Token-Based Cloud Computing

Secure Outsourcing of Data and Arbitrary Computations with Lower Latency
  • Ahmad-Reza Sadeghi
  • Thomas Schneider
  • Marcel Winandy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6101)


Secure outsourcing of computation to an untrusted (cloud) service provider is becoming more and more important. Pure cryptographic solutions based on fully homomorphic and verifiable encryption, recently proposed, are promising but suffer from very high latency. Other proposals perform the whole computation on tamper-proof hardware and usually suffer from the the same problem. Trusted computing (TC) is another promising approach that uses trusted software and hardware components on computing platforms to provide useful mechanisms such as attestation allowing the data owner to verify the integrity of the cloud and its computation. However, on the one hand these solutions require trust in hardware (CPU, trusted computing modules) that are under the physical control of the cloud provider, and on the other hand they still have to face the challenge of run-time attestation.

In this paper we focus on applications where the latency of the computation should be minimized, i.e., the time from submitting the query until receiving the outcome of the computation should be as small as possible. To achieve this we show how to combine a trusted hardware token (e.g., a cryptographic coprocessor or provided by the customer) with Secure Function Evaluation (SFE) to compute arbitrary functions on secret (encrypted) data where the computation leaks no information and is verifiable. The token is used in the setup phase only whereas in the time-critical online phase the cloud computes the encrypted function on encrypted data using symmetric encryption primitives only and without any interaction with other entities.


Cloud Computing Hardware Token Outsourcing 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amazon Elastic Compute Cloud (EC2),
  2. 2.
    Amazon Simple Storage Service (S3),
  3. 3.
    Atallah, M.J., Pantazopoulos, K.N., Rice, J.R., Spafford, E.H.: Secure outsourcing of scientific computations. Advances in Computers 54, 216–272 (2001)Google Scholar
  4. 4.
    Berger, S., Caceres, R., Goldman, K.A., Perez, R., Sailer, R., Doorn, L.v.: vTPM: Virtualizing the Trusted Platform Module. In: USENIX Security Symposium (USENIX 2006), pp. 305–320. USENIX Association (2006)Google Scholar
  5. 5.
    Bussani, A., Griffin, J.L., Jasen, B., Julisch, K., Karjoth, G., Maruyama, H., Nakamura, M., Perez, R., Schunter, M., Tanner, A., Van Doorn, L., Herreweghen, E.V., Waidner, M., Yoshihama, S.: Trusted Virtual Domains: Secure Foundations for Business and IT Services. Technical Report Research Report RC23792, IBM Research (November 2005)Google Scholar
  6. 6.
    Cabuk, S., Dalton, C.I., Eriksson, K., Kuhlmann, D., Ramasamy, H.G.V., Ramunno, G., Sadeghi, A.-R., Schunter, M., Stüble, C.: Towards automated security policy enforcement in multi-tenant virtual data centers. Journal of Computer Security 18, 89–121 (2010)Google Scholar
  7. 7.
    Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling data in the cloud: outsourcing computation without outsourcing control. In: ACM Workshop on Cloud Computing Security (CCSW 2009), pp. 85–90. ACM, New York (2009)CrossRefGoogle Scholar
  8. 8.
    Cloud Security Alliance (CSA). Top threats to cloud computing, version 1.0 (March 2010),
  9. 9.
    Dijk, M.v., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers. Cryptology ePrint Archive, Report 2009/616 (2009),; To appear at EUROCRYPT 2010
  10. 10.
    Garay, J.A., Kolesnikov, V., McLellan, R.: MAC precomputation with applications to secure memory. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 427–442. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. Cryptology ePrint Archive, Report 2009/547 (2009),
  12. 12.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: ACM Symposium on Theory of Computing (STOC 2009), pp. 169–178. ACM, New York (2009)CrossRefGoogle Scholar
  13. 13.
    Google App Engine,
  14. 14.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-time programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)Google Scholar
  15. 15.
  16. 16.
    Järvinen, K., Kolesnikov, V., Sadeghi, A.-R., Schneider, T.: Embedded SFE: Offloading server and network using hardware tokens. In: Financial Cryptography and Data Security (FC 2010), January 25-28. LNCS, Springer, Heidelberg (2010)Google Scholar
  17. 17.
    Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: Proceedings of the 17th Annual Computer Security Applications Conference, ACSAC (2001)Google Scholar
  18. 18.
    Kamara, S., Lauter, K.: Cryptographic cloud storage. In: Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS 2010) - co-located with Financial Cryptography, January 2010, LNCS. Springer, Heidelberg (to appear 2010)Google Scholar
  19. 19.
    Kolesnikov, V., Schneider, T.: Improved garbled circuit: Free XOR gates and applications. In: Aceto, L., Damgård, I., Goldberg, L.A., Halldórsson, M.M., Ingólfsdóttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 486–498. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-hashing for message authentication. RFC 2104 (Informational) (February 1997),
  21. 21.
  22. 22.
    NIST, U.S. National Institute of Standards and Technology. Federal information processing standards (FIPS 197). Advanced Encryption Standard (AES) (November 2001),
  23. 23.
    NIST, U.S. National Institute of Standards and Technology. Federal information processing standards (FIPS 180-2). Announcing the Secure Hash Standard (August 2002),
  24. 24.
    Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure two-party computation is practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  26. 26.
    Smart, N.P., Vercauteren, F.: Fully homomorphic encryption with relatively small key and ciphertext sizes. In: PKC 2010. LNCS. Springer, Heidelberg (2010); Cryptology ePrint Archive, Report 2009/571,
  27. 27.
    Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Computer Networks 31(8), 831–860 (1999); Special Issue on Computer Network SecurityCrossRefGoogle Scholar
  28. 28.
    Song, J.H., Poovendran, R., Lee, J., Iwata, T.: The AES-CMAC Algorithm. RFC 4493 (Informational) (June 2006),
  29. 29.
    Trusted Computing Group (TCG). TPM main specification. Main specification, Trusted Computing Group (May 2009),
  30. 30.
    Yao, A.C.: How to generate and exchange secrets. In: IEEE Symposium on Foundations of Computer Science (FOCS 1986), pp. 162–167. IEEE, Los Alamitos (1986)CrossRefGoogle Scholar
  31. 31.
    Yee, B.S.: Using Secure Coprocessors. PhD thesis, School of Computer Science, Carnegie Mellon University, CMU-CS-94-149 (May 1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Ahmad-Reza Sadeghi
    • 1
  • Thomas Schneider
    • 1
  • Marcel Winandy
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany

Personalised recommendations