Cláudio José Pereira Correia
Low-Latency Privacy-Preserving Access to Edge Storage
Tese submetida para provas de Doutoramento em Engenharia Informática e de Computadores,
Instituto Superior Técnico, Universidade de Lisboa.
Abstract
Edge computing is a paradigm that extends cloud computing with storage and processing
capacity close to the user, providing bandwidth savings and lower latencies. This paradigm
assumes the availability of microdatacenters, also known as fog nodes, that are located close to
the edge. These nodes are installed and managed by various local providers, whose privileged
access to the infrastructure represents a significant security risk for applications and clients.
Unethical edge providers my engage in malicious behaviors for financial gains, particularly if
their actions remain undetected. Given the high risk associated with dishonest providers, it is
crucial to secure the functions fog nodes provide.
This thesis is devoted to the design of security mechanisms for data storage in edge computing
environments. Given that accessing data with low latency is a primary motivation for adopting
edge computing, it is crucial to ensure that data is effectively replicated at the edge and can
be accessed in a timely and privacy preserving manner. This thesis address these two relevant
problems that emerge in edge computing, namely how to ensure that edge providers use local
storage as specified in their service level agreements and how to preserve the privacy of edge
clients. In this context, the thesis:
- Proposes an audit technique that verifies whether a storage node at the edge can retrieve a
data object within a specified latency threshold. The technique is based on a cryptographic
time-bounded challenge that needs to be executed by the audited node. Leveraging the
capabilities of secure hardware, we ensure that the proof of data retrieval is generated by
the audited fog node itself.
- Proposes a novel authentication technique for access control at the edge to protect stored
data from unauthorized entities. This technique aims to preserve client anonymity during
authentication processes, despite their physical proximity to fog nodes. The proposed
scheme preserves the privacy of clients even after they have been revoked from the system,
achieving this more efficiently than all the related work.
A promising approach to enhance security in edge storage systems is to resort to the usage
of secure hardware, such as Intel SGX enclaves. This thesis explores the use of hardware enclaves
to design these two mechanisms, that together, will help edge clients in accessing data with low
latency while respecting their privacy.
Selected Publications
- Low-Latency Privacy-Preserving Access to Edge Storage
- Cláudio José Pereira Correia
- PhD Thesis. Instituto Superior Técnico,
Universidade de Lisboa.
- Abril, 2024.
- Available BibTeX, PhD Thesis.
- Using Range-Revocable Pseudonyms to Provide Backward
Unlinkability in the Edge.
- C. Correia,
M. Correia, L. Rodrigues.
- Proceedings of the ACM Conference on
Computer and Communications Security (ACM CCS 2023), Copenhagen,
Denmark, November 2023.
-
- PoTR: Accurate and Efficient Proof of
Timely-Retrievability for Storage Systems.
-
C. Correia, R. Prates, M. Correia, and L. Rodrigues.
-
Proceedings of the 28th IEEE Pacific Rim International Symposium on
Dependable Computing (PRDC), Singapore, October 2023
-
- Deduplication vs Privacy Tradeoffs in Cloud
Storage
- R. Silva, C. Correia, M. Correia and L.
Rodrigues.
- Proceedings of the The 38th ACM/SIGAPP Symposium On
Applied Computing (SAC), Tallinn Estonia, March 2023.
- Cathode: A Consistency-Aware Data
Placement Algorithm for the Edge.
- L. Epifânio, C. Correia
and L. Rodrigues.
- Proceedings of the 20th IEEE International
Symposium on Network Computing and Applications (NCA 2021), Online,
November, 2021.
- Presentation
video and (pdf)
Luís Rodrigues