Date of Completion

8-16-2016

Embargo Period

8-16-2017

Keywords

Data sharing, data processing, privacy

Major Advisor

Aggelos Kiayias

Co-Major Advisor

Bing Wang

Associate Advisor

Sanguthevar Rajasekaran

Associate Advisor

Alexander Russell

Associate Advisor

Donald Sheehy

Field of Study

Computer Science and Engineering

Degree

Doctor of Philosophy

Open Access

Campus Access

Abstract

Cloud computing has become a ubiquitous mechanism to store, share and process data. To preserve data privacy, a data owner may encrypt the data before uploading it to the cloud. The encryption, however, also needs to support efficient data sharing and processing to preserve the utility of the data. In this dissertation, we investigate secure and efficient data sharing and processing in the cloud. The first part of the dissertation focuses on secure and efficient encrypted keyword search for multi-user data sharing. Specifically, a data owner outsources a set of encrypted files to an untrusted cloud server, shares it with a set of users, and a user is allowed to search keywords in a subset of the files that he is authorized to access. We propose a secure and efficient Multi-user Encrypted Keyword Search (SEMEKS) scheme. In this scheme, (a) each user has a constant size secret key, (b) each user generates a constant size trapdoor for a keyword without getting any help from any party (e.g., data owner), independent of the number of the file that he is authorized to search, and (c) for the keyword ciphertexts of a file, the network bandwidth usage (from the data owner to the server) and storage overhead at the server do not depend on the number of users that are authorized to access the file. We show that our scheme has data privacy and trapdoor privacy. In the second part of the dissertation, we propose a new distributed parameter generation protocol that eliminates the need of a single trust party and works for a class of cryptographic primitives. In particular, it can be used to extend our SEMEKS scheme described earlier. It also has broad applications in distributed multi-party oriented cryptographic schemes, including broadcast encryption, revocation systems and identity-based encryption. Specifically, building upon previous distributed key generation protocols for discrete logarithms, we provide two new building blocks that one can use sequentially to derive distributed parameter generation protocols for a class of problems in the bilinear groups setting, most notably the n-Bilinear Diffie Hellman Exponentiation problem. The last part of the dissertation focuses on secure and efficient set intersection over encrypted data sets in a cloud setting. Basically, assume two users, Alice and Bob, outsource their encrypted datasets to a cloud server, and then want to perform an intersection operation over their encrypted data sets. Our construction, Secure Verifiable Delegated Set Intersection (SEVDSI), is efficient: the amount of communication between a user and the cloud server is linear in the set intersection cardinality, while the amount of computation (performed by the cloud server) is linear in the user’s dataset. In addition, SEVDSI provides verifiability (users can verify if the cloud server honestly computes the set intersection operation), forward secrecy (a user can add new data items to his current dataset efficiently and the cloud server is not able to figure out if the new data item satisfies set intersection protocol that was happened in the past), and multi-user set intersection (a user can do set intersection protocol many times with different users). To the best of our knowledge, SEVDSI is the first scheme that has all the above properties.

COinS