Recently, the digital world has moved to a "cloud" computing and storage model, where businesses are offering storage space, computing power, and access to applications for rent. While this new model presents numerous opportunities, consumers of cloud services will face new challenges in data privacy and integrity.
New practical cryptographic schemes for the cloud environment are the expected direct outcomes of this research. On the data privacy front, the goal is to use rental services to efficiently compute on sensitive data without exposing it to the server performing the computation. As a special case, schemes are needed for delegating sensitive capabilities to a partially trusted server. The server will only be able to perform actions allowed by the capability. For example, a user might grant her mail server the right to forward her encrypted email to a colleague without allowing the mail server to read her email. On the data integrity front, the goal is to develop techniques for digitally signing data so that any portion of the data may be quoted or redacted in an authenticated manner. A final goal is to study related foundational questions regarding circular encryption and the limitations of bilinear groups in cryptography.
This research develops ideas and implementations for the efficient use of computing resources for rent. Its broader impact is in protecting data privacy and integrity for all users of these popular services.
Over the nine months of this project, four novel cryptographic systems were developed or refined. Documentation was produced and made publicly available which precisely describes how to implement these systems, formally models which security attacks they withstand, and rigorously analyzes the system for security flaws in these settings. The work completed is in the areas of digital signatures, encryption and secure database transactions. In particular, the most novel intellectual contributions are: 1. Novel techniques for computing on and quickly processing data authenticated by a digital signature, with direct applications to cloud computing. 2. A new encryption system which demonstrates that the current security standards for encryption are not sufficient for some applications where the secret keys themselves may form part of the encrypted message (such as if two users exchange their secret keys via encrypted email). 3. A practical method for securing database transactions, which offers attractive privacy guarantees for both the server and the client. The work on digital signatures includes collaborations with IBM Research and has potential for commercial development. The PI on this project is a woman. Her current and former graduate students were involved in the majority of this research, although not financially supported by this grant.
