A Framework for Secured Computation over the Untrusted Cloud

Tariq, Abdullah Al

dc.contributor.author	Tariq, Abdullah Al
dc.date.accessioned	2020-09-23T09:14:33Z
dc.date.available	2020-09-23T09:14:33Z
dc.date.issued	2018-11-15
dc.identifier.citation	[1] Mikl os Ajtai. Generating hard instances of lattice problems. In Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pages 99{108, 1996. [2] Rami Al-Rfou, Guillaume Alain, et al. Theano: A Python framework for fast computation of mathematical expressions. arXiv e-prints, abs/1605.02688, May 2016. [3] Abdullah Al-Tariq, Abu Raihan Mostofa Kamal, et al. A scalable framework for protecting user identity and access pattern in untrusted web server using forward secrecy, public key encryption and bloom lter. Concurrency and Computation: Practice and Experience, 29(23), 2017. [4] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou. Understanding the mirai botnet. In 26th USENIX Security Symposium, Vancouver, BC, Canada, August 2017. [5] Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, and David J Wu. Private database queries using somewhat homomorphic encryption. In Interna- tional Conference on Applied Cryptography and Network Security, pages 102{118. Springer, 2013. [6] Raphael Bost, Raluca Ada Popa, Stephen Tu, and Sha Goldwasser. Machine learning classi cation over encrypted data. In NDSS, 2015. [7] Marcus Brandenburger, Christian Cachin, and Nikola Kne zevi c. Dont trust the cloud, verify: Integrity and consistency for cloud object stores. ACM Transac- tions on Privacy and Security (TOPS), 20(3):8, 2017. [8] A. Brandt and J. Buron. Home automation routing requirements in low- power and lossy networks. [Online]. Available: https://tools.ietf.org/html/ rfc5826. [9] Wouter Castryck, Ilia Iliashenko, and Frederik Vercauteren. On error distributions in ring-based lwe. LMS Journal of Computation and Mathematics, 19(A):130{145, 2016. 66 [10] Qian Chen, Sherif Abdelwahed, and Abdelkarim Erradi. A model-based validated autonomic approach to self-protect computing systems. IEEE Internet of Things Journal, 1(5):446{460, 2014. [11] S. R. Chhetri, A. Canedo, and M. Al Faruque. Con dentiality breach through acoustic side-channel in cyber-physical additive manufacturing systems. ACM Transactions on Cyber-Physical Systems (TCPS), 2016. [12] Fran cois Chollet et al. Keras. https://github.com/keras-team/keras, 2015. [13] CISCO. The Internet of Things reference model., 2014. Available at http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_ Paper_June_4_2014.pdf. [14] Shane S Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, Kevin Fu, A Rahmati, M Salajegheh, D Holcomb, et al. Wattsupdoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In HealthTech, 2013. [15] Michele De Donno, Nicola Dragoni, Alberto Giaretta, and Manuel Mazzara. Antibiotic: Protecting iot devices against ddos attacks. In International Conference in Software Engineering for Defence Applications, pages 59{72. Springer, 2016. [16] Michele De Donno, Nicola Dragoni, Alberto Giaretta, and Angelo Spognardi. Analysis of ddos-capable iot malwares. In Proceedings of 1st International Con- ference on Security, Privacy, and Trust (INSERT), 2017. [17] Whit eld Di e and Martin Hellman. New directions in cryptography. IEEE transactions on Information Theory, 22(6):644{654, 1976. [18] Junqi Duan, Deyun Gao, Dong Yang, Chuan Heng Foh, and Hsiao-Hwa Chen. An energy-aware trust derivation scheme with game theoretic approach in wireless sensor networks for iot applications. IEEE Internet of Things Journal, 1(1):58{ 69, 2014. [19] Pierre Dusart and Sinaly Traor e. Lightweight authentication protocol for lowcost r d tags. In IFIP International Workshop on Information Security Theory and Practices, pages 129{144. Springer, 2013. [20] PUB FIPS. 186-4. Digital Signature Standard (DSS), 2013. [21] Craig Gentry et al. Fully homomorphic encryption using ideal lattices. In STOC, volume 9, pages 169{178, 2009. [22] Felix A. Gers, J urgen Schmidhuber, and Fred Cummins. Learning to forget: Continual prediction with lstm. Neural Computation, 12:2451{2471, October 2000. 