DOCSLIB.ORG

User-Centric Security and Privacy Approaches in Untrusted Environments

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
User-Centric Security and Privacy Approaches in Untrusted Environments UNIVERSITY OF CALIFORNIA, IRVINE User-Centric Security and Privacy Approaches in Untrusted Environments DISSERTATION submitted in partial satisfaction of the requirements for the degree of DOCTOR OF PHILOSOPHY in Computer Science by Mamadou Hassimiou Diallo Dissertation Committee: Professor Sharad Mehrotra, Chair Professor Ardalan Amiri Sani Professor Nalini Venkatasubramanian Professor Lubomir Bic Professor Farzin Zareian 2018 Portion of Chapter 3 c 2015 IEEE Portion of Chapter 3 c 2016 Springer Portion of Chapter 4 c 2012 IEEE All other materials c 2018 Mamadou Hassimiou Diallo DEDICATION To my parents, my beloved wife Fatoumata Binta Diallo, and my three children Djienabou, Djoubairou, and Ibrahim for their patience and unfaltering support. ii TABLE OF CONTENTS Page LIST OF FIGURES vi LIST OF TABLES vii LIST OF ALGORITHMS viii ACKNOWLEDGMENTS ix CURRICULUM VITAE xi ABSTRACT OF THE DISSERTATION xiv 1 Introduction 1 1.1 Motivation . .1 1.2 Thesis Problem and Challenges . .4 1.3 Thesis Scope . .6 1.4 Thesis Contributions and Organization . .7 2 Related Work 9 2.1 Data Security and Privacy in Untrusted Cloud Systems . .9 2.2 Data Security and Privacy in Untrusted Cloud Applications (SaaS) . 10 2.3 Trust in IoT Systems and Applications . 14 3 Nomad: Managing Data Privacy in Cloud Systems (IaaS and PaaS) 17 3.1 Introduction . 17 3.2 Nomad Framework Overview . 21 3.2.1 Client Management Service . 23 3.2.2 Cloud Storage Service . 24 3.2.3 Operational Overview . 25 3.3 Homomorphic Encryption Background . 29 3.3.1 BGV Scheme . 30 3.3.2 HElib . 31 3.4 GPU-based Acceleration of BGV FHE . 33 3.5 Application: CallForFire . 35 3.6 Implementation . 38 3.7 Experiments . 40 iii 3.7.1 Performance of the GPU-based Parallelization . 41 3.7.2 CallForFire Performance . 44 3.8 Summary and Future Research Challenges . 46 4 CloudProtect: Managing Data Privacy in Cloud Applications (SaaS) 49 4.1 Introduction . 49 4.2 CloudProtect Framework . 53 4.2.1 Initialization Phase . 53 4.2.2 Function Model . 55 4.2.3 Data Confidentiality Policy . 56 4.2.4 Operational Phase . 58 4.2.5 Policy Rebalancing Phase . 61 4.3 Overview of Protection Techniques . 62 4.3.1 Text-based Transformation Techniques . 63 4.3.2 Numerical-based Transformation Techniques . 65 4.4 Balancing Privacy, Usability, and Efficiency . 67 4.4.1 Privacy Policy Relaxation/Specialization . 68 4.4.2 Minimizing Interruptions and Costs . 68 4.4.3 Solution for the MinRelax Problem . 70 4.5 CloudProtect Implementation . 74 4.6 CloudProtect Evaluation . 75 4.6.1 Integration of Google Calendar and Google Docs into CloudProtect . 76 4.6.2 CloudProtect Performance . 77 4.6.3 Tradeoff Analysis . 78 4.7 Conclusion and Future Work . 81 5 IoTtrust: Trustworthy Sensing in Untrusted IoT Environments 84 5.1 Introduction . 84 5.2 Emerging IoT Systems . 87 5.2.1 Current IoT Systems Data Collection Practices . 87 5.2.2 Privacy Regulations for IoT Systems . 88 5.2.3 IoT System Reference Architectures . 89 5.2.4 Trust Issues . 90 5.3 Use Cases . 91 5.3.1 Smart Campus . 91 5.3.2 Smart Mall . 92 6 IoTtrust: Contracts Translation and Attestation 93 6.1 Introduction . 93 6.2 IoT System Model . 97 6.2.1 Device Model . 97 6.2.2 Domain Model . 99 6.2.3 Application Model . 99 6.3 Policy and Contract Models . 100 6.3.1 Policy Model . 100 iv 6.3.2 Contract Model . 108 6.4 Contracts Translation . 109 6.4.1 Contract Translation Approach . 110 6.5 System Overview . 115 6.5.1 Architecture . 115 6.5.2 Threat Model . 117 6.6 Attestation of Contract Translation Scheme . 121 6.6.1 Setup Phase . 122 6.6.2 Device States and Actions Logs Collection . 123 6.6.3 Attestation of Domain Knowledge Integrity . 123 6.6.4 Attestation of Contract Translation . 