89 research outputs found
Privacy-preserving key-value store
Cloud computing is arguably the foremost delivery platform for data storage and data
processing. It turned computing into a utility based service that provides consumers
and enterprises with on-demand access to computing resources. Although advantageous,
there is an inherent lack of control over the hardware in the cloud computing model, this
may constitute an increased privacy and security risk.
Multiple encrypted database systems have emerged in recent years, they provide the
functionality of regular databases but without compromising data confidentiality. These
systems leverage novel encryption schemes such as homomorphic and searchable encryp tion. However, many of these proposals focus on extending existing centralized systems
that are very difficult to scale, and offer poor performance in geo-replicated scenarios.
We propose a scalable, highly available, and geo-replicated privacy-preserving key value store. A system that provides its users with secure data types meant to be replicated,
along with a rich query interface with configurable privacy that enables one to issue secure
and somewhat complex queries. We accompany our proposal with an implementation of a
privacy-preserving client library for AntidoteDB, a geo-replicated key-value store. We also
extend the AntidoteDBās query language interface by adding support for secure SQL-like
queries with configurable privacy. Experimental evaluations show that our proposals
offer a feasible solution to practical applications that wish to improve their privacy and
confidentiality
Chameleon: A Secure Cloud-Enabled and Queryable System with Elastic Properties
There are two dominant themes that have become increasingly more important in our
technological society. First, the recurrent use of cloud-based solutions which provide
infrastructures, computation platforms and storage as services. Secondly, the use of applicational
large logs for analytics and operational monitoring in critical systems. Moreover,
auditing activities, debugging of applications and inspection of events generated by errors
or potential unexpected operations - including those generated as alerts by intrusion
detection systems - are common situations where extensive logs must be analyzed, and
easy access is required. More often than not, a part of the generated logs can be deemed
as sensitive, requiring a privacy-enhancing and queryable solution.
In this dissertation, our main goal is to propose a novel approach of storing encrypted
critical data in an elastic and scalable cloud-based storage, focusing on handling JSONbased
ciphered documents. To this end, we make use of Searchable and Homomorphic
Encryption methods to allow operations on the ciphered documents. Additionally, our
solution allows for the user to be near oblivious to our systemās internals, providing
transparency while in use. The achieved end goal is a unified middleware system capable
of providing improved system usability, privacy, and rich querying over the data. This
previously mentioned objective is addressed while maintaining server-side auditable logs,
allowing for searchable capabilities by the log owner or authorized users, with integrity
and authenticity proofs.
Our proposed solution, named Chameleon, provides rich querying facilities on ciphered
data - including conjunctive keyword, ordering correlation and boolean queries
- while supporting field searching and nested aggregations. The aforementioned operations
allow our solution to provide data analytics upon ciphered JSON documents, using
Elasticsearch as our storage and search engine.O uso recorrente de soluƧƵes baseadas em nuvem tornaram-se cada vez mais importantes
na nossa sociedade. Tais soluƧƵes fornecem infraestruturas, computaĆ§Ć£o e armazenamento
como serviƧos, para alem do uso de logs volumosos de sistemas e aplicaƧƵes para
anĆ”lise e monitoramento operacional em sistemas crĆticos. Atividades de auditoria, debugging
de aplicaƧƵes ou inspeĆ§Ć£o de eventos gerados por erros ou possĆveis operaƧƵes
inesperadas - incluindo alertas por sistemas de detecĆ§Ć£o de intrusĆ£o - sĆ£o situaƧƵes comuns
onde logs extensos devem ser analisados com facilidade. Frequentemente, parte dos
logs gerados podem ser considerados confidenciais, exigindo uma soluĆ§Ć£o que permite
manter a confidencialidades dos dados durante procuras.
Nesta dissertaĆ§Ć£o, o principal objetivo Ć© propor uma nova abordagem de armazenar
logs crĆticos num armazenamento elĆ”stico e escalĆ”vel baseado na cloud. A soluĆ§Ć£o proposta
suporta documentos JSON encriptados, fazendo uso de Searchable Encryption e
mĆ©todos de criptografia homomĆ³rfica com provas de integridade e autenticaĆ§Ć£o. O objetivo
alcanƧado Ʃ um sistema de middleware unificado capaz de fornecer privacidade,
integridade e autenticidade, mantendo registos auditƔveis do lado do servidor e permitindo
pesquisas pelo proprietĆ”rio dos logs ou usuĆ”rios autorizados. A soluĆ§Ć£o proposta,
Chameleon, visa fornecer recursos de consulta atuando em cima de dados cifrados - incluindo
queries conjuntivas, de ordenaĆ§Ć£o e booleanas - suportando pesquisas de campo
e agregaƧƵes aninhadas. As operaƧƵes suportadas permitem Ć nossa soluĆ§Ć£o suportar data
analytics sobre documentos JSON cifrados, utilizando o Elasticsearch como armazenamento
e motor de busca
Secure Abstractions for Trusted Cloud Computation
Cloud computing is adopted by most organizations due to its characteristics, namely
offering on-demand resources and services that can quickly be provisioned with minimal
management effort and maintenance expenses for its users. However it still suffers from
security incidents which have lead to many data security concerns and reluctance in
further adherence. With the advent of these incidents, cryptographic technologies such
as homomorphic and searchable encryption schemes were leveraged to provide solutions
that mitigated data security concerns.
The goal of this thesis is to provide a set of secure abstractions to serve as a tool for
programmers to develop their own distributed applications. Furthermore, these abstractions
can also be used to support trusted cloud computations in the context of NoSQL
data stores. For this purpose we leveraged conflict-free replicated data types (CRDTs) as
they provide a mechanism to ensure data consistency when replicated that has no need
for synchronization, which aligns well with the distributed and replicated nature of the
cloud, and the aforementioned cryptographic technologies to comply with the security
requirements. The main challenge of this thesis consisted in combining the cryptographic
technologies with the CRDTs in such way that it was possible to support all of the data
structures functionalities over ciphertext while striving to attain the best security and
performance possible.
To evaluate our abstractions we conducted an experiment to compare each secure
abstraction with their non secure counterpart performance wise. Additionally, we also
analysed the security level provided by each of the structures in light of the cryptographic
scheme used to support it. The results of our experiment shows that our abstractions
provide the intended data security with an acceptable performance overhead, showing
that it has potential to be used to build solutions for trusted cloud computation
- ā¦