Abstract of “Efficient Cryptography for the Next Generation Secure Cloud” by Alptekin K¨up¸c¨u, Ph.D., Brown University, May 2010. Peer-to-peer (P2P) systems, and client-server type storage and computation outsourc- ing constitute some of the major applications that the next generation cloud schemes will address. Since these applications are just emerging, it is the perfect time to design them with security and privacy in mind. Furthermore, considering the high- churn characteristics of such systems, the cryptographic protocols employed must be efficient and scalable. This thesis shows that cryptography can be used to efficiently and scalably provide security and privacy for the next generation cloud systems. We start by describing an efficient and scalable fair exchange protocol that can be used for exchanging files between participants of a P2P file sharing system. In this system, there are two central authorities that we introduce: the arbiter and the bank. We then try distributing these entities to reduce trust assumptions and to improve performance. Our work on distributing the arbiter leads to impossibility results, whereas our work on distributing the bank leads to a more general cloud computation result showing how a boss can employ untrusted contractors, and fine or reward them. We then consider cloud storage scenario, where the client outsources storage of her files to an untrusted server. We show how the client can challenge the server to prove that her file is kept intact, even when the files are dynamic. Next, we provide an agreement protocol for a dynamic message, where two parties agree on the latest version of a message that changes over time. We then apply this agreement protocol to the cloud storage setting and show how a judge can arbitrate between the client and the server officially based on the agreed-upon message and the proof sent by the server. Lastly, we show that all our solutions are efficient and scalable by presenting results from the cryptographic library we implemented. Efficient Cryptography for the Next Generation Secure Cloud by Alptekin K¨up¸c¨u B.S., Bilkent University, 2004 M.Sc., Brown University, 2007 A dissertation submitted in partial fulfillment of the requirements for the Degree of Doctor of Philosophy in the Department of Computer Science at Brown University Providence, Rhode Island May 2010 c Copyright 2010 by Alptekin K¨up¸c¨u This dissertation by Alptekin K¨up¸c¨uis accepted in its present form by the Department of Computer Science as satisfying the dissertation requirement for the degree of Doctor of Philosophy. Date Prof. Anna Lysyanskaya, Advisor Recommended to the Graduate Council Date Prof. Yevgeniy Dodis, Reader NYU Date Prof. John Jannotti, Reader Date Prof. Roberto Tamassia, Reader Approved by the Graduate Council Date Sheila Bonde Dean of the Graduate School iii Vita I, Alptekin K¨up¸c¨u, was born in Ankara, Turkey, in 1983. I graduated with a B.S. degree from Bilkent University Department of Computer Engineering in 2004, with 3rd rank. Then, I continued my studies at the Department of Computer Science at Brown University. I received my M.Sc. degree in 2007, under U˘gur C¸ etintemel’s supervision. During my Ph.D., I worked under the supervision of Anna Lysyanskaya, and worked together with John Jannotti, Roberto Tamassia, and Yevgeniy Dodis. Throughout my life, I received multiple scholarships, fellowships, and awards. I am going to mention only some of those here. Due to my success at the university entrance examination in Turkey (SAT equivalent), I was awarded the “76th year an- niversary prize” by T¨urkiye I¸sBankası,˙ an award given to the first 76 out of roughly 1.5 million contestants. Later, at the graduate education examination in Turkey (GRE equivalent), I was ranked 2nd out of roughly 100 thousand attendees. Apart from awards for my academic success, I was also awarded a 3rd rank prize at a poem competition in high school. I am an active person, involved in many organizations ranging from computer sci- ence related activities to gaming clubs, involving groups of various sizes, ranging from small groups of friends to the whole graduate student community at the university, organizing events whose participants were from all over the nation, and sometimes even internationals coming from abroad. iv Acknowledgements I want to thank my advisor Anna Lysyanskaya, and my committee John Jannotti, Roberto Tamassia, and Yevgeniy Dodis, for all their help throughout my Ph.D. I also would like to acknowledge and thank my academic siblings Mira Belenkiy and Melissa Chase, and all my other collaborators: C. Chris Erway, Charalampos Papamanthou, Theodora Hinkle, Sarah Meiklejohn, and Eric Rachlin. I further thank all other Brownie Points project members: Gabriel Bender, Saurya Simha Velagapudi, Jason Rassi, Paul O’Leary McCann, Diana Kathleen Huang, Joshua Kossoy Fuhrmann, and Alex Hutter. And I must mention friends and colleagues who helped me with at least one of my papers: Nevzat Onur Domani¸c, Ibrahim˙ Eden, Semiha Ece Kamar, Markulf Kohlweiss, Hatice S¸ahino˘glu, and Meinolf Sellmann. Finally, I thank my master’s advisor U˘gur C¸etintemel for his continued support even after my M.Sc. studies. v Dedication To my true friends. They know who they are... vi Contents List of Tables xiv List of Figures xv 1 The Next Generation Secure Cloud 1 1.1 FairnessintheCloud........................... 