Privacy-Preserving Cloud-Assisted Services

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
School of Science | Doctoral thesis (article-based) | Defence date: 2018-06-18
Degree programme
62 + app. 88
Aalto University publication series DOCTORAL DISSERTATIONS, 117/2018
In the last decade, there has been a move towards making traditional IT services follow a cloud-assisted services paradigm. This has triggered previously local services to be moved to a cloud-assisted setting to reap the advantages of the cloud-assisted paradigm that can work with simple client-side functionality ("thin clients"). Examples of such services are cloud storage, cloud-assistedmalware checking and "machine learning as a service" (MLaas).  Despite their benefits, these kinds of services put users' privacy at risk since the data stored in the cloud and/or the requests submitted to the cloud may contain sensitive information. On the other hand, unless carefully designed, this service paradigm may nonetheless fail to protect the confidentiality of service providers' business assets (e.g., malware databases or machine learning models) against malicioususers.  This dissertation shows how to leverage cryptographic technologies and trusted execution environments to design cloud-assisted services such that end users can protect their privacy, and if needed, service providers can ensure that their security/privacy requirements are not violated. We provide a general definition for privacy-preserving cloud-assisted services, investigate the privacy issues in three cloud-assisted services: lookup service, prediction service and storage service, and propose solutions on how to make them privacy-preserving.
Supervising professor
Asokan, N., Prof., Aalto University, Department of Computer Science, Finland
private set intersection, TEEs, machine learning, neural networks, secure two-party computation, cloud storage, deduplication
Other note
  • [Publication 1]: Àgnes Kiss, Jian Liu, Thomas Schneider, N. Asokan, Benny Pinkas. Private Set Intersection for Unequal Set Sizes with Mobile Applications. In Proceedings of the 17th Privacy Enhancing Technologies SymposiumPETS), Minneapolis, USA, Pages 97-117, July 2017. Full-text in Aaltodoc/Acris:
    DOI: 10.1515/popets-2017-0044 View at publisher
  • [Publication 2]: Sandeep Tamrakar, Jian Liu, Andrew Paverd, Jan-Erik Ekberg, Benny Pinkas, N. Asokan. The Circle Game: Scalable Private Membership Test Using Trusted Hardware. In Proceedings of the 11th ACM Asia Conferenceon Computer and Communications Security (ASIA CCS), Abu Dhabi, United Arab Emirates, Pages 31-44, April 2017.
    DOI: 10.1145/3052973.3053006 View at publisher
  • [Publication 3]: Jian Liu, Mika Juuti, Yao Lu, N Asokan. Oblivious Neural Network Predictions via MiniONN Transformations. In Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (CCS), Dallas, Texas, USA, Pages 619-631, October 2017.
    DOI: 10.1145/3133956.3134056 View at publisher
  • [Publication 4]: Jian Liu, N. Asokan, Benny Pinkas. Secure Deduplication of Encrypted Data without Additional Independent Servers. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS), Denver, Colorado, USA, Pages 874-885, October 2015.
    DOI: 10.1145/2810103.2813623 View at publisher
  • [Publication 5]: Jian Liu, Li Duan, Yong Li, N. Asokan. Secure Deduplication of Encrypted Data: Refined Model and New Constructions. In Proceedings of Topics in Cryptology – CT-RSA 2018, San Francisco, California, USA, Pages 374-393, April 2018.
    DOI: 10.1007/978-3-319-76953-0_20 View at publisher