ENEE759L/CMSC818L: Cloud Computing Security (Spring 2014)

Course Information

Important Deadlines and Grading

Course Calendar

Date Title Lecture Summary
01/27/14Introduction. C. Papamanthou Introduced the thematic areas that we are going to talk about during this semester. Relevant papers: (i) cryptographic_cloud_storage (ii) data_protection.
01/29/14Secure storage. C. PapamanthouTalked about various implementations of secure READ/WRITE using Merkle trees with (i) collision resistant hashing; (ii) message authentication codes. Discussed various trade-offs including public verifiability, communication cost and replay attacks. Relevant papers: (i) merkle_tree (ii) memory_checking (iii) certificate_update.
02/03/14Authenticated data structures. C. PapamanthouTalked about (i) Proofs of retrievability and why error correcting codes are useful for solving this problem. (ii) the overhead involved in implementing secure data structures using secure READ/WRITE and how authenticated data structures can help us reduce this overhead. (iii) a specific implementation of an authenticated data structure, i.e., an authenticated skip list. (iv) accumulator-based authenticated data structures. Relevant papers: (i) por (ii) dyn_por (iii) auth_skip_list (iv) accumulator.
02/05/14Database privacy. C. PapamanthouTalked about (i) Strong RSA assumption and a proof of security for cloud membership queries; (ii) Dababase privacy and the CryptDB system that supports a rich series of SQL queries over encrypted data. Relevant papers: (i) non_membership (ii) crypt_db.
02/10/14Searchable encryption. C. PapamanthouTalked about (i) Naive solutions for searchable encryption; (ii) The scheme of Curtmola, Garay, Kamara and Ostrovsky. Relevant papers: (i) sse_1 (ii) sse_2.
02/12/14Oblivious computation. C. PapamanthouTalked about (i) Conjunctive searchable symmetric encryption; (ii) Square root algorithm for oblivious RAM. Relevant papers: (i) oram_1 (ii) binary_oram.
02/17/14Generalized verifiable computation. C. PapamanthouTalked about (i) The verifiable computation system Pinocchio; (ii) How to verify the execution of RAM programs. Relevant papers: (i) pinocchio (ii) pantry.
02/19/14Fully-homomorphic encryption. C. PapamanthouPresented a simple fully-homomorphic encryption scheme and introduced the notion of bootstrapping. Relevant papers: (i) fhe_first (ii) fhe_integers.
02/24/14Invited lecture. T. Dumitras Slides: Security data science.
02/26/14Invited lecture. A. Miller Slides: Programming languages, authenticated data structures and Bitcoin.
03/03/14No lecture due to snowstorm.
03/05/14Student presentation. N. Seekhao Slides (here): Practical techniques for searches on encrypted data, SSP 2000 (Song, Perrig, Wagner).
03/10/14Student presentation. H. Mushtaq Slides (here): Fully homomorphic encryption over the integers, EUROCRYPT 2010 (van Dijk, Gentry, Halevi, Vaikuntanathan).
03/12/14Student presentation. E. Paraskevas Slides (here): Shortest path computation with no information leakage, VLDB 2012 (Mouratidis, Yiu).
03/24/14Student presentation. A. Sharma Slides (here): How efficient can memory checking be?, TCC 2008 (Dwork, Naor, Rothblum, Vaikuntanathan).
03/26/14Invited lecture. Y. Huang Slides: Secure multi-party computation
03/31/14Invited lecture. H. Rossman (Amazon) Slides:
04/02/141st Student presentation. N. Seekhao Slides (here): Efficient Verification of Shortest Path Search via Authenticated Hints, ICDE 2010 (Yu, Lin, Mouratidis).
2nd Student presentation. X. Chen Slides (here): Privacy preserving keyword searches on remote encrypted data, ACNS 2007 (Chang, Mitzenmacher).
04/07/141st Student presentation. A. Kosba Slides (here): CorrectDB: SQL Engine with Practical Query Authentication, VLDB 2013 (Bajaj, Sion).
2nd Student presentation. T. Takapu Slides (here): Building web applications on top of encrypted data using Mylar, NSDI 2014 (Popa, Stark, Helfer, Valdez, Zeldovich, Kaashoek, Balakrishnan).
04/09/141st Student presentation. E. Paraskevas Slides (here): Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, CCS 2009 (Ristenpart, Tromer, Shacham, Savage).
2nd Student presentation. X. Chen Slides (here): Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers, CRYPTO 2010 (Gennaro, Gentry, Parno).
04/14/14Student presentation. Y. Qian Slides (here): The Melbourne Shuffle: Improving Oblivious Storage in the Cloud, (Ohrimenko, Goodrich, Tamassia, Upfal).
04/16/141st Student presentation. S. Bhattacherjee Slides (here): Authenticating the Query Results of Text Search Engines, VLDB 2008 (Pang, Mouratidis).
2nd Student presentation. H. Zhang Slides (here): Pinocchio: Nearly Practical Veri?able Computation, SSP 2013 (Parno, Howell, Gentry, Raykova).
04/21/141st Student presentation. J. Chen Slides (here): Searchable Symmetric Encryption: Improved Denitions and Efficient Constructions, CCS 2006 (Curtmola, Garay, Kamara, Ostrovsky).
2nd Student presentation. H. Zhang Slides (here): Dynamic Searchable Symmetric Encryption, CCS 2012 (Kamara, Papamanthou, Roeder).
04/23/141st Student presentation. H. Mushtaq Slides (here): Verifiable Delegation of Computation over Large Datasets, CRYPTO 2011 (Benabbas, Gennaro, Vahlis).
2nd Student presentation. A. Sharma Slides (here): Bitter to Better: How to make Bitcoin a Better Currency, FC 2012 (Barber, Boyen, Shi, Uzun).
04/28/141st Student presentation. A. Kosba Slides (posted on Canvas): TrueSet: Nearly Practical Veriable Set Computations (Kosba, Papadopoulos, Papamanthou, Sayed, Shi, Triandopoulos).
2nd Student presentation. J. Chen Slides (here): Highly-Scalable Searchable Symmetric Encryption, CRYPTO 2013 (Cash, Jarecki, Jutla, Krawczyk, Rosu, Steiner).
04/30/141st Student presentation. S. Bhattacherjee Slides (here): Processing Analytical Queries Over Encrypted Data (Tu, Kaashoek, Madden, Zeldovich).