3 1.2 TrustintheCloud ............................ 4 1.3 ComputationintheCloud ........................ 4 1.4 StorageintheCloud ........................... 6 1.5 JudgingintheCloud........................... 6 1.6 ImplementingtheCloud ......................... 7 1.7 Organization ............................... 8 2 Networking in the Cloud 10 2.1 Introduction................................ 10 2.1.1 PreviousWork .......................... 12 2.1.2 Contributions ........................... 13 2.2 Notation.................................. 15 2.3 (Optimistic)FairExchange . .. .. 18 2.4 BarterwithTimeouts........................... 26 vii 2.4.1 BobResolve ............................ 28 2.4.2 AliceResolve . 29 2.4.3 Subprotocols ........................... 30 2.5 SecurityAnalysis ............................. 31 2.5.1 Universal One-Way Hash Functions . 35 2.5.2 Privacy Analysis . 37 2.6 EfficientBarterwithoutTimeouts . 37 2.6.1 AliceAbort............................. 39 2.6.2 Analysis of Barter without Timeouts . 40 2.7 GeneralizedVersion............................ 41 2.8 EfficiencyAnalysis ............................ 41 2.9 LimitationsandFutureWork . 45 2.10Conclusion................................. 47 3 Trusting the Cloud 49 3.1 Introduction................................ 49 3.2 DefinitionofaDAFEProtocol. 52 3.2.1 SampleDAFEProtocols . .. .. 58 3.3 Notation.................................. 61 3.3.1 DAFET Protocols (DAFE Protocols with Timeouts) . 63 3.4 FrameworkforAnalysisofDAFEProtocols . 64 3.4.1 Scenario 1: M canAbort..................... 65 3.4.2 Scenario 2: Only H canAbort.................. 66 3.4.3 Scenario 3: H canResolveonlyafterTimeout . 66 3.4.4 Scenario 4: M alreadyResolved . .. 67 3.5 Impossibility Results on DAFE Protocols . 68 3.5.1 Protocol1: AliceandBobcanAbortandResolve . 69 viii 3.5.2 Protocol2: OnlyonepartycanAbort . 69 3.6 Relaxing Autonomous Arbiters Assumption . 70 3.6.1 Scenario 2 Revisited . 71 3.6.2 Protocol 2 Revisited (More Impossibility Results) . 73 3.7 Applying DAFET Framework to Prove Optimality . 75 3.8 Discussion: Timeouts and Dynamic Resolution Sets . 78 3.9 ConclusionandFutureWork. 79 4 Computing in the Cloud 81 4.1 Introduction................................ 81 4.1.1 RelatedWork ........................... 83 4.2 Model ................................... 85 4.3 BasicConstruction ............................ 86 4.4 AccuracyandHashFunctions . 88 4.5 WhentoCheckanAnswer........................ 91 4.5.1 DoubleChecking ......................... 92 4.5.2 Hiring Multiple Contractors . 92 4.5.3 HybridStrategy.......................... 93 4.5.4 Employing Bounties . 94 4.6 MaliciousContractors .......................... 95 4.6.1 IndependentMaliciousContractors . 96 4.6.2 Colluding Malicious Contractors . 97 4.7 Evaluation................................. 99 4.8 ConclusionandFutureWork. 102 5 Storing in the Cloud 104 5.1 Introduction................................ 104 ix 5.1.1 Contributions ........................... 106 5.1.2 RelatedWork ........................... 108 5.2 Model ................................... 110 5.3 Rank-basedAuthenticatedSkipLists . 116 5.3.1 Rank-basedQueries. 117 5.3.2 AuthenticatingRanks . 118 5.3.3 Setup ............................... 120 5.3.4 Queries .............................. 121 5.3.5 Verification ............................ 122 5.3.6 Updates .............................. 124 5.4 DPDPSchemeConstruction . 125 5.4.1 CoreConstruction ........................ 125 5.4.2 Blockless Verification . 128 5.5 Security .................................. 130 5.6 Rank-basedRSATrees . .. .. 136 5.7 ExtensionsandApplications . 138 5.7.1 Variable-sized Blocks . 139 5.7.2 DirectoryHierarchies . 140 5.7.3 VersionControl .......................... 141 5.8 PerformanceEvaluation . 143 5.8.1 Communication.......................... 144 5.8.2 ServerComputation . .. .. 145 5.8.3 VersionControl .......................... 146 5.9 FutureWork................................ 148 5.9.1 OtherDPDPConstructions . 148 5.9.2 On Impossibility of Dynamic Proof of Retrievability Schemes . 149 x 6 Official Arbitration in the Cloud 152 6.1 Introduction................................ 152
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages275 Page
-
File Size-