Privacy-aware Publishing of Decentralized Access-Controlled Content THÈSE NO 5646 (2013) PRÉSENTÉE LE 12 FÉVRIER 2013 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DE SYSTÈMES D'INFORMATION RÉPARTIS PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Rammohan NARENDULA acceptée sur proposition du jury: Prof. R. Guerraoui, président du jury Prof. K. Aberer, directeur de thèse Prof. S. Buchegger, rapporteur Prof. J.-P. Hubaux, rapporteur Dr O. Verscheure, rapporteur Suisse 2013 Dedicated to The lotus feet of my beloved Gurujee Sri Sri Paramahansa Yoganandajee for His teachings full of Divine Guidance & My Parents for their unconditional love and care & The Swiss Alps for everything I learnt from them ii Acknowledgements January 3, 2007. The day- I set out on a clueless mission of pursuing my doctorate dreams. I left behind, every bit of what defined me hitherto, to land in a world of beauty and tranquility too artificial and inconceivable for a dusty, noisy, disorderly managed life of Hyderabad, India. Chilling winter cold of Swiss, home sickness, and jerky cultural shock from a foreign land, made me a patient in the journey of becoming a doctor! January 3, 2012. The day- I am tagged \Dr."! A proud moment worth lifetime celebration! The (very!) long journey has been proved to be a unique learning experience both on professional and personal front. Undoubtedly, the entire credit goes to my beloved Gurujee, Sri Sri Parama- hansa Yogananda. I owe a lot to Him for the inspiration and energy I received from His teachings, that drove me a long way, getting rid of every obstacle. All that I have achieved during my stay is just because of the infinite faith I have on the Creator, thanks to my Geetha Autobiography of a Yogi, and whatever the unforgettable things I did, if any, due to my ignorance, belong to me and me alone. When I sit back and think about the people influenced me and helped me complete this thesis, I am overwhelmed! I would not have seen this day, was it not Prof. Karl Aberer, my thesis adviser. I would like to express my im- measurable gratitude for hiring me as his Ph.D student. I am deeply indebted to him for all the guidance, patience, care, and encouragement during my research tenure at EPFL. He was extremely patient during troubling phases of my Ph.D and I find no words that would suffice to express my gratitude towards him. He is exceptionally smart and passionate about ideas, building systems. The way he raises intriguing questions after giving a talk always makes me puzzled. Rarely one sees a senior professor writing code to interact with a database! Undoubtedly, he will continue to be a role model for me. Thanasis G. Papaioannou was instrumental in every aspect of my Ph.D work. We spent countless hours discussing the technical details of each work as well as issues ranging from politics to personal life. I was fortunate to have him around when needed. His amazing hard work, commitment, and passion in collaborative works inspire me all the time. I can never forget how he took ownership of some tasks and walked extra miles to finish them. I thank Zoltan Miklos very much for his patience and collaboration in the beginning of my Ph.D. He is extremely disciplined in managing his work which is truly inspiring. I had a very good collaboration with Berker Agir and he always amazes me with his rapid turnaround times in bringing ideas to life. I had the luxury of working with really bright masters and bachelors students. Nikola Markovic stands top of all. He has mesmerizing implementation skills which were priceless in prototyping our ideas. I thank all the TEAM project members especially Walid Maleej, Hans, Dimitris, and Ivan for giving me a flavor of wonderful international collaboration experience. I thank my thesis jury committee members Prof. Jean-Pierre Hubaux, Dr. Olivier, Dr. Sonja, and Prof. Rachid for their valuable efforts and time in evaluating my thesis. My stay in Switzerland would be the best days in many years to come, thanks to wonderful friends and colleagues. I enjoyed every moment with Surender, Saket, Nishanth, Tewari, and Srini during hundreds of looong tea and lunch sessions with wonderful discussions on myriad of issues- gossips on girls to realizing India 2.0. Those special philosophical chats with Nishanth and Tewari and high-tech enthu discussions with Srini added true colors to my Swiss stay. Surender and Saket made my stay in LSIR truly memorable with their amazing friendliness and non-stop fun. Not a single moment of my stay went without fun and more fun, thanks to their joyous company. I will miss this gang of 5 the most. There must be some eternal bonding to be with Ganga both in M.S and then during Ph.D. His amazing energy levels and passion in everything he undertakes would continue to inspire me. Thanks Ganga! Mr. cool