Topics and Research Papers

Survey papers
- Cryptographic cloud storage, FC 2010 (Kamara, Lauter)
- Cloud data protection for the masses, IEEE COMPUTER 2012 (Song, Shi, Fischer, Shankar)
- On securing untrusted clouds with cryptography, IEEE IEEE Data Eng. Bull. 2012 (Chen, Sion)
Secure storage and memory checking
- A certified digital signature, CRYPTO 1989 (Merkle)
- Certificate revocation and certificate update, USENIX SECURITY 1998 (Naor, Nissim)
- Checking the correctness of memories, FOCS 1991 (Blum, Evans, Gemmell, Kannan, Naor)
- How efficient can memory checking be?, TCC 2008 (Dwork, Naor, Rothblum, Vaikuntanathan)
- Efficient integrity checking of untrusted network storage, STORAGESS 2008 (Heitzmann, Palazzi, Papamanthou, Tamassia)
- Accumulators from bilinear pairings and applications, CT-RSA 2005 (Nguyen)
- Dynamic accumulators and application to efficient revocation of anonymous credentials, CRYPTO 2002 (Camenisch, Lysyanskaya)
- Universal accumulators with efficient nonmembership proofs, ACNS 2007 (Li, Li, Xue)
- Provable data possession at untrusted stores, CCS 2007 (Ateniese, Burns, Curtmola, Herring, Kissner, Peterson, Song)
- Compact proofs of retrievability, ASIACRYPT 2008 (Shacham, Waters)
- Dynamic provable data possession, CCS 2009 (Erway, Kupcu, Papamanthou, Tamassia)
- Practical dynamic proofs of retrievability, CCS 2013 (Shi, Stefanov, Papamanthou)
- Proofs of storage from homomorphic identification protocols, ASIACRYPT 2009 (Ateniese, Kamara, Katz)
- Dynamic proofs of retrievability via oblivious RAM, EUROCRYPT 2013 (Cash, Kupcu, Wichs)
Authenticated data structures
- Persistent authenticated dictionaries and their applications, ISC 2001 (Anagnostopoulos, Goodrich, Tamassia)
- Efficient authenticated dictionaries with skip lists and commutative hashing, DISCEX 2001 (Goodrich, Tamassia)
- Authenticated hash tables, CCS 2008 (Papamanthou, Tamassia, Triandopoulos)
- A general model for authenticated data structures, Algorithmica 2004 (Martel, Nuckolls, Devanbu, Gertz, Kwong, Stubblebine)
- Time and space efficient algorithms for two-party authenticated data structures, ICICS 2007 (Papamanthou, Tamassia)
- Efficient authenticated data structures for graph connectivity and geometric search problems, Algorithmica 2011 (Goodrich, Tamassia, Triandopoulos)
- Optimal verification of operations on dynamic sets, CRYPTO 2011 (Papamanthou, Tamassia, Triandopoulos)
- Streaming authenticated data structures, EUROCRYPT 2013 (Papamanthou, Shi, Tamassia, Yi)
- Verifiable data streaming, CCS 2012 (Schroeder, Schroeder)
- An efficient dynamic and distributed cryptographic accumulator, ISC 2002 (Goodrich, Tamassia, Hasic)
- Authenticated data structures, generically, POPL 2014 (Miller, Hicks, Katz, Shi)
Database integrity and privacy
- Dynamic authenticated index structures for outsourced databases, SIGMOD 2005 (Li, Hadjieleftheriou, Kollios, Reyzin)
- Efficient verification of shortest path search via authenticated hints, ICDE 2010 (Yiu, Lin, Mouratidis)
- Authenticating the query results of text search engines, VLDB 2008 (Pang, Mouratidis)
- Query racing: Fast completeness certification of query results, DBSEC 2010 (Palazzi, Pizzonia, Pucacco)
- Authenticated join processing in outsourced databases, SIGMOD 2009 (Yang, Papadias, Papadopoulos, Kalnis)
- Lightweight authentication of linear algebraic queries on data streams, SIGMOD 2013 (Papadopoulos, Cormode, Deligiannakis, Garofalakis)
- Shortest path computation with no information leakage, VLDB 2012 (Mouratidis, Yiu)
- Processing analytical queries over encrypted data, VLDB 2013 (Tu, Kaashoek, Madden, Zeldovich)