124 6.7 Attestation of Contract Enforcement Scheme . 125 6.7.1 Setup Phase . 126 6.7.2 Data and Audit Logs Collection, and Storage Phase . 127 6.7.3 Attestation of Contract Enforcement Phase . 128 6.7.4 Security Analysis . 133 6.8 Implementation and Evaluation . 135 6.8.1 IoTtrust Implementation . 135 6.8.2 Experiments . 136 6.9 Conclusion and Future Work . 142 7 Conclusions and Future Work 143 7.1 Conclusions . 143 7.2 Future Work . 145 Bibliography 147 v LIST OF FIGURES Page 1.1 Cloud Service Models with Examples for Cloud and IoT Services . .2 3.1 Nomad Framework High-level Architecture . 22 3.2 A block diagram of the Homomorphic-Encryption library. Reprinted with permission from Halevi S. An Implementation of homomorphic encryption. GitHubRepository, https://github com/shaih/HElib. 2013. 32 3.3 Screenshot of the CallForFire application in a web browser . 40 4.1 CloudProtect Architecture . 54 4.2 CloudProtect Architecture . 75 4.3 Varying interruption threshold . 78 4.4 Varying execution cost threshold . 79 4.5 Varying interruption & execution cost thresholds . 80 4.6 Running time of algorithms . 80 6.1 Policy Translation Example . 111 6.2 IoTtrust Architecture . 117 6.3 Device registration. 126 6.4 Activity log collection. 129 6.5 Contract attestation via log manager. 130 6.6 WiFi Connections . 141 vi LIST OF TABLES Page 3.1 Test Environment . 41 3.2 HElib Profiling Results . 42 3.3 Timing Comparison of BluesteinInit() CPU and GPU Implementation (256 Threads Per Block) . 42 3.4 Comparison of BluesteinFFT() CPU and GPU Implementation (256 Threads Per Block) . 42 3.5 GPU Overhead . 43 3.6 Comparison of CPU and GPU BluesteinInit/FFT Implementation Combina- tions (256 Threads Per Block) . 43 3.7 Comparison of Workload Execution Time when Varying the Number of Threads Per Block Using GPU BluesteinInit/FFT Implementation . 44 3.8 Average Computation Overhead in Seconds with Fixed p=9576890767 (10 digits) . 45 3.9 Average Computation Overhead in Second with Fixed p=1000000000039 (13 digits) . 46 4.1 Operations Log . 74 4.2 Operations Selection . 74 6.1 Notations. ..
Load more

Recommended publications
  • Practical Homomorphic Encryption and Cryptanalysis
    Practical Homomorphic Encryption and Cryptanalysis Dissertation zur Erlangung des Doktorgrades der Naturwissenschaften (Dr. rer. nat.) an der Fakult¨atf¨urMathematik der Ruhr-Universit¨atBochum vorgelegt von Dipl. Ing. Matthias Minihold unter der Betreuung von Prof. Dr. Alexander May Bochum April 2019 First reviewer: Prof. Dr. Alexander May Second reviewer: Prof. Dr. Gregor Leander Date of oral examination (Defense): 3rd May 2019 Author's declaration The work presented in this thesis is the result of original research carried out by the candidate, partly in collaboration with others, whilst enrolled in and carried out in accordance with the requirements of the Department of Mathematics at Ruhr-University Bochum as a candidate for the degree of doctor rerum naturalium (Dr. rer. nat.). Except where indicated by reference in the text, the work is the candidates own work and has not been submitted for any other degree or award in any other university or educational establishment. Views expressed in this dissertation are those of the author. Place, Date Signature Chapter 1 Abstract My thesis on Practical Homomorphic Encryption and Cryptanalysis, is dedicated to efficient homomor- phic constructions, underlying primitives, and their practical security vetted by cryptanalytic methods. The wide-spread RSA cryptosystem serves as an early (partially) homomorphic example of a public- key encryption scheme, whose security reduction leads to problems believed to be have lower solution- complexity on average than nowadays fully homomorphic encryption schemes are based on. The reader goes on a journey towards designing a practical fully homomorphic encryption scheme, and one exemplary application of growing importance: privacy-preserving use of machine learning.
