Cloud computing provides clients with a virtual computing infrastructure on top of which they can store data and run applications. While the benefits of cloud computing are clear, it introduces new security challenges since cloud operators are expected to manipulate client data without necessarily being fully trusted. We are designing cryptographic primitives and protocols tailored to the setting of cloud computing, attempting to strike a balance between security, efficiency and functionality.
The current generation of cloud computing infrastructures do not provide any security against untrusted cloud operators making them unsuitable for storing sensitive information such as medical records, financial records or high impact business data. To address this we are pursuing various research projects that range from theory to practice.
Homomorphic cryptography. The most common use of encryption is to provide confidentiality by hiding all useful information about the plaintext. Encryption, however, renders data useless in the sense that one loses the ability to operate on it. To address this we are designing cryptosystems that support a variety of computations on encrypted data, ranging from general-purpose computations to special-purpose computations. Our research on homomorphic cryptography includes work on fully-homomorphic encryption (FHE), somewhat homomorphic encryption (SHE), searchable encryption, structured encryption, functional encryption and garbled circuits.
Proofs of storage. Using a proof of storage (also known as a proof of data possession or a proof of retrievability) a client can verify whether the cloud operator has tampered with its data. In particular, this can be done without the client storing a local copy of the data and without it having to retrieve any of the data. In fact, the work for the client is negligible no matter how large the data is.
Secure cloud storage systems. We are designing cloud storage systems that provide confidentiality, integrity and verifiability of client data against an untrusted cloud provider. Our systems provide security without sacrificing efficiency and utility by making use of new cryptographic techniques like homomorphic encryption, searchable encryption, verifiable computation and proofs of storage.
- Seny Kamara and Lei Wei, Garbled Circuits via Structured Encryption, in Workshop on Applied Homomorphic Encryption (WAHC '13), April 2013
- Seny Kamara and Mariana Raykova, Parallel Homomorphic Encryption, in Workshop on Applied Homomorphic Encryption (WAHC '13), April 2013
- Seny Kamara and Charalampos Papamanthou, Parallel and Dynamic Searchable Symmetric Encryption, in Financial Cryptography and Data Security (FC '13), April 2013
- Seny Kamara, Payman Mohassel and Ben Riva, Salus: A System for Server-Aided Secure Function Evaluation, in ACM Conference on Computer and Communications Security (CCS '12), October 2012
- Seny Kamara, Charalampos Papamanthou, Tom Roeder, Dynamic Searchable Symmetric Encryption, in ACM Conference on Computer and Communications Security (CCS '12), October 2012
- Melissa Chase and Ivan Visconti, Secure Database Commitments and Arguments of Quasi-Knowledge, Advances in Cryptology - CRYPTO, August 2012
- Gilad Asharov, Abhishek Jain, Adriana Lopez-Alt, Eran Tromer, Vinod Vaikuntanathan and Daniel Wichs, Multi-Party Computation with Low Communication, Computation and Interaction via Threshold FHE, in Advances in Cryptology - Eurocrypt, 2012
- Nishanth Chandran, Melissa Chase and Vinod Vaikuntanathan, Functional Re-Encryption and Collusion-Resistant Obfuscation, in Theory of Cryptography Conference (TCC '12), February 2012
- Bryan Parno, Mariana Raykova and Vinod Vaikuntanathan, How to Delegate and Verify in Public: Verifiable Computation from Attribute-Based Encryption, in Theory of Cryptography Conference (TCC '12), February 2012
- Zvika Brakerski, Craig Gentry and Vinod Vaikuntanathan, Fully-Homomorphic Encryption Without Bootsrapping, in Innovations in Theoretical Computers Science (ITCS '12), January 2012
- Thore Graepel, Krisitn Lauter and Michael Naehrig, ML Confidential: Machine Learning on Encrypted Data. IACR ePrint report 2012/323
- Shweta Agrawal, David Freedman and Vinod Vaikuntanathan, Functional Encryption for Inner Product Predicates from Learning with Errors, in Advances in Cryptology - Asiacrypt, December 2011
- Zvika Brakerski and Vinod Vaikuntanathan, Efficient Fully-Homomorphic Encryption from (Standard) LWE, in IEEE Foundations of Computer Science (FOCS '11), 2011
- Kristin Lauter, Michael Naehrig, and Vinod Vaikuntanathan, Can Homomorphic Encryption be Practical?, in ACM Cloud Computing Security Workshop (CCSW '11), October 2011
- Zvika Brakerski and Vinod Vaikuntanathan, Fully-Homomorphic Encryption from Ring LWE and Security for Key Dependent Messages, in Advances in Cryptology - CRYPTO, August 2011
- Seny Kamara and Mariana Raykova, Secure Outsourced Computation in a Multi-Tenant Cloud, in Workshop on Security and Cryptography in Clouds, 2011
- Seny Kamara, Payman Mohassel and Mariana Raykova, Outsourcing Multi-Party Computation, IACR ePrint report 2011/272
- Reza Curtmola, Juan Garay, Seny Kamara, and Rafail Ostrovsky, Searchable Symmetric Encryption: Improved Definitions and Efficient Constructions, in Journal of Computer Security, IOS Press, 2011
- Melissa Chase and Seny Kamara, Structured Encryption and Controlled Disclosure, in Advances in Cryptology - ASIACRYPT 2010, Springer Verlag, December 2010
- Seny Kamara and Kristin Lauter, Cryptographic Cloud Storage, in Proceedings of Financial Cryptography: Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS '10), January 2010
- Giuseppe Ateniese, Seny Kamara, and Jonathan Katz, Proofs of Storage from Homomorphic Identification Protocols, in Advances in Cryptology - ASIACRYPT '09, Springer Verlag, December 2009
- Melissa Chase and Sherman S.M. Chow, Improving Privacy and Security in Multi-Authority Attribute-Based Encryption, in the ACM Computer and Communications Security Conference (CCS '09), November 2009
- Melissa Chase, Kristin Lauter, Josh Benaloh, and Eric Horvitz, Patient Controlled Encryption: patient privacy in electronic medical records, in the ACM Cloud Computing Security Workshop (CCSW '09), November 2009
- Alice and Bob in Cipherspace (American Scientist)
- A Cloud that Can't Leak (MIT Tech. Review)
- Considerations for the Cryptographic Cloud (HPC in the Cloud)
- Security in the Cloud (Comm. of the ACM)
- Security in the Ether (MIT Tech. Review)
- Video: searchable encryption (MIT Tech. Review)
- Searching an encrypted cloud (MIT Tech. Review)
Conferences & Workshops
ACM Cloud Computing Security Workshop (October, 2012)
Workshop on Cloud Cryptography (August 5 & 6, 2010)