Practical Privacy Preserving Cloud Resource-Payment for Constrained Clients

The continuing advancements in microprocessor technologies are putting more and more computing power into small devices. Today smartphones are especially popular. Nevertheless, for resource intensive tasks such devices are still too constrained. However, the simultaneous trend of providing computing resources as a commodity on a pay-as-you-go basis (cloud computing) combined with such mobile devices facilitates interesting applications: Mobile clients can simply outsource resource intensive tasks to the cloud. Since clients have to pay a cloud provider (CP) for consumed resources, e.g. instance hours of virtual machines, clients may consider it as privacy intrusive that the CP is able to record the activity pattern of users, i.e. how often and how much resources are consumed by a specific client. In this paper we present a solution to this dilemma which allows clients to anonymously consume resources of a CP such that the CP is not able to track users' activity patterns. We present a scenario which integrates up-to-date security enhanced platforms as processing nodes and a recent cloud payment scheme together with a concrete implementation supporting the practicality of the proposed approach.

[1]  Daniel Slamanig Dynamic Accumulator Based Discretionary Access Control for Outsourced Storage with Unlinkable Access - (Short Paper) , 2012, Financial Cryptography.

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  Michael K. Reiter,et al.  Seeing-is-believing: using camera phones for human-verifiable authentication , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[4]  Steven M. Bellovin,et al.  Privacy Enhanced Access Control for Outsourced Data Sharing , 2012, Financial Cryptography.

[5]  Stefan Katzenbeisser,et al.  Oblivious Outsourced Storage with Delegation , 2011, Financial Cryptography.

[6]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[7]  Bart De Decker,et al.  Communications and Multimedia Security , 2013, Lecture Notes in Computer Science.

[8]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[9]  David Grawrock Dynamics of a trusted platform: a building block approach , 2009 .

[10]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[11]  Angelos Stavrou,et al.  PAR: Payment for Anonymous Routing , 2008, Privacy Enhancing Technologies.

[12]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[13]  Daniel Slamanig Efficient Schemes for Anonymous Yet Authorized and Bounded Use of Cloud Resources , 2011, Selected Areas in Cryptography.

[14]  Johannes Winter,et al.  A Flexible Software Development and Emulation Framework for ARM TrustZone , 2011, INTRUST.

[15]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[16]  Radu Sion,et al.  XPay: practical anonymous payments for tor routing and other networked services , 2009, WPES '09.

[17]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[18]  Michael Gissing,et al.  acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity , 2010, INTRUST.

[19]  Johannes Winter,et al.  A Hijacker's Guide to the LPC Bus , 2011, EuroPKI.

[20]  Liqun Chen,et al.  Lightweight Anonymous Authentication with TLS and DAA for Embedded Mobile Devices , 2010, ISC.

[21]  Yi Mu,et al.  Practical Anonymous Divisible E-Cash From Bounded Accumulators , 2007, IACR Cryptol. ePrint Arch..

[22]  Günther Pernul,et al.  Public Key Infrastructures, Services and Applications , 2011, Lecture Notes in Computer Science.

[23]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[24]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[25]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[26]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[27]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[28]  Johannes Winter,et al.  Implementation Aspects of Anonymous Credential Systems for Mobile Trusted Platforms , 2011, Communications and Multimedia Security.