Publicação
Practical Isolated Searchable Encryption in a Trusted Computing Environment
| datacite.subject.fos | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática | pt_PT |
| dc.contributor.advisor | Ferreira, Bernardo | |
| dc.contributor.advisor | Domingos, Henrique | |
| dc.contributor.author | Borges, Guilherme Rosas | |
| dc.date.accessioned | 2019-02-04T14:45:34Z | |
| dc.date.available | 2019-02-04T14:45:34Z | |
| dc.date.issued | 2018-12 | |
| dc.date.submitted | 2018 | |
| dc.description.abstract | Cloud computing has become a standard computational paradigm due its numerous advantages, including high availability, elasticity, and ubiquity. Both individual users and companies are adopting more of its services, but not without loss of privacy and control. Outsourcing data and computations to a remote server implies trusting its owners, a problem many end-users are aware. Recent news have proven data stored on Cloud servers is susceptible to leaks from the provider, third-party attackers, or even from government surveillance programs, exposing users’ private data. Different approaches to tackle these problems have surfaced throughout the years. Naïve solutions involve storing data encrypted on the server, decrypting it only on the client-side. Yet, this imposes a high overhead on the client, rendering such schemes impractical. Searchable Symmetric Encryption (SSE) has emerged as a novel research topic in recent years, allowing efficient querying and updating over encrypted datastores in Cloud servers, while retaining privacy guarantees. Still, despite relevant recent advances, existing SSE schemes still make a critical trade-off between efficiency, security, and query expressiveness, thus limiting their adoption as a viable technology, particularly in large-scale scenarios. New technologies providing Isolated Execution Environments (IEEs) may help improve SSE literature. These technologies allow applications to be run remotely with privacy guarantees, in isolation from other, possibly privileged, processes inside the CPU, such as the operating system kernel. Prominent example technologies are Intel SGX and ARM TrustZone, which are being made available in today’s commodity CPUs. In this thesis we study these new trusted hardware technologies in depth, while exploring their application to the problem of searching over encrypted data, primarily focusing in SGX. In more detail, we study the application of IEEs in SSE schemes, improving their efficiency, security, and query expressiveness. We design, implement, and evaluate three new SSE schemes for different query types, namely Boolean queries over text, similarity queries over image datastores, and multimodal queries over text and images. These schemes can support queries combining different media formats simultaneously, envisaging applications such as privacy-enhanced medical diagnosis and management of electronic-healthcare records, or confidential photograph catalogues, running without the danger of privacy breaks in Cloud-based provisioned services. | pt_PT |
| dc.identifier.uri | http://hdl.handle.net/10362/59506 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Searchable Symmetric Encryption | pt_PT |
| dc.subject | Trusted Hardware | pt_PT |
| dc.subject | Cloud Computing | pt_PT |
| dc.subject | Privacy | pt_PT |
| dc.subject | Secure Boolean Querying | pt_PT |
| dc.subject | Secure Content-Based Image Retrieval | pt_PT |
| dc.title | Practical Isolated Searchable Encryption in a Trusted Computing Environment | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Master of Science in Computer Science and Engineering | pt_PT |