    [Show full text]
  • Analysis and Detection of Anomalies in Mobile Devices
    Master’s Degree in Informatics Engineering Dissertation Final Report Analysis and detection of anomalies in mobile devices António Carlos Lagarto Cabral Bastos de Lima [email protected] Supervisor: Prof. Dr. Tiago Cruz Co-Supervisor: Prof. Dr. Paulo Simões Date: September 1, 2017 Master’s Degree in Informatics Engineering Dissertation Final Report Analysis and detection of anomalies in mobile devices António Carlos Lagarto Cabral Bastos de Lima [email protected] Supervisor: Prof. Dr. Tiago Cruz Co-Supervisor: Prof. Dr. Paulo Simões Date: September 1, 2017 i Acknowledgements I strongly believe that both nature and nurture playing an equal part in shaping an in- dividual, and that in the end, it is what you do with the gift of life that determines who you are. However, in order to achieve great things motivation alone might just not cut it, and that’s where surrounding yourself with people that want to watch you succeed and better yourself comes in. It makes the trip easier and more enjoyable, and there is a plethora of people that I want to acknowledge for coming this far. First of all, I’d like to thank professor Tiago Cruz for giving me the support, motivation and resources to work on this project. The idea itself started over one of our then semi- regular morning coffee conversations and from there it developed into a full-fledged concept quickly. But this acknowledgement doesn’t start there, it dates a few years back when I first had the pleasure of having him as my teacher in one of the introductory courses.
    [Show full text]
  • One Year Peer Review Report
    International Technology Alliance in Network & Information Sciences One Year Peer Review Report July 2014 Prepared for: Peer Review Panel Prepared by: Dinesh Verma & David Watson, IBM 19 Skyline Drive, Hawthorne, NY – 10549, USA & MP 137, IBM Hursley, Hursley Park, Winchester, Hants., SO21 2JN, UK Distribution authorized to U.S. Government agencies and their contractors; test and evaluation (December 2009). Other requests for this document shall be referred to Director, U.S. Army Research Laboratory, ATTN: AMSRD-ARL-CI-IA, 2800 Powder Mill Road, Adelphi, MD 20783-1197 1 1. Introduction ..................................................................................................................... 4 1.1 What is the Peer Review Report (PRR)? ................................................................................ 4 1.2 Overview of ITA .................................................................................................................... 4 1.2.1 ITA Mission ........................................................................................................................... 5 1.2.2 Alliance Members ................................................................................................................. 7 1.2.3 The Ways of Working ........................................................................................................... 9 1.3 Document Organization ...................................................................................................... 10 2. Technical Area 5: Coalition Interoperable
    [Show full text]
  • Implementing Fully Homomorphic Encryption Schemes in FPGA-Based Systems
    Grado en Matemáticas e Ingeniería Informática Universidad Politécnica de Madrid Escuela Técnica Superior de Ingenieros Informáticos TRABAJO DE FIN DE GRADO Implementing Fully Homomorphic Encryption Schemes in FPGA-based Systems Autor: Alejandro Ranchal Pedrosa Director: Manuel Carro Liñares MADRID, ENERO 2016 Contents 1 Summary 1 1.1Spanish.................................. 1 1.2 English ................................... 3 2 Introduction 5 3 Architecture Overview 9 3.1 Maxeler IDE and MaxJ Language .................... 14 4 Background & Related Work 19 4.1 Number Theoretic Transform ...................... 21 4.2 Polynomial Multiplication ........................ 25 4.3 Chinese Remainder Theorem ....................... 26 4.4 Modular Reduction ............................ 29 4.5 Brakerski-Gentry-Vaikuntanathan Homomorphic Encryption ..... 31 4.6 Parameter set ............................... 32 4.7 Related Work ............................... 33 5 Implementation 35 5.1 Parameter set Selection .......................... 37 5.2 BGV & Polynomial Multiplication (CPU) ............... 40 5.3 Polynomial Multiplication (FPGA) ................... 43 6 Evaluation 54 6.1 Targeted Board .............................. 54 6.2 Modular Reductions ........................... 54 6.3 Polynomial Multiplication (CPU) .................... 57 6.4 Pease’s Polynomial Multiplication (FPGA) ............... 60 6.4.1 Generic Polynomial Multiplication ............... 64 1 6.5 Cooley’s Polynomial Multiplication (FPGA) .............. 66 6.5.1 BGV (CPU vs FPGA) .....................
