Cláudio José Pereira Correia

Co-advisor: Miguel Pupo Correia

Low-Latency Privacy-Preserving Access to Edge Storage

Tese submetida para provas de Doutoramento em Engenharia Informática e de Computadores, Instituto Superior Técnico, Universidade de Lisboa.

Abstract

Edge computing is a paradigm that extends cloud computing with storage and processing capacity close to the user, providing bandwidth savings and lower latencies. This paradigm assumes the availability of microdatacenters, also known as fog nodes, that are located close to the edge. These nodes are installed and managed by various local providers, whose privileged access to the infrastructure represents a significant security risk for applications and clients. Unethical edge providers my engage in malicious behaviors for financial gains, particularly if their actions remain undetected. Given the high risk associated with dishonest providers, it is crucial to secure the functions fog nodes provide.

This thesis is devoted to the design of security mechanisms for data storage in edge computing environments. Given that accessing data with low latency is a primary motivation for adopting edge computing, it is crucial to ensure that data is effectively replicated at the edge and can be accessed in a timely and privacy preserving manner. This thesis address these two relevant problems that emerge in edge computing, namely how to ensure that edge providers use local storage as specified in their service level agreements and how to preserve the privacy of edge clients. In this context, the thesis:

Proposes an audit technique that verifies whether a storage node at the edge can retrieve a data object within a specified latency threshold. The technique is based on a cryptographic time-bounded challenge that needs to be executed by the audited node. Leveraging the capabilities of secure hardware, we ensure that the proof of data retrieval is generated by the audited fog node itself.
Proposes a novel authentication technique for access control at the edge to protect stored data from unauthorized entities. This technique aims to preserve client anonymity during authentication processes, despite their physical proximity to fog nodes. The proposed scheme preserves the privacy of clients even after they have been revoked from the system, achieving this more efficiently than all the related work.

A promising approach to enhance security in edge storage systems is to resort to the usage of secure hardware, such as Intel SGX enclaves. This thesis explores the use of hardware enclaves to design these two mechanisms, that together, will help edge clients in accessing data with low latency while respecting their privacy.

Selected Publications

Low-Latency Privacy-Preserving Access to Edge Storage: Cláudio José Pereira Correia; PhD Thesis. Instituto Superior Técnico, Universidade de Lisboa.; Abril, 2024.; Available BibTeX, PhD Thesis.
Using Range-Revocable Pseudonyms to Provide Backward Unlinkability in the Edge.: C. Correia, M. Correia, L. Rodrigues.; Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS 2023), Copenhagen, Denmark, November 2023.
PoTR: Accurate and Efficient Proof of Timely-Retrievability for Storage Systems.: C. Correia, R. Prates, M. Correia, and L. Rodrigues.; Proceedings of the 28th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC), Singapore, October 2023
Deduplication vs Privacy Tradeoffs in Cloud Storage: R. Silva, C. Correia, M. Correia and L. Rodrigues.; Proceedings of the The 38th ACM/SIGAPP Symposium On Applied Computing (SAC), Tallinn Estonia, March 2023.
Cathode: A Consistency-Aware Data Placement Algorithm for the Edge.: L. Epifânio, C. Correia and L. Rodrigues.; Proceedings of the 20th IEEE International Symposium on Network Computing and Applications (NCA 2021), Online, November, 2021.; Presentation video and (pdf)

Luís Rodrigues