Pengfei Wu,Qi Li,Jianting Ning,Xinyi Huang,Wei Wu

DOI: https://doi.org/10.1109/tdsc.2021.3106317

2022-01-01

Abstract:A privacy-preserving data analytics system enables a cloud user to perform the distributed job in a secure manner such that the data privacy can be guaranteed during the cloud-outsourced computation. However, many SGX-based solutions are vulnerable to some side-channel attacks, including the access pattern leakage from both network and memory. Several data-oblivious algorithms with full obliviousness have been proposed in the literature, but they are impractical to be used in the cloud due to the expensive computational overhead. In this article, we propose a DPSpark system with the security defined in a notion of $(\epsilon,\delta)$ -differentially private obliviousness ( $(\epsilon,\delta)$ -DPO), which relaxes full obliviousness to enable an efficiency improvement. Based on this definition, we present a perturbation-shuffle-analysis (PSA) computing architecture and design several typical differentially oblivious operators. In further, we optimize the system efficiency by reducing the number of oblivious shuffles and choosing an appropriate privacy budget. Finally, we benchmark the system in different parameters. The experimental results show that DPSpark significantly outperforms two state-of-the-art solutions, only with 10.1-85.4 percent additional overhead performing an SGX-based data analysis application.

Pengfei Wu,Jianting Ning,Wu Luo,Xinyi Huang,Debiao He

DOI: https://doi.org/10.1109/tsc.2021.3123511

IF: 11.019

2021-01-01

IEEE Transactions on Services Computing

Abstract:Nowadays, data privacy is one of the most critical concerns in cloud computing, and many privacy-preserving distributed computing systems based on the trusted execution environment (e.g., Intel SGX) have been proposed to protect the user's privacy during cloud-outsourced computation. However, these SGX-based solutions are vulnerable to some traffic analyses, and loading all tasks into the enclave introduces much overhead for frequent EPC-paging. In this article, we propose a T-SGX framework, which keeps the confidentiality of a distributed job and guarantees the system efficiency by allowing dynamically loading an enclave shared object for the task under processing. In T-SGX, all these objects are secretly shared and stored in a verifiably distributed share management system (SMS) outside the TCB. To mitigate the exposure of sensitive information, we present an efficient oblivious transfer (OT) protocol under the Decisional Diffie-Hellman (DDH) assumption for obliviously transmitting desired shares. Detailed security analysis demonstrates that the proposed T-SGX achieves the goal of secure distributed computing without privacy leakage to unauthorized parties. Finally, we benchmark the framework in six real-world applications, and the experimental results show that T-SGX significantly outperforms a state-of-the-art solution, with 11.9%-29.7% less overhead performing an SGX-based application.

Zishuai Song,Hui Ma,Rui Zhang,Wenhan Xu,Jianhao Li

DOI: https://doi.org/10.1109/tifs.2023.3266164

IF: 7.231

2023-04-21

IEEE Transactions on Information Forensics and Security

Abstract:Cloud-edge computing is a new paradigm for data sharing. Many computation tasks are assigned to multiple edge nodes to mitigate the computing burden of the cloud and data is also outsourced to them to provide real-time services for IoT devices. However, two major issues remain, namely data privacy and real-world deployment. According to the data privacy rights and principles that stated by General Data Protection Regulation (GDPR), data access control, restriction of data processing and finding inaccuracy data are critical issues that should be tackled in cloud-edge computing. Besides, since there are various types of devices and many of them are resource-constrained, how to efficiently apply deployment in cloud-edge computing is challenging for practice. In this work, we propose a new cryptographic primitive Controllable Outsourced Attribute-Based Proxy Re-Encryption (COAB-PRE) and a universal WebAssembly-based implementation framework for cross-platform deployment. In particular, COAB-PRE achieves bilateral and distributed access control whereby data producers and data consumers can both specify policies the other party must satisfy without a centralized access control server. The property, that we called controllable delegation, restricts the data processing on the edge nodes. COAB-PRE also supports comprehensive verifiability to find out a wrong result produced by the edge nodes and locate the misbehaved one. Moreover, we further discussed the potential property of COAB-PRE and put forward an improved scheme with high efficiency on devices. We also implemented our scheme using the approach and deployed it on different devices for experiment. All theoretical and experimental results indicate that our solution is secure and practical, and our implementation is suitable for cloud-edge computing.

