Privacy and accountability in cloud computation and storage
Cloud computing is a cost-effective computing paradigm for convenient, ondemand data access to a shared pool of configurable computing resources such as networks, servers, storage, applications, and services. While providing payper-use on-demand service to the service consumer, the cloud service provider should minimize computation error on data stored in a cloud storage server. If there is any error, one can recompute or restore the data, but a user cannot detect an error. There have been some approaches like verifiable computation, secure computation, and multi-party computation, which may find a useful application in cloud storage/computation services; however, most of these approaches assume that the computation’s logic on data is public. The problem becomes challenging when the logic of computation is hidden to clients. In this thesis, the notion of Private Polynomial Evaluation (PPE) is defined along with a new security model “indistinguishability against chosen function attack" (IND-CFA), where an adversary tries to guess which polynomial is used among two polynomials of his/her choice. The existing schemes on verifiable computation with hidden polynomial are not IND-CFA secure. The proposed scheme, Private IND-CFA Polynomial Evaluation (PIPE), is the first IND-CFA secure PPE. It is IND-CFA secure under the decisional Diffie-Hellman (DDH) assumption in the random oracle model. In a public cloud system, the cloud requires to verify a user’s identity before providing any service. Depending on the nature of applications, the cloud server’s computation may require to preserve the user’s identity from the cloud. For example, in healthcare applications, it is advisable to preserve the privacy of users and the privacy of the data. Another proposed scheme Verifiable Obvious IND-CFA Polynomial Evaluation scheme (VIP-POPE), in which the server computes over encrypted data, and provides proof of computation, preserve the privacy of the user’s data. The proposed scheme VIP-POPE preserves the user’s data privacy and is shown secure against IND-CFA adversary and Client’s Privacy-Indistiguishability (CPI) security under standard security models. The user’s identity verification with the cloud is not considered in the VIP-POPE scheme. In the proposed privacy-preserving verifiable computation (PriVC) scheme, the server can compute on the user’s encrypted data and provide the proof of computation that can be verified by the user. The PriVC preserves the user’s privacy and ensures the undeniability of the service offered and the service consumed. The PriVC scheme is secure under IND-CFA, and the proof of computation is non-repudiable and unforgeable in the standard model. Verification of the integrity of the data stored on the public cloud is another important aspect of cloud services. Users generally do not keep a local copy of the data after uploading it over the cloud, and it is hard to remember whole data. In such a scenario, modification or deletion of a small part of the data may go unnoticed. Even though public clouds put lots of effort into maintaining and securing their storage server to ensure an efficient and error-free storage service, one can not rule out the possibility of corruption in data due to human or machine error. Many schemes, like proof of storage (POS), proof of data possession (PDP), proof of retrievability (POR), have been introduced in the literature to address the storage issue. Although there are a few proof of storage with data deduplication (POSD) schemes exist, these schemes are inefficient for real-world applications. In data deduplication, the cloud keeps only one copy of multiple duplicate copies of data that ensures an efficient storage system, and therefore, one cannot ignore it in the cloud storage system. The existing schemes consider only filelevel deduplication, which does not improve storage efficiency much compared to block-level data deduplication. Using the idea of VIP-POPE scheme, a new efficient scheme, Data Deduplication with Proof of Storage DPoS, is proposed for proof of storage scheme with data deduplication at the block-level. Imagine a file as a polynomial by breaking the file in fixed-sized blocks and considering each block as a polynomial coefficient. With file as a polynomial, one can use the idea of VIP POPE scheme for proof of storage verification. The unforgeability security of the proposed scheme is proven under the discrete logarithm assumption. The DPoS scheme is efficient in comparison to other related schemes.
- PhD Theses