Anurag, Dude Arnab, Shourya, Kailash, Somi, Shashi, Chary, Sid, Murali, Soni, Nitesh, Anudeep, Vijay, Raja, Krishnan, Mukul, Avinash, Prasad and all the lovely people Devika, Aamani, Nicee, Swapna, Czuee, Payal, Chaavi{ the list is endless. I had a number of lovely experiences with every one, leaving them behind and moving on seems im- possible. YUVA, the Indian association gave me an opportunity to meet and work with many incredible people. Subbu, Dada, ASK, Kalyan even though not in Swiss kept me focused on Ph.D. My wonderful experiences in LSIR would never be complete without amazing lab mates: Mehdi, for all the hikes and sports we did together, Dude Michele, for all the wonderful chats and help, LSIR Fellow Zhixian, for being an officemate, Tri, for all the fun and energy, Alexandra, for all her cool and well- composed technical discussions, Hung, Tian, Dipanjan- for being wonderful colleagues. I thank Chantal again and again for all the administration related help during my stay. Words cannot express my gratitude to my family members. The hard work of my parents kept me in alert, every minute in all the tests of time, right from my childhood. -N. Rammohan, 13-1-13, 1 AM. Abstract The peer-to-peer paradigm is increasingly employed for organizing distributed data resources for various applications, e.g., content publishing and distribu- tion, open storage grid, and online social networking. Further, private and semi-private access controlled content on the network has grown rapidly in recent years particularly user- generated content thanks to the explosion of the Web 2.0 technologies. However, the conventional P2P data management systems have failed to keep pace to support access controlled content with search efficiency for instance, similar to that of the structured P2P systems. Hence, their adoption is limited by the lack of possibility to control the ac- cess on the resources shared in the system. Moreover, in open environments with untrusted peers, even when proper access control mechanisms restrict the access to the resources, privacy issues may arise depending on the ap- plication, for example, an application to build an index of access controlled content which has to be hosted on peers possibly not trusted by all the par- ticipating content providers. Such an index is essential to improve the search performance of P2P access control aware data management systems. Yet an- other form of privacy breach can happen when individual users of a content publishing system host access controlled content on a third party provider who enforces access control on their behalf. In such cases, the sensitive data hosted is completely visible to the provider. The provider's infrastructure, with all its cumbersome privacy policies, may become a black box to the users who do not have a trustworthy auditing of their data accesses. The providers may expose the content to outsiders accidentally or purposefully often without the knowledge of the users. A classical example of such a case is online social networking, an emerging Web 2.0 paradigm. Customized privacy preserving P2P access controlled infrastructures that allow users to share their sensitive social profile data without the need of a big brother like Facebook1 or Google2 are becoming vital for building privacy aware online social networking. Yet they have to match the capabilities offered by the very expensive globally distributed data centers of the conventional social network service providers, which is a huge research challenge. 1www.facebook.com 2www.google.com v In this doctoral thesis, we propose mechanisms to build privacy preserving P2P systems to publish and share access controlled content by the partici- pating peers. The thesis is composed, broadly, of the following main parts with dedicated contributions. 1. ACPeer- Access control aware P2P data management system is an access control aware structured P2P system which allows the pub- lishers to exercise access control on the resources they publish. We exploit mutual trust among publishers to build a viable alternative for enforcing access control in P2P environment, a problem rarely addressed in the literature. The thesis explores the solution space elaborately. First, a naive mechanism of constructing independent networks is briefly presented followed by more efficient approaches that exercise access con- trol either at querying time or at query response time. The thesis also describes a prototype implementation of one of these mechanisms. 2. PANACEA- PrivAcy preserviNg Access-ControllEd P2P sys- tem aims to improve the search efficiency of ACPeer systems. It pro- poses a novel tunable privacy- preserving indexing mechanism for access controlled content. The resulting index greatly reduces the search over- head. It can be safely hosted on any untrusted peers.