Security of information is an essential aspect of business and government activity, whether it relates to protection of corporate knowledge, integrity of financial transactions, or reliable storage and transmission of data. Transition to cloud computing has required additional security measures in order to protect valuable data no longer under direct control of the data owner. The Snowden revelations of 2013 and 2014 have changed the IT security priorities and it is now understood that there is an urgent need for protection of personal, business, and government data against pervasive monitoring and infiltration.

This project will study cryptographic tools to enable cloud security against powerful attackers. We will develop mechanisms to ensure that private data is stored as promised and to allow secure computations with private data, without relying on trust in the cloud provider. While our motivation is towards solving a practical problem with significant impact, we will work at a level of rigorous academic analysis. This means that the new cryptographic primitives, protocols and models which we will develop will lead to theoretical advances as well as practical outcomes. We will test new and existing mechanisms in prototype cloud environments to ensure that they are efficient and relevant for existing industry practice.

Main activities and milestones

The overall objective of this project is to develop new cryptographic algorithms and protocols suitable for securing cloud computing against pervasive adversaries. We will focus on providing rigorous security analysis for our constructions while at the same time maximizing practical effectiveness by building up an integrated security architecture. We identify five main research topics.

1. Fully homomorphic encryption algorithms for cloud computation. Outcomes will include:
   - theoretical understanding of the difficulty of assumed computational problems for FHE
   - recommendations of parameter sizes to achieve practical security levels.
2. Key management for cloud cryptography. Outcomes will include:
   - formal analysis of suitable key management frameworks such as KMIP;
   - recommendations for suitable key management systems tailored to different cloud architectures and dimensions.
3. Protocols for proving correct handling of (encrypted) stored data. Outcomes will include:
   - methods for secure bootstrapping of cloud computing environments (virtual machines);
   - practical protocols for providing assurance regarding data integrity, location, and format in remote environments.
4. Protocols for cloud computation, using (fully) homomorphic encryption, multiparty computation and other cryptographic tools. Outcomes will include:
   - secure and practical protocols for cloud applications such as decentralized secure messaging, decentralized social networks and scientific file sharing;
   - theoretical building blocks for constructing secure cloud applications.
5. A practical security architecture for cloud storage and computing. Outcomes will include:
   - an understanding of how to apply and integrate cryptographic tools into current real-world cloud environments;
   - comparison of the efficiency and effectiveness of cryptographic tools in the cloud.