Privacy-Preserving Cloud, Email and Password Systems

Name: Attila Yavuz
Affiliation: OSU
Phone: 5417373341
Knowledge Required: Background Requirement: Previously taken cyber-security class(es) (especially a crypto class) is preferred. Good programing skills, especially in C++ and Android, and software development experience are mandatory.
Description: Storage service offered by cloud providers bring vast benefits to human society. However, this service also brings privacy concerns to the users. While the data privacy can be preserved by using standard encryption, it also prevents the user from querying the data on the cloud and thereby, invalidating the benefit of using cloud services. Thus, there is a need to develop a new cryptographic primitive that allows the user to query data outsourced to the cloud, while preserving its privacy.

To address the user privacy and data usage dilemma, our group has invented a series of searchable encryption schemes, that allow the user to delegate search and update operations over encrypted data. These techniques allow the user to enjoy the benefits of cloud storage services without concerning about the privacy of outsourced data. We also developed an efficient Oblivious Random Access Machine (ORAM) scheme that can completely prevent all vulnerable attacks on searchable encryption recently, while incurring a very low latency.

In this project, we aim to apply our techniques to specific cloud storage, email and password management systems with various improvements. There are three main tasks:

1) Searchable encryption on cloud systems: Potentially, many of you use GoogleDrive, Dropbox etc, and worried about uploading your sensitive data to the cloud without encryption. You can encrypt your data, but then you must fetch everything back, which makes it non-sense to upload there at the first place, this is called privacy versus data utilization dilemma, and in this project with searchable encryption you will be solving this.

2) Searchable encryption on email system: Think about the email service such as Gmail that many of you are using right now. It is obvious that all of your email data are managed and can be accessed by Google, even some of them are very sensitive. You might encrypt to protect the confidentiality of your email data, but this will later prevent you from searching any keyword over them. The trivial solution you can do is to download all encrypted emails back to decrypt, which is extremely slow and time-costly. The searchable encryption implementation over email system will help you to keep your emails confidential, while allowing you to perform keyword search over it in a more efficient manner.

3) Privacy-preserving password management system: Think about the problem that in these days you have to remember too many passwords, each being uniquely created to meet the specific application requirement of (e.g., bank A requires password to have 7 characters and 2 numbers; Email B requires password to have 3 special characters, etc). To solve the remembrance problem, you may need an application on the cloud that can manage and store all of your passwords so that you can retrieve them on request. Similar to the email system, your password for a specific application (e.g., bank) is very sensitive, so that you might want to encrypt both password and the its attached application name in such a way that you can query them later. Searchable encryption will allow you to achieve this. Moreover, you might not want the server knows which application that you access in a specific time period too. For instance, you always check your email at 5PM or access to your bank account at 5PM. The ORAM along with searchable encryption implementations on the remote password management system will also allow you to hide this information, and thereby, significantly increasing your privacy.

In all these projects, the students are expected to implement a system service at the server and a client-side application that interact with the server-side system. For the client application, we expect the students to develop both mobile and desktop versions.

Student Learning Outcome: The successful completion of this project is expected to offer great opportunities for the students. The students will gain experience on the system design and analysis, which are rudimentary skills for any cyber-security oriented job in the market. Finally, students will learn about the basic principles, implementation and specific challenges surrounding the deployment of cryptographic services on resource-limited devices. These skillsets are highly applicable to large domain of job opportunities such as software developer and security engineer.
Objectives: The objective of this project is to implement a series of cryptographic services including Searchable Encryption and ORAM that we fully developed, and integrate them into real-would cloud platforms for data sensitive applications including email and password management systems.
Deliverables: 1) Searchable encryption on cloud systems: The students will implement searchable encryption schemes (that we already developed) on a public cloud system (e.g., Dropbox, Google drive), which (i) achieves higher performance than existing methods, (ii) offers better security and (iii) easy to implement.
2) Searchable encryption on email system: The students will develop a privacy-preserving email system on a public cloud system (e.g., Dropbox, Google drive), which (i) automatically crawls the personal emails from public an email provider (e.g., gmail, outlook), (ii) performs encryption and (iii) leverages searchable encryption techniques on top of encrypted emails.
3) privacy-preserving password management system: The students will develop a highly secure password management system on a public cloud system (e.g., Dropbox, Google drive), which stores a bunch of user passwords in an encrypted database, and apply searchable encryption and ORAM techniques to retrieve the password on request. This system can be considered as the *Keychain* application by Apple deployed on the cloud, but offers higher privacy and security to the user.
In all these projects, the students are expected to implement a system service at the server and a client-side application that interact with the server-side system. For the client application, we expect the students to develop both mobile and desktop versions.
Other comments: IP Rights: The cryptographic algorithms, which will be implemented in this project, have been developed and patented by our research group and collaborators. The students are expected to implement these algorithms. On the other hand, the students are always encouraged to develop new algorithms with improvement over existing ones, which can be separately patented. Our research group has a significant experience and expertise on intellectual property generation and technology transfer, which can be a highly valuable learning experience for potential students.

   D. Kevin McGrath
   Last modified: Tue Mar 6 10:29:08 2018