Efficient Cryptography for the Next Generation Secure Cloud

Peer-to-peer (P2P) systems, and client-server type storage and computation outsourcing constitute some of the major applications that the next generation cloud schemes will address. Since these applications are just emerging, it is the perfect time to design them with security and privacy in mind. Furthermore, considering the high-churn characteristics of such systems, the cryptographic protocols employed must be efficient and scalable.

In this talk, I will focus on an efficient and scalable fair exchange protocol that can be used for exchanging files between participants of a P2P file sharing system. It has been shown that fair exchange cannot be done without a trusted third party (called the Arbiter). Yet, even with a trusted Arbiter, it is still non-trivial to come up with an efficient solution, especially one that can be used in a P2P file sharing system with a high volume of data exchanged. Our protocol is optimistic, removing the need for the Arbiter’s involvement unless a dispute occurs. While the previous solutions employ costly cryptographic primitives for every file or block exchanged, our protocol employs them only once per peer, therefore achieving O(n) efficiency improvement when n blocks are exchanged between two peers.
In practice, this corresponds to one-two orders of magnitude improvement in terms of both computation and communication (42 minutes vs. 40 seconds, 225 MB vs. 1.8 MB). Thus, for the first time, a provably secure (and privacy respecting when payments are made using
e-cash) fair exchange protocol is being used in real bartering applications (e.g., BitTorrent) without sacrificing performance.

Finally, if time permits, I will briefly mention some of our other results on cloud security including ways to securely outsource computation and storage to untrusted entities, official arbitration in the cloud, impossibility results on distributing the Arbiter, and keeping the user passwords safe (joint work at Microsoft Research). I will also be available to talk on these other projects after the presentation.

Speaker Details

Alptekin Küpçü has received his Ph.D. degree from Brown University Computer Science Department in 2010. Since then, he has been working as an assistant professor at Koç University College of Engineering, and leading the Cryptography, Security & Privacy Research Group he has founded. His research mainly focuses on applied cryptography, and its intersection with cloud security, privacy, peer-to-peer networks, game theory, and mechanism design. He has led the development of the Brownie Cashlib cryptographic library, which is available as open source online. He is a member of IACR, ACM, and IEEE. Dr. Küpçü has various accomplishments including 2 patents pending, and has been part of 7 funded national/international/industrial/NSF/European Union research projects up to now, for 5 of which he was the principal investigator. For more information, visit http://crypto.ku.edu.tr

Dr. Küpçü has been an active collaborator of Microsoft Research since 2009. He has a joint publication with Dr. Tolga Acar and Dr. Mira Belenkiy of Microsoft Research, and ongoing or planned collaboration activities with Dr. Seny Kamara and Dr. Melissa Chase. He is currently a Visiting Scholar in the cryptography research group of Dr. Kristin Lauter.