computer science, theory & methods,engineering, electrical & electronic

Zewei Liu,Chunqiang Hu,Ruinian Li,Tao Xiang,Xingwang Li,Jiguo Yu,Hui Xia

DOI: https://doi.org/10.1109/tcc.2022.3201401

IF: 5.697

2022-01-01

IEEE Transactions on Cloud Computing

Abstract:As one of the key technologies to enable the internet of things (IoT), cloud computing plays a significant role in providing huge computing and storage facilities for large-scale data. Though cloud computing brings great advantages, new issues emerge, such as data security breach and privacy disclosure. In this article, we introduce a novel secure and privacy-preserving outsourcing computing scheme (hereafter referred to as SPOCS) to tackle this issue. In SPOCS, the effective use of Intel Software Guard Extensions (SGX), one of the trusted execution environment (TEE), ensures the confidence and integrity of sensitive data in cloud computing and prevents data loss from causing privacy disclosure. In order to keep malicious cloud service providers (CSPs) from illegally tampering with the outsourcing results, blockchain is employed to ensure the data immutability. Significantly, our proposed scheme achieves anonymity and traceability. In the outsourcing process, smart contracts are applied to make the whole process fully automated without any human involvement. Finally, the security of the proposed scheme is analyzed in terms of its resistance to different attacks. The experiments indicate that our scheme is effective and efficient.

computer science, information systems, theory & methods

Yaxing Chen,Qinghua Zheng,Dan Liu,Zheng Yan,Wenhai Sun,Ning Zhang,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.48550/arxiv.1912.08454

2019-01-01

Abstract:While the security of the cloud remains a concern, a common practice is to encrypt data before outsourcing them for utilization. One key challenging issue is how to efficiently perform queries over the ciphertext. Conventional crypto-based solutions, e.g. partially/fully homomorphic encryption and searchable encryption, suffer from low performance, poor expressiveness and weak compatibility. An alternative method that utilizes hardware-assisted trusted execution environment, i.e., Intel SGX, has emerged recently. On one hand, such work lacks of supporting scalable access control over multiple data users. On the other hand, existing solutions are subjected to the key revocation problem and knowledge extractor vulnerability. In this work, we leverage the newly hardware-assisted methodology and propose a secure, scalable and efficient SQL-like query framework named QShield. Building upon Intel SGX, QShield can guarantee the confidentiality and integrity of sensitive data when being processed on an untrusted cloud platform. Moreover, we present a novel lightweight secret sharing method to enable multi-user access control in QShield, while tackling the key revocation problem. Furthermore, with an additional trust proof mechanism, QShield guarantees the correctness of queries and significantly alleviates the possibility to build a knowledge extractor. We implemented a prototype for QShield and show that QShield incurs minimum performance cost.

Chugui Xu,Ju Ren,Deyu Zhang,Yaoxue Zhang

DOI: https://doi.org/10.1109/mcom.2018.1701080

IF: 9.03

2018-01-01

IEEE Communications Magazine

Abstract:Edge computing has emerged as a promising paradigm for delay-sensitive and context-aware IoT data analytics, through migrating data processing from the cloud to the edge of the network. However, traditional solutions adopting homomorphic encryption to achieve data protection and aggregation at edge servers are infeasible because of their heavy computational overhead. How to preserve data privacy while guaranteeing data utility in edge computing becomes an extremely important problem for IoT data analytics. In this article, we propose a local differential privacy obfuscation (LDPO) framework for IoT data analytics to aggregate and distill the IoT data at the edge without disclosing users' sensitive data. We first introduce the architecture and benefits of the LDPO framework, followed by some technical challenges in guaranteeing its performance. Then we present a preliminary implementation of the LDPO framework, and validate its performance in terms of privacy preservation level and data utility using real-world apps and datasets. Some future directions are finally envisioned for further research.

