Secure Data Compression and Error Correcting Codes for Networks and Cloud Storage

of “Secure Data Compression and Error Correcting Codes for Networks and Cloud Storage” by James Alan Kelley, Ph.D., Brown University, May 2015. We present several novel constructions—combining cryptography, error correcting codes (ECCs), and data compression—that find ready application in enhancing security and fault-tolerance in cloud storage. We demonstrate this by presenting a simple (yet novel) secure cloud storage scheme (which can be used on top of any cloud service provider) that provides strong guarantees of integrity and fault-tolerance, and we show the different enhancements possible using our constructions. Our constructions provably achieve strong theoretical properties and are quite practical as well. First, we consider the problem of combining data compression with encryption to provide a primitive that performs both operations at once. This work provides the first formal definitions of security for schemes that combine compression and encryption. We present two compressing ciphers that are the first to provably achieve these strong guarantees of privacy and security. Moreover, one construction is quite practical and provides data compression ratios and speeds comparable to standard algorithms, as demonstrated with a detailed set of experiments. Second, we utilize cryptographic primitives to enhance erasure codes to withstand adversarial corruption of the encoded data. As part of this, we present a new adversarial model for ECCs which is more powerful than previously considered. We then provide two constructions, called authenticated error correcting codes, that transform an erasure code into an ECC and are provably secure in our model. The first scheme combines digital signatures and list decoding while the second uses a message authentication code (MAC), a non-malleable cipher, and a pseudorandom permutation. Finally, we present cryptographically enhanced LT codes (a fast, rateless erasure code) which are able to provide error correction over an adversarial channel. LT codes encode data via a sparse bipartite graph where each output symbol is the XOR of a random subset of the message symbols. All prior work on LT codes only considered random erasures or random errors (e.g., additive white Gaussian noise) and would fail under adversaries that exploit the encoding graph. We define a new framework for analyzing the security of rateless codes and provide three provably secure constructions: (1) a basic scheme that is used as a subroutine in the other schemes; (2) a scalable, block-oriented fixed-rate scheme; and (3) a scalable, block-oriented rateless scheme. All of these schemes maintain both asymptotic and practical efficiency—the latter we demonstrate experimentally. Secure Data Compression and Error Correcting Codes for Networks and Cloud Storage by James Alan Kelley B.A., Boston University; Boston, MA, 2009 Sc.M., Brown University; Providence, RI, 2011 A dissertation submitted in partial fulfillment of the requirements for the Degree of Doctor of Philosophy in the Department of Computer Science at Brown University Providence, Rhode Island May 2015 c © Copyright 2015 by James Alan Kelley This dissertation by James Alan Kelley is accepted in its present form by the Department of Computer Science as satisfying the dissertation requirement for the degree of Doctor of Philosophy. Date Roberto Tamassia, Director Recommended to the Graduate Council Date Rodrigo Fonseca, Reader Date Nikos Triandopoulos, Reader Approved by the Graduate Council Date Peter M. Weber Dean of the Graduate School