| With the rapid development of cloud computing,all kinds of information system gradually been migrated to the cloud.These cloud-based systems has become critical infrastructure for modern society,and will play more and more important role.Many things are changed under the new computing scenarios,e.g.,the boundary of informa-tion system are broken,data is highly concentrated,and the data owner and controller are not the same entity.All these changes put many challenges over data security and privacy protection.Endless security and privacy incidents happen every day,which attracts world-wide attentions.Nowadays,many countries gradually enact laws and regulations over data privacy,e.g.,the General Data Protection Regulation(GDPR)from European Union as well as draft of the Data Security Law from China,which sets a higher demand over data security and privacy.The core demand is how to integrate utility with privacy,which allows us to enjoy convenience without sacrificing privacy.In crytography,secure multi-party computa-tion is an important approach to meet the demon.Secure computation was proposed by Andrew Yao in 1980s,it allows different parties to compute functions over their joint inputs without disclosing the inputs.In the early times,secure computation,as a the-ory interest,greatly push the development of cryptographic protocols.Recently,with the improvement of computing power and advancement of secure computation,secure computation gradually becomes practical.Especially in the era with tightening priva-cy regulation,we have strong desire to deploy secure computation to solve real-world challenges.In cloud-computing setting,practical secure computation can be wildly applied into the whole life of data including data store,process,computation and sharing.In terms of data store,many data are stored on the cloud.In some cases,the cloud user wants to perform search or update operations meanwhile maintaining data privacy.For this case,the researcher proposed and developed search encryption,which allows cloud user to perform search operation over remote encrypted data,with only small amount of leakage learned by the server.In terms of computation,a user can leverage multiple cloud servers to perform secret-sharing based secure computation to complete certain computation without disclosing the private inputs.Also,different companies and orga-nizations can leverage secure computation to mine valuable information from their joint data without violating existing privacy regulations.Nowadays,secure computation is regarded as one of the most promising techniques for protecting the whole life of data.This thesis covers practical secure computation techniques for data privacy,which includes searchable encryption(SE),secret sharing and private set intersection(PSI).·SE with enhanced security.Recently,some works show that the leakage in SE can be exploited to perfrom certain attacks.We will investage how to reduce these leakage to design SE with enhanced security.1.We firstly try to reduce update leakage in existing searchable encryption schemes.Forward privacy is an important security property to eliminate up-date leakage.However,previous forward private searchable encryption con-structions own high communication and computation overhead.We solve the openquestion on how to design forward private SE with only symmet-ric techniques,and propose two constructions.Complexity-wise,both two constructions achieve optimal computation and communication complexity.For concrete efficiency,our constructions are 10 x faster in update efficien-cy compared with previous asymmetric-based construction.2.Forward privacy only reduce leakage during update phrase,a more difficult aspect is how to reduce the leakage during search protocol.Usually,most SE scheme will leak search pattern(whether two queries are performed to the same keywords)and access pattern(the corresponding search result for each query),which are regarded as standard leakage for a long time.In this work,we design a SE scheme with tunable leakage under multi-server setting.Our design allows us to find the best trade-off between security and efficiency under different scenarios.Secret Sharing with Enhanced Property and Its Application.Secret sharing is an important cryptographic primitives for secure computation.In outsourced compouting seconarios,a user shares her data among multiple share holders,then the dealer can instruct the share holder to perform share-based secure computa-tion,meanwhile maintaining the underlying data being private.In this work,we show how to integrate a penalty mechanism into secret sharing scheme.We an-swer a question on how to penalize the share holders when an outside attacker obtains the private data.To this end,we design a serial of protocols to pack the dealer's data and share holders' secret key for cryptocurrency together,and final-ly shared among all shared holders.To enforce automatic penalty,we design a s-mart contract.Notably,our secret sharing scheme still allows shared-based secure computation if the shared data is not leaked,and the secret key of cryptocurrency remains secure.We also do implementation and report concrete efficiency.·Private Set Intersection(PSI).In a PSI protocol,each party holds a set,they want to compute the intersection elements meanwhile remaining other informa-tion private.However,in some cases the parties may only want to compute some functions of the intersection,without revealing any information of the intersec-tion elements.For this setting,we design a serial of protocols that computes some functions of the intersection,which includes intersection cardinality,union cardi-nality,sum of intersection payload,etc.Moreover,our protocol can be used as an preprocessing protocol for any generic secure computation over set intersection.In summary,aiming to solve challenges of data security and privacy protection in the new computing scenarios,we design practical secure computation techniques for secure and privacy preserving data store,processing and computation,and improve their usability in security,efficiency and functionality. |
PDF Full Text Request