Riad Ladjel,Nicolas Anciaux,Aurélien Bellet,Guillaume Scerri

DOI: https://doi.org/10.48550/arXiv.2112.12411

2021-12-23

Abstract:Imagine a group of citizens willing to collectively contribute their personal data for the common good to produce socially useful information, resulting from data analytics or machine learning computations. Sharing raw personal data with a centralized server performing the computation could raise concerns about privacy and a perceived risk of mass surveillance. Instead, citizens may trust each other and their own devices to engage into a decentralized computation to collaboratively produce an aggregate data release to be shared. In the context of secure computing nodes exchanging messages over secure channels at runtime, a key security issue is to protect against external attackers observing the traffic, whose dependence on data may reveal personal information. Existing solutions are designed for the cloud setting, with the goal of hiding all properties of the underlying dataset, and do not address the specific privacy and efficiency challenges that arise in the above context. In this paper, we define a general execution model to control the data-dependence of communications in user-side decentralized computations, in which differential privacy guarantees for communication patterns in global execution plans can be analyzed by combining guarantees obtained on local clusters of nodes. We propose a set of algorithms which allow to trade-off between privacy, utility and efficiency. Our formal privacy guarantees leverage and extend recent results on privacy amplification by shuffling. We illustrate the usefulness of our proposal on two representative examples of decentralized execution plans with data-dependent communications.

Cryptography and Security,Databases,Distributed, Parallel, and Cluster Computing,Machine Learning

Lifeng Zhou,Chunguang Li

DOI: https://doi.org/10.1109/access.2016.2535103

IF: 3.9

2016-01-01

IEEE Access

Abstract:Cloud computing enables customers with limited computational resources to outsource their huge computation workloads to the cloud with massive computational power. However, in order to utilize this computing paradigm, it presents various challenges that need to be addressed, especially security. As eigen-decomposition (ED) and singular value decomposition (SVD) of a matrix are widely applied in engineering tasks, we are motivated to design secure, correct, and efficient protocols for outsourcing the ED and SVD of a matrix to a malicious cloud in this paper. In order to achieve security, we employ efficient privacy-preserving transformations to protect both the input and output privacy. In order to check the correctness of the result returned from the cloud, an efficient verification algorithm is employed. A computational complexity analysis shows that our protocols are highly efficient. We also introduce an outsourcing principle component analysis as an application of our two proposed protocols.

Kai Fan,Tingting Liu,Kuan Zhang,Hui Li,Yintang Yang

DOI: https://doi.org/10.1016/j.jpdc.2019.09.008

IF: 4.542

2020-01-01

Journal of Parallel and Distributed Computing

Abstract:<p>With the development of computer technology, it makes malicious users more easily get data stored in cloud. However, these data are always related to users' privacy, and it is harmful when the data are acquired by attackers. Ciphertext-policy attribute-based encryption (CP-ABE) is suitable to achieve privacy and security in cloud. In this paper, we put forward a secure and efficient outsourced computation algorithm on data sharing scheme for privacy computing. Existing schemes only outsource decryption computation to the cloud, users still have heavy burden in encryption. In order to reduce the computing burden of users, most encryption and decryption computations are outsourced to the cloud service provider in our construction. At the same time, to apply in practice, we propose efficient user and attribute revocation. Finally, the security analysis and simulation results show that our scheme is secure and efficient compared with existing schemes.</p>

computer science, theory & methods

Taegyeong Lee,Zhiqi Lin,Saumay Pushp,Caihua Li,Yunxin Liu,Youngki Lee,Fengyuan Xu,Chenren Xu,Lintao Zhang,Junehwa Song

DOI: https://doi.org/10.1145/3300061.3345447

2019-01-01

Abstract:Deep-learning (DL) is receiving huge attention as enabling techniques for emerging mobile and IoT applications. It is a common practice to conduct DNN model-based inference using cloud services due to their high computation and memory cost. However, such a cloud-offloaded inference raises serious privacy concerns. Malicious external attackers or untrustworthy internal administrators of clouds may leak highly sensitive and private data such as image, voice and textual data. In this paper, we propose Occlumency, a novel cloud-driven solution designed to protect user privacy without compromising the benefit of using powerful cloud resources. Occlumency leverages secure SGX enclave to preserve the confidentiality and the integrity of user data throughout the entire DL inference process. DL inference in SGX enclave, however, impose a severe performance degradation due to limited physical memory space and inefficient page swapping. We designed a suite of novel techniques to accelerate DL inference inside the enclave with a limited memory size and implemented Occlumency based on Caffe. Our experiment with various DNN models shows that Occlumency improves inference speed by 3.6x compared to the baseline DL inference in SGX and achieves a secure DL inference within 72% of latency overhead compared to inference in the native environment.