    [Show full text]
  • A Worldwide Survey of Encryption Products
    A Worldwide Survey of Encryption Products Bruce Schneier Kathleen Seidel Saranya Vijayakumar Berkman Center for Internet Independent Researcher Harvard College and Society [email protected] [email protected] Harvard University [email protected] February 11, 2016 Version 1.0 Introduction Data security is a worldwide problem, and there is a wide world of encryption solutions available to help solve this problem. Most of these products are developed and sold by for-profit entities, although some are created as free open-source projects. They are available, either for sale or free download, all over the world. In 1999, a group of researchers from George Washington University attempted to survey the worldwide market for encryption products [HB+99]. The impetus for their survey was the ongoing debate about US encryption export controls. By collecting information about 805 hardware and software encryption products from 35 countries outside the US, the researchers showed that restricting the export of encryption products did nothing to reduce their availability around the world, while at the same time putting US companies at a competitive disadvantage in the information security market. Seventeen years later, we have tried to replicate this survey. Findings We collected information on as many encryption products as we could find anywhere in the world. This is a summary of our findings: We have identified 865 hardware or software products incorporating encryption from 55 different countries. This includes 546 encryption products from outside the US, representing two-thirds of the total. Table 1 summarizes the number of products from each country. The most common non-US country for encryption products is Germany, with 112 products.
    [Show full text]
  • On the Explanation and Implementation of Three Open-Source Fully Homomorphic Encryption Libraries
    University of Arkansas, Fayetteville ScholarWorks@UARK Computer Science and Computer Engineering Undergraduate Honors Theses Computer Science and Computer Engineering 5-2020 On the Explanation and Implementation of Three Open-Source Fully Homomorphic Encryption Libraries Alycia Carey Follow this and additional works at: https://scholarworks.uark.edu/csceuht Part of the Information Security Commons, and the Theory and Algorithms Commons Citation Carey, A. (2020). On the Explanation and Implementation of Three Open-Source Fully Homomorphic Encryption Libraries. Computer Science and Computer Engineering Undergraduate Honors Theses Retrieved from https://scholarworks.uark.edu/csceuht/77 This Thesis is brought to you for free and open access by the Computer Science and Computer Engineering at ScholarWorks@UARK. It has been accepted for inclusion in Computer Science and Computer Engineering Undergraduate Honors Theses by an authorized administrator of ScholarWorks@UARK. For more information, please contact [email protected]. On the Explanation and Implementation of Three Open-Source Fully Homomorphic Encryption Libraries An Undergraduate Honors College Thesis in the Department of Computer Science and Computer Engineering College of Engineering University of Arkansas Fayetteville, AR by Alycia N. Carey [email protected] May 9, 2020 University of Arkansas Abstract While fully homomorphic encryption (FHE) is a fairly new realm of cryptography, it has shown to be a promising mode of information protection as it allows arbitrary compu- tations on encrypted data. The development of a practical FHE scheme would enable the development of secure cloud computation over sensitive data, which is a much-needed technology in today's trend of outsourced computation and storage. The first FHE scheme was proposed by Craig Gentry in 2009, and although it was not a practical implementa- tion, his scheme laid the groundwork for many schemes that exist today.
    [Show full text]
  • Implementing Fully Homomorphic Encryption Schemes in FPGA-Based Systems
    Grado en Matemáticas e Ingeniería Informática Universidad Politécnica de Madrid Escuela Técnica Superior de Ingenieros Informáticos TRABAJO DE FIN DE GRADO Implementing Fully Homomorphic Encryption Schemes in FPGA-based Systems Autor: Alejandro Ranchal Pedrosa Director: Manuel Carro Liñares MADRID, ENERO 2016 Contents 1 Summary 1 1.1 Spanish . .1 1.2 English . .3 2 Introduction 5 3 Architecture Overview 9 3.1 Maxeler IDE and MaxJ Language . 14 4 Background & Related Work 19 4.1 Number Theoretic Transform . 21 4.2 Polynomial Multiplication . 25 4.3 Chinese Remainder Theorem . 26 4.4 Modular Reduction . 29 4.5 Brakerski-Gentry-Vaikuntanathan Homomorphic Encryption . 31 4.6 Parameter set . 32 4.7 Related Work . 33 5 Implementation 35 5.1 Parameter set Selection . 37 5.2 BGV & Polynomial Multiplication (CPU) . 40 5.3 Polynomial Multiplication (FPGA) . 43 6 Evaluation 54 6.1 Targeted Board . 54 6.2 Modular Reductions . 54 6.3 Polynomial Multiplication (CPU) . 57 6.4 Pease’s Polynomial Multiplication (FPGA) . 60 6.4.1 Generic Polynomial Multiplication . 64 1 6.5 Cooley’s Polynomial Multiplication (FPGA) . 66 6.5.1 BGV (CPU vs FPGA) . 68 6.6 Comparison with Other Work . 69 7 Conclusions and Future Work 71 2 List of Figures 2.1 Client-server communication using HE and a traditional approach. .6 3.1 Circuit result of implementing algorithm 1 in a FPGA. Note the pipeline architecture allows the elements to advance in the circuit at the same cycle (tick). The diamonds represent accessing to the current position plus an offset, the squares are just the values at that point of the circuit, the circles represent operations and the upper and lower sequence of numbers represent the input and output streams, respec- tively.
    [Show full text]