This project aims at developing efficient methods for protecting the privacy of computations on outsourced data in distributed settings. The project addresses the design of an outsourced storage framework where the access pattern observed by the storage server gives no information about the actual data accessed by the client and cannot be correlated with external events. For example, the server cannot determine whether a certain item was previously accessed by the client or whether a certain algorithm is being executed. This property provides a high level of privacy protection that goes far beyond standard data encryption. The project also deals with advanced methods for verifying the correctness of outsourced computations, focusing on keyword searches and graph algorithms. The educational component of the project includes a curricular development effort for introductory computer security courses.
The project has applications to a broad range of web services widely used by business and consumers. Privacy-preserving access for outsourced data is relevant to web-based email and office applications. Also, it is especially important for the management of proprietary business data, medical data, and other sensitive personal data.
