Abstract
Secure outsourcing of computation to an untrusted (cloud) service provider is becoming more and more important. Pure cryptographic solutions based on fully homomorphic and verifiable encryption, recently proposed, are promising but suffer from very high latency. Other proposals perform the whole computation on tamper-proof hardware and usually suffer from the the same problem. Trusted computing (TC) is another promising approach that uses trusted software and hardware components on computing platforms to provide useful mechanisms such as attestation allowing the data owner to verify the integrity of the cloud and its computation. However, on the one hand these solutions require trust in hardware (CPU, trusted computing modules) that are under the physical control of the cloud provider, and on the other hand they still have to face the challenge of run-time attestation.
In this paper we focus on applications where the latency of the computation should be minimized, i.e., the time from submitting the query until receiving the outcome of the computation should be as small as possible. To achieve this we show how to combine a trusted hardware token (e.g., a cryptographic coprocessor or provided by the customer) with Secure Function Evaluation (SFE) to compute arbitrary functions on secret (encrypted) data where the computation leaks no information and is verifiable. The token is used in the setup phase only whereas in the time-critical online phase the cloud computes the encrypted function on encrypted data using symmetric encryption primitives only and without any interaction with other entities.
Supported by EU FP7 projects CACE and UNIQUE, and ECRYPT II.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Amazon Elastic Compute Cloud (EC2), http://aws.amazon.com/ec2
Amazon Simple Storage Service (S3), http://aws.amazon.com/s3
Atallah, M.J., Pantazopoulos, K.N., Rice, J.R., Spafford, E.H.: Secure outsourcing of scientific computations. Advances in Computers 54, 216–272 (2001)
Berger, S., Caceres, R., Goldman, K.A., Perez, R., Sailer, R., Doorn, L.v.: vTPM: Virtualizing the Trusted Platform Module. In: USENIX Security Symposium (USENIX 2006), pp. 305–320. USENIX Association (2006)
Bussani, A., Griffin, J.L., Jasen, B., Julisch, K., Karjoth, G., Maruyama, H., Nakamura, M., Perez, R., Schunter, M., Tanner, A., Van Doorn, L., Herreweghen, E.V., Waidner, M., Yoshihama, S.: Trusted Virtual Domains: Secure Foundations for Business and IT Services. Technical Report Research Report RC23792, IBM Research (November 2005)
Cabuk, S., Dalton, C.I., Eriksson, K., Kuhlmann, D., Ramasamy, H.G.V., Ramunno, G., Sadeghi, A.-R., Schunter, M., Stüble, C.: Towards automated security policy enforcement in multi-tenant virtual data centers. Journal of Computer Security 18, 89–121 (2010)
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: ACM Workshop on Cloud Computing Security (CCSW 2009), pp. 85–90. ACM, New York (2009)
Cloud Security Alliance (CSA). Top threats to cloud computing, version 1.0 (March 2010), http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
Dijk, M.v., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. Cryptology ePrint Archive, Report 2009/616 (2009), http://eprint.iacr.org ; To appear at EUROCRYPT 2010
Garay, J.A., Kolesnikov, V., McLellan, R.: MAC precomputation with applications to secure memory. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 427–442. Springer, Heidelberg (2009)
Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. Cryptology ePrint Archive, Report 2009/547 (2009), http://eprint.iacr.org
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: ACM Symposium on Theory of Computing (STOC 2009), pp. 169–178. ACM, New York (2009)
Google App Engine, https://appengine.google.com
Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)
IBM. IBM Cryptocards, http://www-03.ibm.com/security/cryptocards/
Järvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Embedded SFE: Offloading server and network using hardware tokens. In: Financial Cryptography and Data Security (FC 2010), January 25-28. LNCS, Springer, Heidelberg (2010)
Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC (2001)
Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS 2010) - co-located with Financial Cryptography, January 2010, LNCS. Springer, Heidelberg (to appear 2010)
Kolesnikov, V., Schneider, T.: Improved garbled circuit: Free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-hashing for message authentication. RFC 2104 (Informational) (February 1997), http://tools.ietf.org/html/rfc2104
Microsoft SQL Azure, http://www.microsoft.com/windowsazure
NIST, U.S. National Institute of Standards and Technology. Federal information processing standards (FIPS 197). Advanced Encryption Standard (AES) (November 2001), http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
NIST, U.S. National Institute of Standards and Technology. Federal information processing standards (FIPS 180-2). Announcing the Secure Hash Standard (August 2002), http://csrc.nist.gov/publications/fips/fips180-2/fips-180-2.pdf
Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)
Smart, N.P., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: PKC 2010. LNCS. Springer, Heidelberg (2010); Cryptology ePrint Archive, Report 2009/571, http://eprint.iacr.org
Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Computer Networks 31(8), 831–860 (1999); Special Issue on Computer Network Security
Song, J.H., Poovendran, R., Lee, J., Iwata, T.: The AES-CMAC Algorithm. RFC 4493 (Informational) (June 2006), http://tools.ietf.org/html/rfc4493
Trusted Computing Group (TCG). TPM main specification. Main specification, Trusted Computing Group (May 2009), http://www.trustedcomputinggroup.org
Yao, A.C.: How to generate and exchange secrets. In: IEEE Symposium on Foundations of Computer Science (FOCS 1986), pp. 162–167. IEEE, Los Alamitos (1986)
Yee, B.S.: Using Secure Coprocessors. PhD thesis, School of Computer Science, Carnegie Mellon University, CMU-CS-94-149 (May 1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sadeghi, AR., Schneider, T., Winandy, M. (2010). Token-Based Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-13869-0_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13868-3
Online ISBN: 978-3-642-13869-0
eBook Packages: Computer ScienceComputer Science (R0)