Secure computation and communication protocols for critical cloud applications.

摘要

It has been a common practice for companies to outsource their online business logics to Web hosting service providers for over a decade. Generally, databases as well as the business logics of a company are hosted by a third party to save the IT management time and cost. The cloud computing further pushes forward this paradigm. There are many cloud-based data centers which store a very large amount of data from different sources and support data-centric computations. Security can be a major concern for such data centers when the data they host are sensitive. A data center may be attacked and compromised. Also, there exists the potential of insider attacks. If there is a change in management, such as reorganization or buyout, the potential threat increases due to the additional exposure to multiple management personnel and the unestablished policies regarding the handling of critical information in such situations.;The security problems with the outsourced databases can be solved if the critical data are encrypted. Naturally it leads to the problem of how the data center can perform computations on encrypted data. Some general computations in data intensive systems include arithmetic operations and search (exact match search and range search). Several secure computation techniques in the literature can help achieve these computations, including homomorphic encryption (HE), order-preserving encryption (OPE), prefix-preserving encryption (PPE), and multi-party secure computation. Multi-party secure computation can securely perform addition and multiplication operations on the shared data but they require O(n2) communication overhead for each multiplication operation where n is the number of shares and, hence, have a high communication cost. HE allows the arithmetic computation (addition and multiplication) on the plaintexts to be directly performed on the ciphertexts. OPE preserves the order of the plaintexts. Thus, range search queries can be processed directly on the data. PPE requires that the length of the longest common prefix of two plaintexts is equal to that of the ciphertexts. Thus, prefix-matching search and range search can be performed directly on the data.;However, there are limitations in the existing works on HE, OPE, and PPE. The current circuit based HE has very expensive computation time, and the security analysis of OPE and PPE are not sufficient. Moreover, the existing HE, OPE, and PPE all consider one encryption key. Thus, it is difficult to apply them to multi-user systems where the users have different access privileges to the database. In this Dissertation, we overcome some of the limitations of HE/OPE/PPE in existing works. We construct an efficient (non-circuit based) HE scheme and prove its security, analyze the security of OPE and PPE schemes, and develop mechanisms for HE, OPE, PPE to extend them to multi-user systems. The results presented in this Dissertation greatly enhance the state-of-the-art in secure computations.