D. Dhinakaran,D. Selvaraj,N. Dharini,S. Edwin Raja,C. Sakthi Lakshmi Priya

2024-07-09

Abstract:The intersection of cloud computing, blockchain technology, and the impending era of quantum computing presents a critical juncture for data security. This research addresses the escalating vulnerabilities by proposing a comprehensive framework that integrates Quantum Key Distribution (QKD), CRYSTALS Kyber, and Zero-Knowledge Proofs (ZKPs) for securing data in cloud-based blockchain systems. The primary objective is to fortify data against quantum threats through the implementation of QKD, a quantum-safe cryptographic protocol. We leverage the lattice-based cryptographic mechanism, CRYSTALS Kyber, known for its resilience against quantum attacks. Additionally, ZKPs are introduced to enhance data privacy and verification processes within the cloud and blockchain environment. A significant focus of this research is the performance evaluation of the proposed framework. Rigorous analyses encompass encryption and decryption processes, quantum key generation rates, and overall system efficiency. Practical implications are scrutinized, considering factors such as file size, response time, and computational overhead. The evaluation sheds light on the framework's viability in real-world cloud environments, emphasizing its efficiency in mitigating quantum threats. The findings contribute a robust quantum-safe and ZKP-integrated security framework tailored for cloud-based blockchain storage. By addressing critical gaps in theoretical advancements, this research offers practical insights for organizations seeking to secure their data against quantum threats. The framework's efficiency and scalability underscore its practical feasibility, serving as a guide for implementing enhanced data security in the evolving landscape of quantum computing and blockchain integration within cloud environments.

Cryptography and Security

Yilin Kang,Qiao Zhang,Bingbing Jiang,Youjun Bu

DOI: https://doi.org/10.3390/electronics13101805

IF: 2.9

2024-05-08

Electronics

Abstract:With the development of information technology, tremendous vulnerabilities and backdoors have evolved, causing inevitable and severe security problems in cyberspace. To fix them, the endogenous safety and security (ESS) theory and one of its practices, the Dynamic Heterogeneous Redundant (DHR) architecture, are proposed. In the DHR architecture, as an instance of the multi-heterogeneous system, a decision module is designed to obtain intermediate results from heterogeneous equivalent functional executors. However, privacy-preserving is not paid attention to in the architecture, which may cause privacy breaches without compromising the ESS theory. In this paper, based on differential privacy (DP), a theoretically rigorous privacy tool, we propose a privacy-preserving DHR framework called DP-DHR. Gaussian random noise is injected into each (online) executor output in DP-DHR to guarantee DP, but it also makes the decision module unable to choose the final result because each executor output is potentially correct even if it is compromised by adversaries. To weaken this disadvantage, we propose the advanced decision strategy and the hypersphere clustering algorithm to classify the perturbed intermediate results into two categories, candidates and outliers, where the former is closer to the correct value than the latter. Finally, the DP-DHR is proven to guarantee DP, and the experimental results also show that the utility is not sacrificed for the enhancement of privacy by much (a ratio of 4–7% on average), even in the condition of some executors (less than one-half) being controlled by adversaries.

engineering, electrical & electronic,computer science, information systems,physics, applied

Francesco Pagano

DOI: https://doi.org/10.48550/arXiv.1503.08115

2015-03-27

Abstract:The increasing adoption of Cloud-based data processing and storage poses a number of privacy issues. Users wish to preserve full control over their sensitive data and cannot accept it to be fully accessible to an external storage provider. Previous research in this area was mostly addressed at techniques to protect data stored on untrusted database servers; however, I argue that the Cloud architecture presents a number of specific problems and issues. This dissertation contains a detailed analysis of open issues. To handle them, I present a novel approach where confidential data is stored in a highly distributed partitioned database, partly located on the Cloud and partly on the clients. In my approach, data can be either private or shared; the latter is shared in a secure manner by means of simple grant-and-revoke permissions. I have developed a proof-of-concept implementation using an in-memory RDBMS with row-level data encryption in order to achieve fine-grained data access control. This type of approach is rarely adopted in conventional outsourced RDBMSs because it requires several complex steps. Benchmarks of my proofof-concept implementation show that my approach overcomes most of the problems.

