Mark A. Will

Secure Voting in the Cloud Using Homomorphic Encryption and Mobile Agents

While governments are transitioning to the cloud to leverage efficiency, transparency and accessibility advantages, public opinion - the backbone of democracy - is being left behind. Statistics show that traditional paper voting is failing to reach the technological-savvy generation, with voter turnout decreasing every election for many first-world countries. Remote electronic voting is a possible solution facilitator to this problem, but it still faces several security, privacy and accountability concerns. This paper introduces a practical application of partially homomorphic encryption to help address these challenges. We describe a cloud-based mobile electronic voting scheme, evaluating its security against a list of requirements, and benchmarking performance on the cloud and mobile devices. In order to protect voter privacy, we propose moving away from a public bulletin board so that no individual cipher votes are saved, while still allowing vote verification. As the majority of the security threats faced by electronic voting are from the underlying system, we also introduce the novel concept of using a dedicated hardware server for homomorphic tallying and decryption.

A guide to homomorphic encryption

Traditional cryptography techniques require our data to be unencrypted to be processed correctly. This means that at some stage on a system we have no control over, our data will be processed in plaintext. Homomorphic encryption or specifically, fully homomorphic encryption is a viable solution to this problem. It allows encrypted data to be processed as if it were in plaintext and will produce the correct value once decrypted. While many know that homomorphic encryption promises to be an ideal solution to trust, security, and privacy issues in cloud computing, few actually knows how it works and why it is not yet a practical solution despite its promises. This chapter serves as a much needed primer on current homomorphic encryption techniques, discusses about several practical challenges, and introduces workarounds proposed by practitioners and researchers to overcome these challenges.

Privacy Preserving Computation by Fragmenting Individual Bits and Distributing Gates

Solutions that allow the computation of arbitrary operations over data securely in the cloud are currently impractical. The holy grail of cryptography, fully homomorphic encryption, still requires minutes to compute a single operation. In order to provide a practical solution, this paper proposes taking a different approach to the problem of securely processing data. FRagmenting Individual Bits (FRIBs), a scheme which preserves user privacy by distributing bit fragments across many locations, is presented. Privacy is maintained by each server only receiving a small portion of the actual data, and solving for the rest results in a vast number of possibilities. Functions are defined with NAND logic gates, and are computed quickly as the performance overhead is shifted from computation to network latency. This paper details our proof of concept addition algorithm which took 346ms to add two 32-bit values - paving the way towards further improvements to get computations completed under 100ms.

Secure FPGA as a Service — Towards Secure Data Processing by Physicalizing the Cloud

Securely processing data in the cloud is still a difficult problem, even with homomorphic encryption and other privacy preserving schemes. Hardware solutions provide additional layers of security and greater performance over their software alternatives. However by definition the cloud should be flexible and adaptive, often viewed as abstracting services from products. By creating services reliant on custom hardware, the core essence of the cloud is lost. FPGAs bridge this gap between software and hardware with programmable logic, allowing the cloud to remain abstract. FPGA as a Service (FaaS) has been proposed for a greener cloud, but not for secure data processing. This paper explores the possibility of Secure FaaS in the cloud for privacy preserving data processing, describes the technologies required, identifies use cases, and highlights potential challenges.

Anonymous Data Sharing Between Organisations with Elliptic Curve Cryptography

Promoting data sharing between organisations is challenging, without the added concerns over having actions traced. Even with encrypted search capabilities, the entities digital location and downloaded information can be traced, leaking information to the hosting organisation. This is a problem for law enforcement and government agencies, where any information leakage is not acceptable, especially for investigations. Anonymous routing is a technique to stop a host learning which agency is accessing information. Many related works for anonymous routing have been proposed, but are designed for Internet traffic, and are over complicated for internal usage. A streaming design for circuit creation is proposed using elliptic curve cryptography. Allowing for a simple anonymous routing solution, which provides fast performance with source and destination anonymity to other organisations.

Returning Control of Data to Users with a Personal Information Crunch - A Position Paper

With the data universe expanding to uncontrollable limits, we are losing control of our personal information. From online purchases to movie streaming, we are giving vendors more and more information, such that our privacy is at stake. Hackers and third-parties can gain access to this information, putting us at risk to a number of attacks. The current model where every online vendor has personal information, such as name, addresses and date of birth should be reconsidered. A user needs to have full or at least more control over their personal data, and who has access to it. This paper presents alternatives to vendors having all of a users personal information and raises many concerns about the current state of play. A simple model is proposed where personal information is stored on the users mobile device, and requested by vendors when needed. Information can then be given in either a private or trusted manor, and encrypted responses can be cached by a relay service. Vendors should only use the data inflight, and never store personal information. This provides the user with data provenance and access control, while providing the vendor with accountability and enhanced security.

Computing Mod with a Variable Lookup Table

Encryption algorithms are designed to be difficult to break without knowledge of the secrets or keys. To achieve this, the algorithms require the keys to be large, with some having a recommend size of 2048-bits or more. However most modern processors only support computation on 64-bits at a time. Therefore standard operations with large numbers are more complicated to implement. One operation that is particularly challenging to efficiently implement is modular reduction. In this paper we propose a highly-efficient algorithm for solving large modulo operations; it has several advantages over current approaches as it supports the use of a variable sized lookup table, has good spatial and temporal locality allowing data to be streamed, and only requires basic processor instructions. Our proposed algorithm is theoretically compared to widely used modular algorithms, and shows improvements over other algorithms using predefined lookup tables.