Cloud computing provides clients with a virtual computing infrastructure on top of which they can store data and run applications. While the benefits of cloud computing are clear, it introduces new security challenges since cloud operators are expected to manipulate client data without necessarily being fully trusted. We are designing cryptographic primitives and protocols tailored to the setting of cloud computing, attempting to strike a balance between security, efficiency and functionality.
Projects
The current generation of cloud storage services do not provide any security against untrusted cloud operators making them unsuitable for storing sensitive information such as medical records, financial records or high impact business data. To address this we are pursuing various research projects that range from theory to practice.
CS2. CS2 is a cloud storage system that provides confidentiality, integrity and verifiability of client data against an untrusted cloud provider. A key feature of CS2 is that it is semantic, i.e., data can be accessed by search (even though the data is encrypted). CS2 is described in detail in [KPR11]. A high level description of the CS2 architecture was first proposed in [LK10].
Homomorphic encryption. The most common use of encryption is to provide confidentiality by hiding all useful information about the plaintext. Encryption, however, renders data useless in the sense that one loses the ability to operate on it. To address this we are designing cryptosystems that support a variety of computations on encrypted data, ranging from general-purpose computations (i.e., fully-homomorphic encryption) to special-purpose computations (e.g., voting and search). Our work on homomorphic encryption includes [LNV11].
Searchable & structured encryption. A searchable encryption scheme encrypts data in such a way that a token can be generated to allow a third party to search over the encrypted data. Using a searchable encryption scheme, a client can safely store its data with an untrusted cloud provider without losing the ability to search over it. We are designing highly efficient searchable encryption schemes - some of which are used in our CS2 system. We are also working on the related problem of structured encryption which allows a client to encrypt various types of data (e.g., social networks or web graphs) in such a way that complex queries can be performed over the encrypted data. Some of our work on searchable encryption is described in [CGKO06] and [KPR11]. Structured encryption and various constructions for graph data were introduced in [CK10].
Proofs of storage. Using a proof of storage (also known as a proof of data possession or a proof of retrievability) a client can verify whether the cloud operator has tampered with its data. In particular, this can be done without the client storing a local copy of the data and without it having to retrieve any of the data. In fact, the work for the client is negligible no matter how large the data is. Some of our work on proofs of storage is described in [AKK10].
- Seny Kamara and Mariana Raykova, Parallel Homomorphic Encryption, no. MSR-TR-2011-120, November 2011
- Seny Kamara, Payman Mohassel, and Mariana Raykova, Outsourcing Multi-Party Computation, no. MSR-TR-2011-73, 27 May 2011
- Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan, Can Homomorphic Encryption be Practical?, no. MSR-TR-2011-61, 6 May 2011
- Seny Kamara, Charalampos Papamanthou, and Tom Roeder, CS2: A Searchable Cryptographic Cloud Storage System, no. MSR-TR-2011-58, May 2011
- Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky, Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions, in Journal of Computer Security, IOS Press, 2011
- Melissa Chase and Seny Kamara, Structured Encryption and Controlled Disclosure, in Advances in Cryptology - ASIACRYPT 2010, Springer Verlag, December 2010
- Seny Kamara and Kristin Lauter, Cryptographic Cloud Storage, in Proceedings of Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization 2010, January 2010
- Giuseppe Ateniese, Seny Kamara, and Jonathan Katz, Proofs of Storage from Homomorphic Identification Protocols, in Advances in Cryptology - ASIACRYPT '09, Springer Verlag, December 2009
- Melissa Chase and Sherman S.M. Chow, Improving Privacy and Security in Multi-Authority Attribute-Based Encryption, in ACM Computer and Communications Security Conference (CCS '09), Association for Computing Machinery, Inc., November 2009
- Melissa Chase, Kristin Lauter, Josh Benaloh, and Eric Horvitz, Patient Controlled Encryption: patient privacy in electronic medical records, in The ACM Cloud Computing Security Workshop, Association for Computing Machinery, Inc., November 2009
News
- A Cloud that Can't Leak (MIT Tech. Review)
- Considerations for the Cryptographic Cloud (HPC in the Cloud)
- Security in the Cloud (Comm. of the ACM)
- Security in the Ether (MIT Tech. Review)
- Video: searchable encryption (MIT Tech. Review)
- Searching an encrypted cloud (MIT Tech. Review)
Events
-
Workshop on Cloud Cryptography (August 5 & 6, 2010)