Cryptography and Security,Databases

Jingwen Suo,Lize Gu,Xingyu Yan,Sijia Yang,Xiaoya Hu,Licheng Wang

DOI: https://doi.org/10.1186/s12859-023-05157-8

IF: 3.307

2023-01-31

BMC Bioinformatics

Abstract:Background: As one of the fundamental problems in bioinformatics, the double digest problem (DDP) focuses on reordering genetic fragments in a proper sequence. Although many algorithms for dealing with the DDP problem were proposed during the past decades, it is believed that solving DDP is still very time-consuming work due to the strongly NP-completeness of DDP. However, none of these algorithms consider the privacy issue of the DDP data that contains critical business interests and is collected with days or even months of gel-electrophoresis experiments. Thus, the DDP data owners are reluctant to deploy the task of solving DDP over cloud. Results: Our main motivation in this paper is to design a secure outsourcing computation framework for solving the DDP problem. We at first propose a privacy-preserving outsourcing framework for handling the DDP problem by using a cloud server; Then, to enable the cloud server to solve the DDP instances over ciphertexts, an order-preserving homomorphic index scheme (OPHI) is tailored from an order-preserving encryption scheme published at CCS 2012; And finally, our previous work on solving DDP problem, a quantum inspired genetic algorithm (QIGA), is merged into our outsourcing framework, with the supporting of the proposed OPHI scheme. Moreover, after the execution of QIGA at the cloud server side, the optimal solution, i.e. two mapping sequences, would be transferred publicly to the data owner. Security analysis shows that from these sequences, none can learn any information about the original DDP data. Performance analysis shows that the communication cost and the computational workload for both the client side and the server side are reasonable. In particular, our experiments show that PP-DDP can find optional solutions with a high success rate towards typical test DDP instances and random DDP instances, and PP-DDP takes less running time than DDmap, SK05 and GM12, while keeping the privacy of the original DDP data. Conclusion: The proposed outsourcing framework, PP-DDP, is secure and effective for solving the DDP problem.

Chongchong Zhao,Daniyaer Saifuding,Hongliang Tian,Yong Zhang,Chunxiao Xing

DOI: https://doi.org/10.1109/wisa.2016.45

2016-01-01

Abstract:As cloud computing is widely used in various fields, more and more individuals and organizations are considering outsourcing data to the public cloud. However, the security of the cloud data has become the most prominent concern of many customers, especially those who possess a large volume of valuable and sensitive data. Although some technologies like Homomorphic Encryption were proposed to solve the problem of secure data, the result is still not satisfying. With the advent of Intel SGX processor, which aims to thoroughly eliminate the security concern of cloud environment in a hardware-assisted approach, it brings us a number of questions on its features and its practicability for the current cloud platform. To evaluate the potential impact of Intel SGX, we analyzed the current SGX programming mode and inferred some possible factors that may arise the overhead. To verify our performance hypothesis, we conducted a systematic study on SGX performance by a series of benchmark experiments. After analyzing the experiment result, we performed a workload characterization to help programmer better exploit the current availability of Intel SGX and identify feasible research directions.

Lifei Wei,Haojin Zhu,Zhenfu Cao,Xiaolei Dong,Weiwei Jia,Yunlu Chen,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.ins.2013.04.028

IF: 8.1

2013-01-01

Information Sciences

Abstract:Cloud computing emerges as a new computing paradigm that aims to provide reliable, customized and quality of service guaranteed computation environments for cloud users. Applications and databases are moved to the large centralized data centers, called cloud. Due to resource virtualization, global replication and migration, the physical absence of data and machine in the cloud, the stored data in the cloud and the computation results may not be well managed and fully trusted by the cloud users. Most of the previous work on the cloud security focuses on the storage security rather than taking the computation security into consideration together. In this paper, we propose a privacy cheating discouragement and secure computation auditing protocol, or SecCloud, which is a first protocol bridging secure storage and secure computation auditing in cloud and achieving privacy cheating discouragement by designated verifier signature, batch verification and probabilistic sampling techniques. The detailed analysis is given to obtain an optimal sampling size to minimize the cost. Another major contribution of this paper is that we build a practical secure-aware cloud computing experimental environment, or SecHDFS, as a test bed to implement SecCloud. Further experimental results have demonstrated the effectiveness and efficiency of the proposed SecCloud.

