SCC ’18- Proceedings of the 6th International Workshop on Security in Cloud Computing
SESSION: Keynote Address
The ubiquity of sensor-rich mobile devices is pushing forward the paradigm of mobile crowdsensing, which facilitates convenient and cost-effective collection of large amounts of sensory data (e.g., traffic monitoring, environment monitoring, and mobile personalized recommendation services [1, 2]). In practice, however, the sensory data collected from different mobile devices are not always reliable, due to various factors like heterogeneous sensor quality, noise, etc. Hence, a realistic problem faced by mobile crowdsensing is how to extract truthful information from the unreliable sensory data, which is also known as truth discovery . Meanwhile, data privacy has long been an acute concern in mobile crowdsensing systems, as sensory data may reveal sensitive information like daily routines, location, personal health, social relations, and more . In light of these observations, there has been an increasing interest to explore and develop sound privacy-preserving truth discovery techniques for mobile crowdsensing in recent years [4, 5]. In this keynote, I will present our research on privacy-preserving truth discovery in mobile crowdsensing. Compared with prior work, our goal is to promise privacy preservation, cost efficiency, and mobile-friendly deployment at the same time for truth discovery in mobile crowdsensing. I will first discuss the research challenges, which mainly lie in the complicated functionality requirements of truth discovery and practical deployment. I will then introduce our solutions on privacy-preserving truth discovery in mobile crowd- sensing [6-8], which build on advanced cryptographic techniques (like garbled circuits and homomorphic encryption) and present in- depth customization aimed for practical performance. Finally, I will discuss some future directions for researchers and practitioners to further investigate innovative solutions toward privacy-preserving truth discovery in mobile crowdsensing.
SESSION: Searchable Encryption
We address the problem of substring searchable encryption. A single user produces a big stream of data and later on wants to learn the positions in the string that some patterns occur. Although current techniques exploit auxiliary data structures to achieve efficient substring search on the server side, the cost at the user side may be prohibitive. We revisit the work of substring searchable encryption in order to reduce the storage cost of auxiliary data structures. Our solution entails a suffix array based index design, which allows optimal storage cost $O(n)$ with small hidden factor at the size of the string n. Moreover, we implemented our scheme and the state of the art protocol \citeChase to demonstrate the performance advantage of our solution with precise benchmark results.
By allowing a large number of users to behave as readers or writers, Multi-User Searchable Encryption (MUSE) raises new security and performance challenges beyond the typical requirements of Symmetric Searchable Encryption (SSE). In this paper we identify two core mandatory requirements of MUSE protocols being privacy in face of users colluding with the CSP and low complexity for the users, pointing that no existing MUSE protocol satisfies these two requirements at the same time. We then come up with the first MUSE protocol that satisfies both of them. The design of the protocol also includes new constructions for a secure variant of Bloom Filters (BFs) and multi-query Oblivious Transfer (OT).
SESSION: Secure Cloud Storage
We introduce POROS that is a new solution for proof of data reliability. In addition to the integrity of the data outsourced to a cloud storage system, proof of data reliability assures the customers that the cloud storage provider (CSP) has provisioned sufficient amounts of redundant information along with original data segments to be able to guarantee the maintenance of the data in the face of corruption. In spite of meeting a basic service requirement, the placement of the data repair capability at the CSP raises a challenging issue with respect to the design of a proof of data reliability scheme. Existing schemes like Proof of Data Possession (PDP) and Proof of Retrievability (PoR) fall short of providing proof of data reliability to customers, since those schemes are not designed to audit the redundancy mechanisms of the CSP. Thus, in addition to verifying the possession of the original data segments, a proof of data reliability scheme must also assure that sufficient redundancy information is kept at storage. Thanks to some combination of PDP with time constrained operations, POROS guarantees that a rationale CSP would not compute redundancy information on demand upon proof of data reliability requests but instead would store it at rest. As a result of bestowing the CSP with the repair function, POROS allows for the automatic maintenance of data by the storage provider without any interaction with the customers.
The amount of electronically stored information increases rapidly. Sensitive information requires integrity and confidentiality protection, sometimes for decades or even centuries (e.g., health records or governmental documents). Commonly used cryptographic schemes, however, are not designed to provide protection over such long time periods. Their security usually relies on the hardness of a specific computational problem and security cannot be maintained against unforeseeable developments in computational technology (e.g., quantum computers breaking RSA-based systems). Recently, Braun et al.\ (\mboxAsiaCCS’17 ) proposed the first storage architecture that supports integrity protection renewal while guaranteeing information theoretic confidentiality. However, their solution only considers the storage of unstructured data and does not allow for reading or writing subparts of the data.
Our contribution is the first long-term secure storage architecture that supports storage of structured databases and provides long-term integrity, confidentiality, and access pattern hiding security. To achieve this, we combine several cryptographic components (i.e., secret sharing, renewable timestamps, and renewable commitments) with an information-theoretically secure \mboxORAM such that the described security properties are achieved. We also prove our construction secure and show that it only introduces a small overhead compared to standard secret sharing and ORAM based storage solutions.
SESSION: Secure Cloud Applications
Outsourced middlebox services have been a natural trend in modern enterprise networks to handle advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. However, traffic redirection to outsourced middleboxes raises new security and privacy concerns, as this service model gives cloud providers full access to all the enterprise’s traffic flows and proprietary middlebox rules. To ease these concerns, recent efforts are made to design secure middlebox services that can directly function over encrypted traffic and middlebox rules. But security concerns from dynamic network functions like stateful deep packet inspection and firewall rule updates are still not yet fully addressed. In this paper, we first propose a practical system architecture for outsourced middleboxes to perform dynamic deep packet inspection with forward and backward privacy. That is, newly added rules cannot be linked to previous inspection results, and deleted rules remain inaccessible to the server. Several recent papers have shown that it is a strong property that makes adaptive attacks less effective. Furthermore, we provide a generic solution that handles stateful inspection while still ensuring the state privacy protection. Rigorous analysis and prototype evaluations demonstrate the security, efficiency, and effectiveness of the design.
We propose a new approach to cryptographically enforced data access controls that uses public key cryptography to secure large numbers of documents with arbitrarily large numbers of authorized users. Our approach uses a proxy re-encryption (PRE) scheme to handle the problems typical of public key cryptography including key management, rotation, and revocation, in a highly scalable way, while providing end-to-end encryption and provable access. In this paper we describe a system based on this approach. We call it an orthogonal access control system, because it allows the decision about the groups to which to encrypt a piece of data to be made independently and asynchronously from the decision about who belongs to a group and can therefore decrypt the data. We define specific requirements for a PRE scheme needed to support the system, and we provide a specific instance that meets these requirements. We detail the algorithms that make up the scheme, and we present an enhancement that provides better revocability of keys.