Project staff and support

Jake Loftus (Postgraduate Associate, University of Bristol)
Nigel Smart (Academic supervisor, University of Bristol)
Dan Page (Academic co-supervisor, University of Bristol)
Andy Dancer (Industrial supervisor, Trend Micro)
Lorcan Mac Manus (Technology Translator, Industrial Mathematics KTN)

This project is being carried out at the University of Bristol, in conjunction with Trend Micro. It is supported by an EPSRC industrial CASE award, made available through the Knowledge Transfer Network for Industrial Mathematics. Start date: October 2009; duration: 3.5 years.

Project Details

It is widely acknowledged that the computing industry is currently experiencing a period of change in relation to delivery of services. One aspect of this change is the move toward what is commonly termed “cloud computing” or “computing as a service”. Companies will purchase their computing resource from third party service providers and connect to their data and applications via the Internet; actual computation will be performed by dedicated, remote server “farms”. The company benefits because resource can be purchased and scaled on-demand and management is delegated to specialist professionals; the service providers benefit because of an economy of scale and reduction of equipment idle time.

A significant issue with, and sometime criticism of, cloud computing relates to the security of data and computation which is “in the cloud”. Specifically, data owned by individuals and companies will be stored and operated on servers owned by a potentially untrusted third party service provider; this provides significant privacy issues for individuals and possible extensive data security issues for corporations.

The secrecy of data is essentially solved by encryption. However, this opens up the problem as to how data can be searched and retrieved efficiently, i.e., without the entire encrypted database needing to be downloaded to the desktop. As such databases grow in size, issues of efficiency (both computational and communication) and stability in solutions to solve this problem are crucial. Equally, proofs of security are paramount to trusted use of any solution alongside proofs of functional behaviour.

A number of cryptographic techniques have been developed for dealing with secure access to data held in remote databases. So far, their study has been within a theoretical context only: issues relating to real-world implementation, deployment and use have not been investigated. This means that the resulting mathematical and theoretical context is likely to be poorly defined and, from our experience, will have significant shortcomings. By researching the two together our experience shows that new mathematical insight and advances can be obtained.

The aim of this project then is to examine these schemes in a practical context, covering issues of implementation, scalability, robustness, deployment and usage. This is likely to result in new mathematical techniques being needed in the area of cryptographic implementation. From this, we will develop new cryptographic schemes using the prior practical evaluation as a guide. These new schemes will require the development of new mathematical and cryptographic techniques, both in the construction of the schemes and in the resulting proofs of security. Finally, we will investigate the use of the resulting schemes in real-world applications, specifically those relating to encrypted databases held on cloud computing platforms.