- CorrectDB: SQL engine with practical query authentication, VLDB 2013 (Bajaj, Sion)
- CryptDB: Protecting confidentiality with encrypted query processing, SOSP 2011 (Popa, Redfield, Zeldovich, Balakrishnan)
- A survey of single-database private information retrieval: Techniques and applications, PKC 2007 (Ostrovsky, Skeith)
- Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds, CCS 2009 (Ristenpart, Tromer, Shacham, Savage)
Searchable encryption
- Practical techniques for searches on encrypted data, SSP 2000 (Song, Perrig, Wagner)
- Multi-dimensional range query over encrypted data, SSP 2007 (Shi, Bethencourt, Chan, Song, Perrig)
- Searchable symmetric encryption: Improved definitions and efficient constructions, CCS 2006 (Curtmola, Garay, Kamara, Ostrovsky)
- Privacy preserving keyword searches on remote encrypted data, ACNS 2007 (Chang, Mitzenmacher)
- Dynamic searchable symmetric encryption, CCS 2012 (Kamara, Papamanthou, Roeder)
- Parallel and dynamic searchable symmetric encryption, FC 2013 (Kamara, Papamanthou)
- Highly-scalable searchable symmetric encryption with support for boolean queries, CRYPTO 2013 (Cash, Jarecki, Jutla, Krawczyk, Rosu, Steiner)
- Practical dynamic searchable encryption with small leakage, NDSS 2014 (Stefanov, Papamanthou, Shi)
Verifiable computation
- Non-interactive verifiable computing: Outsourcing computation to untrusted workers, CRYPTO 2010 (Gennaro, Gentry, Parno)
- Verifiable delegation of computation over large datasets, CRYPTO 2011 (Benabbas, Gennaro, Vahlis)
- How to delegate and verify in public: Verifiable computation from attribute-based encryption, TCC 2012 (Parno, Raykova, Vaikuntanathan)
- Pinocchio: Nearly practical verifiable computation, SSP 2013 (Parno, Howell, Gentry, Raykova)
- Verifying computation with state, SOSP 2013 (Braun, Feldman, Ren, Setty, Blumberg, Walfish)
- SNARKs for C: Verifying program executions succinctly and in zero knowledge, CRYPTO 2013 (Ben-Sasson, Chiesa, Genkin, Tromer, Virza)
- Practical homomorphic MACs for arithmetic circuits, EUROCRYPT 2013 (Catalano, Fiore)
- Signatures of correct computation, TCC 2013 (Papamanthou, Shi, Tamassia)
- SWIFFT: A modest proposal for FFT hashing, FSE 2008 (Lyubashevsky, Micciancio, Peikert, Rosen)
Oblivious computation
- Software protection and simulation on oblivious RAMs, JACM 1996 (Goldreich, Ostrovsky)
- Oblivious RAM with O(log^3 N) worst-case cost, ASIACRYPT 2011 (Shi, Chan, Stefanov, Li)
- Privacy-preserving group data access via stateless oblivious RAM simulation, SODA 2012 (Goodrich, Mitzenmacher, Ohrimenko, Tamassia)
- Path ORAM: An extremely simple oblivious RAM protocol, CCS 2013 (Stefanov, van Dijk, Shi, Fletcher, Ren, Yu, Devadas)
- PHANTOM: Practical oblivious computation in a secure processor (Maas, Love, Stefanov, Tiwari, Shi, Asanovic, Kubiatowicz, Song)
- Randomized Shellsort: A simple data-oblivious sorting algorithm, JACM 2011 (Goodrich)
- Graph drawing in the cloud: Privately visualizing relational data using small working storage, GD 2012 (Goodrich, Ohrimenko, Tamassia)
- Optimizing ORAM and using it efficiently for secure computation, PETS 2013 (Gentry, Goldman, Halevi, Jutla, Raykova, Wichs)
Homomorphic encryption
- Fully homomorphic encryption using ideal lattices, STOC 2009 (Gentry)
- Fully homomorphic encryption over the integers, EUROCRYPT 2010 (van Dijk, Gentry, Halevi, Vaikuntanathan)
- ML confidential: Machine learning on encrypted data, ICISC 2012 (Graepel, Lauter, Naehrig)
- Computing blindfolded: New developments in fully homomorphic encryption, FOCS 2011 (Vaikuntanathan)


The syllabus can be found here.