada entre un conjunt d’individus o
entitats. Cada membre d’aquest conjunt pot ser auditat, i la verificació universal assegura que tots els usuaris puguen calcular l’estat final en cadascun
d’aquests mètodes, sense comprometre la privacitat individual dels usuaris.
La majoria dels problemes de colůlaboració als quals ens enfrontem com
a societat, poden reduir-se a dos grans dilemes: el votar una proposta, o un
representant polÃtic, o identificar-nos a nosaltres mateixos com a membres
d’un colůlectiu amb dret d’accés a un recurs o servei. Per això, aquesta tesi
doctoral se centra en els protocols criptogrà fics distribuïts aplicats al vot
electrònic i la identificació anònima.
Hem desenvolupat tres protocols per al vot electrònic que complementen
i milloren als mètodes més tradicionals, i a més protegeixen la privacitat
dels votants al mateix temps que asseguren la integritat del procés de vot.
En aquests sistemes, hem emprat diferents mecanismes criptogrà fics que
proveeixen, baix diferents assumpcions, de les propietats de seguretat que
tot sistema de vot ha de tindre. Alguns d’aquests sistemes són segurs fins i tot en escenaris post-quà ntics. També hem calculat minuciosament la complexitat temporal dels mètodes per a demostrar que són eficients i factibles
de ser implementats. A més, hem implementats alguns d’aquests sistemes, o
parts d’ells, i dut a terme una detallada experimentació per a demostrar la
potencial de les nostres contribucions.
Finalment, estudiem detalladament el problema de la identificació i proposem tres mètodes no interactius i distribuïts que permeten el registre i
accés anònim. Aquests protocols són especialment lleugers i agnòstics en
la seua implementació, la qual cosa permet que puguen ser integrats amb
múltiples propòsits. Hem formalitzat i demostrat la seguretat dels nostres
protocols d’identificació, i hem realitzat una implementació completa d’ells
per a, una vegada més, demostrar la factibilitat i eficiència de les solucions
proposades. Sota aquest marc teòric d’identificació, som capaces d’assegurar
el recurs custodiat, sense que això supose una violació per a l’anonimat dels
usuaris.[EN] Trust is the base of modern societies. However, trust is difficult to achieve
and can be exploited easily with devastating results. In this thesis, we explore the use of distributed cryptographic protocols to build reliable systems
where trust can be replaced by cryptographic and mathematical guarantees.
In these adaptive systems, even if one involved party acts dishonestly, the
integrity and robustness of the system can be ensured as there exist mechanisms to overcome these scenarios. Therefore, there is a transition from
systems based in trust, to schemes where trust is distributed between decentralized parties. Individual parties can be audited, and universal verifiability
ensures that any user can compute the final state of these methods, without
compromising individual users’ privacy.
Most collaboration problems we face as societies can be reduced to two
main dilemmas: voting on a proposal or electing political representatives,
or identifying ourselves as valid members of a collective to access a service
or resource. Hence, this doctoral thesis focuses on distributed cryptographic
protocols for electronic voting and anonymous identification.
We have developed three electronic voting schemes that enhance traditional methods, and protect the privacy of electors while ensuring the integrity of the whole election. In these systems, we have employed different
cryptographic mechanisms, that fulfill all the desired security properties of
an electronic voting scheme, under different assumptions. Some of them are
secure even in post-quantum scenarios. We have provided a detailed time-complexity analysis to prove that our proposed methods are efficient and
feasible to implement. We also implemented some voting protocols, or parts
of them, and carried out meticulous experimentation to show the potential of our contributions.
Finally, we study in detail the identification problem and propose three
distributed and non-interactive methods for anonymous registration and access. These three protocols are especially lightweight and application agnostic, making them feasible to be integrated with many purposes. We formally
analyze and demonstrate the security of our identification protocols, and
provide a complete implementation of them to once again show the feasibility and effectiveness of the developed solutions. Using this identification
framework, we can ensure the security of the guarded resource, while also
preserving the anonymity of the users.Larriba Flor, AM. (2023). Distributed Cryptographic Protocols [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19810
- …