Yaxing Chen,Qinghua Zheng,Zheng Yan,Dan Liu

DOI: https://doi.org/10.1109/tpds.2020.3024880

IF: 5.3

2021-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Due to the concern on cloud security, digital encryption is applied before outsourcing data to the cloud for utilization. This introduces a challenge about how to efficiently perform queries over ciphertexts. Crypto-based solutions currently suffer from limited operation support, high computational complexity, weak generality, and poor verifiability. An alternative method that utilizes hardware-assisted Trusted Execution Environment (TEE), i.e., Intel SGX, has emerged to offer high computational efficiency, generality and flexibility. However, SGX-based solutions lack support on multi-user query control and suffer from security compromises caused by untrustworthy TEE function invocation, e.g., key revocation failure, incorrect query results, and sensitive information leakage. In this article, we leverage SGX and propose a secure and efficient SQL-style query framework named QShield. Notably, we propose a novel lightweight secret sharing scheme in QShield to enable multi-user query control; it effectively circumvents key revocation and avoids cumbersome remote attestation for authentication. We further embed a trust-proof mechanism into QShield to guarantee the trustworthiness of TEE function invocation; it ensures the correctness of query results and alleviates side-channel attacks. Through formal security analysis, proof-of-concept implementation and performance evaluation, we show that QShield can securely query over outsourced data with high efficiency and scalable multi-user support.

Zihao Shan,Kui Ren,Marina Blanton,Cong Wang

DOI: https://doi.org/10.1145/3158363

IF: 16.6

2019-03-31

ACM Computing Surveys

Abstract:The rapid development of cloud computing promotes a wide deployment of data and computation outsourcing to cloud service providers by resource-limited entities. Based on a pay-per-use model, a client without enough computational power can easily outsource large-scale computational tasks to a cloud. Nonetheless, the issue of security and privacy becomes a major concern when the customer’s sensitive or confidential data is not processed in a fully trusted cloud environment. Recently, a number of publications have been proposed to investigate and design specific secure outsourcing schemes for different computational tasks. The aim of this survey is to systemize and present the cutting-edge technologies in this area. It starts by presenting security threats and requirements, followed with other factors that should be considered when constructing secure computation outsourcing schemes. In an organized way, we then dwell on the existing secure outsourcing solutions to different computational tasks such as matrix computations, mathematical optimization, and so on, treating data confidentiality as well as computation integrity. Finally, we provide a discussion of the literature and a list of open challenges in the area.

computer science, theory & methods

Zongda Wu,Guandong Xu,Chenglang Lu,Enhong Chen,Fang Jiang,Guiling Li

DOI: https://doi.org/10.1007/s11280-017-0491-8

2017-01-01

World Wide Web

Abstract:Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.

Pengfei Wu,Robert Deng,Qingni Shen,Ximeng Liu,Qi Li,Zhonghai Wu

DOI: https://doi.org/10.1109/tdsc.2019.2948835

2019-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Anonymous Communication (AC) hides traffic patterns and protects message metadata from being leaked during message transmission. Many practical AC systems have been proposed aiming to reduce communication latency and support a large number of users. However, how to design AC systems which possess strong security property and at the same time achieve optimal performance (i.e., the lowest latency or highest horizontal scalability) has been a challenging problem. In this paper, we propose an ObliComm framework, which consists of six modular AC subroutines. We also present a strong security definition for AC, named oblivious communication, encompassing confidentiality, unobservability, and a new requirement sending-and-receiving operation hiding. The AC subroutines in ObliComm allow for modular construction of oblivious communication systems in different network topologies. All constructed systems satisfy oblivious communication definition and can be provably secure in the universal composability (UC) framework. Additionally, we model the relationship between the network topology and communication measurements by queuing theory, which enables the system's efficiency can be optimized and estimated by quantitative analysis and calculation. Through theoretical analyses and empirical experiments, we demonstrate the efficiency of our scheme and soundness of the queuing model.