Trusted Computing and Cryptographic Techniques Better Together

Ms Tople Shruti Shrikant
Dr Saxena, Prateek, Dean'S Chair Assistant Professor, School of Computing

  13 Oct 2017 Friday, 10:00 AM to 11:30 AM

 MR1, COM1-03-19


Outsourcing user's private data to the cloud is becoming increasingly popular for both storage and computation. However, along with the benefits of using these services (for e.g., ease of use, availability and so on), outsourcing sensitive data to cloud providers exposes several privacy and security issues. Although the cloud provider might be trusted, a motivated adversary can compromise the VM hosting a cloud service or the host OS by exploiting bugs or vulnerabilities in the system. Such an adversary gets access to the entire private data uploaded to the cloud storage.

In this proposal, we investigate the problem of performing privacy preserving computation and access on user's data stored on an untrusted cloud. To this end, we design new security primitives by combining cryptographic techniques and trusted computing mechanisms. We demonstrate that these primitives perform better than existing solutions in this area. First, we present a switchable homomorphic engine that converts between partially-homomorphic encryption (PHE) schemes with a small TCB realised using any trusted computing techniques (such as Intel SGX). This primitive allows us to implement the capabilities of fully homomorphic encryption while maintaining acceptable performance overhead. Next, we show that side-channels are crucial in designing privacy preserving systems and encryption alone is not sufficient to prevent information leakage. We study existing methods to hide these channels. We present an impossibility result which states that blocking leakage from all the channels is not possible without incurring an exponential overhead in the performance. We show real world examples that fall in this category. Lastly, for future work, we aim to improve the security of traditional ORAM schemes for accessing data on an untrusted cloud using trusted hardware in a data sharing setting.