67 [23] Darrel Hankerson, Alfred J Menezes, and Scott Vanstone. Guide to elliptic curve cryptography. Springer Science & Business Media, 2006. [24] Johan H astad, Russell Impagliazzo, Leonid A Levin, and Michael Luby. A pseudorandom generator from any one-way function. SIAM Journal on Computing, 28(4):1364{1396, 1999. [25] Michiel Hazewinkel. Vi ete theorem. Encyclopedia of Mathematics, 2001. [26] Nikolaos Karapanos, Alexandros Filios, Raluca Ada Popa, and Srdjan Capkun. Verena: End-to-end integrity protection for web applications. In Security and Privacy (SP), 2016 IEEE Symposium on, pages 895{913. IEEE, 2016. [27] S McCURLEY Kevin. The discrete logarithm problem. Cryptology and compu- tational number theory, 42:49, 1990. [28] Diederik Kingma and Jimmy Ba. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980, 2014. [29] Thorsten Kleinjung, Kazumaro Aoki, Jens Franke, Arjen Lenstra, Emmanuel Thom e, Joppe Bos, Pierrick Gaudry, Alexander Kruppa, Peter Montgomery, Dag Arne Osvik, et al. Factorization of a 768-bit rsa modulus. In CRYPTO 2010, volume 6223, pages 333{350. Springer, 2010. [30] Arjen K Lenstra. Integer factoring. Designs, codes and cryptography, 19(2):101{ 128, 2000. [31] Vadim Lyubashevsky and Daniele Micciancio. Generalized compact knapsacks, cyclic lattices, and e cient one-way functions from worst-case complexity assumptions. In Proceedings of Proceedings of ICALP, pages 144{155, Venice, Italy, July 2006. [32] Diego M Mendez, Ioannis Papapanagiotou, and Baijian Yang. Internet of things: Survey on security and privacy. arXiv preprint arXiv:1707.01879, 2017. [33] Daniele Micciancio. The hardness of the closest vector problem with preprocessing. IEEE Transactions on Information Theory, 47(3):1212{1215, March 2001. [34] Daniele Micciancio. Generalized compact knapsacks, cyclic lattices, and e cient one-way functions from worst-case complexity assumptions. In Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science, Vancouver, BC, Canada, February 2002. [35] Evgeny Milanov. The rsa algorithm. RSA Laboratories, 2009. [36] Victor S Miller. Use of elliptic curves in cryptography. In Conference on the Theory and Application of Cryptographic Techniques, pages 417{426. Springer, 1985. 68 [37] Arsalan Mosenia and Niraj K. Jha. A comprehensive study of security of internetof- things. IEEE Transactions on Emerging Topics in Computing, 5:586{602, Oct.-Dec. 2017. [38] Arsalan Mohsen Nia, Susmita Sur-Kolay, Anand Raghunathan, and Niraj K Jha. Physiological information leakage: A new frontier in health information security. IEEE Transactions on Emerging Topics in Computing, 4(3):321{334, 2016. [39] Job Noorman, Jo Van Bulck, Jan Tobias M uhlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes G otzfried, Tilo M uller, and Felix Freiling. Sancus 2.0: A low-cost security architecture for iot devices. ACM Transactions on Privacy and Security (TOPS), 20(3):7, 2017. [40] Guevara Noubir and Guolong Lin. Low-power dos attacks in data wireless lans and countermeasures. ACM SIGMOBILE Mobile Computing and Communica- tions Review, 7(3):29{30, 2003. [41] Abdullah Nazma Nowroz, Kangqiao Hu, Farinaz Koushanfar, and Sherief Reda. Novel techniques for high-sensitivity hardware trojan detection using thermal and power maps. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 33(12):1792{1805, 2014. [42] C. Peikert and A. Rosen. E cient collision-resistant hashing from worst-case assumptions on cyclic lattices. In Theory of Cryptography: TCC, pages 145{166, 2006. [43] Chris Peikert. Public-key cryptosystems from the worst-case shortest vector problem. In Proceedings of the 41st ACM Symposium on Theory of Computing, 2009. [44] Chris Peikert. Lattice cryptography for the internet. In International Workshop on Post-Quantum Cryptography, pages 197{219. Springer, 2014. [45] Raluca A Popa and Nickolai Zeldovich. Multi-key searchable encryption. IACR Cryptology ePrint Archive, 2013:508, 2013. [46] Raluca Ada Popa, Catherine Red eld, Nickolai Zeldovich, and Hari Balakrishnan. Cryptdb: protecting con dentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Prin- ciples, pages 85{100. ACM, 2011. [47] Raluca Ada Popa, Emily Stark, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M Frans Kaashoek, and Hari Balakrishnan. Building web applications on top of encrypted data using mylar. In NSDI, pages 157{172, 2014. [48] Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM, 56(6):34, 2009. 