[Busec] Monday group meeting with Nikos

Sharon Goldberg goldbe at cs.bu.edu
Thu Nov 17 08:56:31 EST 2011


Group meeting is on for Monday 1PM in MCS137.  Nikos will be presenting
and lunch will be served.

Hourglass Schemes: How to Prove that Cloud Files Are Encrypted

We consider the following challenge: How can a cloud provider prove to
a tenant that it's encrypting files at rest, when the provider itself
holds the corresponding encryption keys? Such proofs demonstrate sound
encryption policies and file confidentiality. (Cheating, cost-cutting,
or misconfigured providers may bypass the computational and management
burdens of encryption and store plaintext files.)

To address this problem, we propose hourglass schemes, protocols that
prove correct encryption of files at rest by imposing a resource
requirement (e.g., time) on the process of translating files from one
encoding domain (i.e., plaintext) to a different, target domain (i.e.,
ciphertext).  Our more practical hourglass schemes exploit common
cloud infrastructure characteristics, such as limited file-system
parallelism and the use of rotational hard drives for at-rest
files. For files of modest size, we describe an hourglass scheme that
exploits trapdoor one-way permutations to prove correct file
encryption whatever the underlying storage medium. We experimentally
validate the practicality of our proposed schemes, the fastest of
which incurs minimal overhead beyond the cost of encryption.

This is joint work with M. van Dijk, A. Juels, A. Oprea (RSA Labs),
E. Stefanov (Berkeley) and R. Rivest (MIT).

Sharon Goldberg
Computer Science, Boston University

More information about the Busec mailing list