Collaborative Research: CICI: Secure and Resilient Architecture: Data Integrity Assurance and Privacy Protection Solutions for Secure Interoperability of Cloud Resources

Cloud computing provides many clear benefits for users, including scalability and reduced system acquisition cost. However, data security, integrity and privacy are becoming major concerns for scientific researchers when they access data from the cloud to conduct experiments or analytics. In addition, data owners may not want to reveal their data to cloud service providers either because of the sensitivity of the data (e.g., medical records) or because of its value. Therefore, it is important to create cloud data integrity assurance and privacy protection solutions that help users fully embrace cloud services as well as protect cyberinfrastructure resources. With a cloud database, data owners can store large-scale datasets collected from various sources. Users can then launch queries retrieving the data records for conducting research and experiments. However, there are several possible threats to query result accuracy. For example, a cloud database could be compromised and the stored data could be tampered with. There could be a malfunction in the cloud server, so that the cloud database inadvertently returns incomplete query results. It is unlikely that the client would be aware of such incorrect or incomplete query results. Consequently, erroneous data could be employed in subsequent scientific experiments or analyses, which could lead to false results. Cloud database query integrity assurance is critical issue that underpins a secure and trustworthy end-to-end scientific workflow. This work approaches these problems in a privacy-friendly manner, building on top of encrypted queries over encrypted data. This is key for achieving both data privacy and data integrity. Data provenance - the history of the data and how its been handled - is also an important aspect of scientific workflows. However, securing the provenance to provide integrity, privacy, and confidentiality guarantees is also challenging, making it hard for many scientific workflows to provide a verifiable provenance history of scientific data and query results. With clouds, providing such guarantees is difficult for both data and provenance. This project enables infrastructural support for secure collection, storage, transmission, and verification of provenance information for all data and results stored and computed in the cloud. The availability of such verifiable provenance offers benefits to scientific workflows, making the process more trustworthy via verifiable history and results. The research team creates a query integrity assurance, data privacy protection, and verifiable provenance framework which provides an array of solutions for supporting secure cloud services. This project contributes to the cybersecurity research community by piloting novel cloud data security approaches that accomplish the following goals: (1) developing Voronoi diagram-based integrity assurance techniques, (2) designing cloud database data privacy protection methods, (3) modeling the trade off between query integrity assurance and query evaluation costs, (4) realizing secure cloud data provenance mechanisms, and (5) implementing a prototype system, where all the components are integrated for security and performance evaluation.

Wei-Shinn Ku