Privacy for the Cloud

David Pointcheval

ERC Advanced Grant no 339563

Summary

Many companies have already started the migration to the Cloud and many individuals share their personal informations on social networks. While some of the data are public information, many of them are personal and even quite sensitive. Unfortunately, the current access mode is purely right-based: the provider first authenticates the client, and grants him access, or not, according to his rights in the access-control list. Therefore, the provider itself not only has total access to the data, but also knows which data are accessed, by whom, and how: privacy, which includes secrecy of data (confidentiality), identities (anonymity), and requests (obliviousness), should be enforced. Moreover, while high availability can easily be controlled, and thus any defect can immediately be detected, failures in privacy protection can remain hidden for a long time. The industry of the Cloud introduces a new implicit trust requirement: nobody has any idea at all of where and how his data are stored and manipulated, but everybody should blindly trust the providers. The providers will definitely do their best, but this is not enough. Privacy-compliant procedures cannot be left to the responsibility of the provider: however strong the trustfulness of the provider may be, any system or human vulnerability can be exploited against privacy.

This presents too huge a threat to tolerate.

The distribution of the data and the secrecy of the actions must be given back to the users. It requires promoting privacy as a global security notion.


A new generation of secure multi-party computation protocols is required to protect everybody in an appropriate way, with privacy and efficiency: interactive protocols will be the core approach to provide privacy in practical systems, in contrast with the current trends in cryptography with fully homomorphic encryption and other advanced encryption techniques, that are quite interesting but essentially theoretical. Recent implicit interactive proofs of knowledge will be a starting point. But stronger properties are first expected for improving privacy. They will be integrated into new ad-hoc broadcast systems, in order to distribute the management among several parties, and eventually remove any trust requirements.

Privacy for the Cloud will have a huge societal impact since it will revolutionize the trust model: users will be able to make safe use of outsourced storage, namely for personal, financial and medical data, without having to worry about failures or attacks of the server. It will also have a strong economic impact, conferring a competitive advantage on Cloud providers implementing these tools.

Members

Principal Investigator

  • David Pointcheval

Permanent Members

  • Michel Abdalla*
  • Georg Fuchsbauer*

Post-Docs

  • Pooya Farshim

Students

  • Jérémy Chotard
  • Pierre-Alain Dupont*
  • Chloé Hébant
  • Anca Nitulescu
  • Quentin Santos*

Previous

  • Fabrice Ben Hamouda*
  • Raphael Bost*
  • Florian Bourse
  • Mario Cornejo*
  • Geoffroy Couteau
  • Julia Hesse
  • Thomas Peters
  • Olivier Sanders*
  • Hoeteck Wee*

* People part-time involved in the project

Publications

Reports

Resume: David Pointcheval

Education

  • Habilitation à Diriger des Recherches (HDR), University of Paris 7 - Denis Diderot, 2002
        Title: Public-key encryption and provable security
  • PhD in Computer Science, University of Caen, 1996
        Superviser: Jacques Stern
        Title: Proofs of knowledge and their security proofs
  • Ecole Normale Supérieure (ENS), Paris, 1991-1996

Employment

  • "Directeur de Recherche" CNRS (equiv. to full professor at university) at ENS, since 2007
  • "Chargé de Recherche" CNRS (equiv. to assistant professor at university) at ENS, 1998-2007
  • Teaching Assistant, University of Caen, 1996-1998

Responsibilities

  • Chair of the Computer Science Department at ENS, since 2017
  • Deputy Head of the Computer Science Department at ENS, from 2011 to 2017
  • Head of the Crypto Team at ENS, since 2005
        This team has been a joint research group with ENS, CNRS and INRIA, since 2007

Last update: July 17th, 2017