69 [49] Karim Rostamzadeh, Hasen Nicanfar, Narjes Torabi, Sathish Gopalakrishnan, and Victor CM Leung. A context-aware trust-based information dissemination framework for vehicular networks. IEEE Internet of Things Journal, 2(2):121{ 132, 2015. [50] Sepp Hochreiter; J urgen Schmidhuber. Long short-term memory. Neural Com- putation, 9:1735{1780, Nov. 1997. [51] Sensorscope. Grand-St-Bernard Deployment, 2007. Available at http://lcav.epfl.ch/files/content/sites/lcav/files/research/ Sensorscope/stbernard-meteo.zip. [52] Sensorscope. Le Genepi Deployment, 2007. Available at http://lcav.epfl.ch/ files/content/sites/lcav/files/research/Sensorscope/genepi-meteo. zip. [53] D. M. Shila and V. Venugopal. Design, implementation and security analysis of hardware trojan threats in fpga. In Proceedings of IEEE International Conference on Communication, pages 719{724, 2014. [54] P. W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal of Computing, 26(5):1484{ 1509, 1997. [55] F. Stajano. The resurrecting duckling. In Proceedings of Security Protocols, pages 183{194, 2000. [56] M. Tehranipoor and F. Koushanfar. A survey of hardware trojan taxonomy and detection. IEEE Design and Test of Computers, 27(1):10{25, 2010. 70	en_US
dc.identifier.uri	http://hdl.handle.net/123456789/347
dc.description	Supervised by Prof. Dr. Abu Raihan Mostofa kamal	en_US
dc.description.abstract	In an era where virtually every electronic device is built with the capability to connect to the internet, and thus to the cloud, end users now are getting more adjoined with numerous IoT devices which are part of a myriad of Smart Systems. Moreover, these heterogeneous IoT environments, with newly boosted security features - thanks to exponential growth in security solutions for IoT devices - possess unique behavioral patterns in unique environments. Additionally, it is highly unlikely that in such an environment, with plethora of device-types,every device will leak information at once. Thus, in this work, we propose a security framework to establish secured communication between end-user and the cloud using the behavioral patterns of the IoT devices which are accessed by both the communicating parties following some proper authorization. To implement our proposal, we have used Sensorscope sensor network's weather sensor data. After training an Long Short Term Memory network model using time series of sensor data, we predicted session keys between the cloud and the user using noisy data. The goals we attained from this work are Twofold. First, we achieved forward secrecy using session keys which are generated using noisy environment data. Second, it is observed that when we decrypted the messages using noisy-data-generated session keys, the accuracy of decryption varied according to the proportion of the added noise in the sensor data. For keys generated with normalized noise with 3% standard deviation, we found out decryption accuracy to be as high as 96%. On the other hand, communicating parties from two di erent environments can only decrypt only 50% of the message bits accurately. Finally we argued, since the noise in sensor data is re ected in the decryption accuracy, successful decryption of messages with narrow margin of error veri es that the communicating parties are part of the same environment and thus any intruder with information of the partial environment cannot communicate without decryption accuracy falling drastically.	en_US
dc.language.iso	en	en_US
dc.publisher	Department of Computer Science and Engineering, Islamic University of Technology, Gazipur, Bangladesh	en_US
dc.title	A Framework for Secured Computation over the Untrusted Cloud	en_US
dc.type	Thesis	en_US