Towards Secure and Reliable Distributed Systems with Minimized Trust

Abstract

As the most prominent distributed computing platform, the modern Internet infrastructure interconnects various computing resources from data centers to Internet of Things (IoT) devices. Ensuring secure and reliable distributed systems on the Internet is critical for the normal operations of our daily lives. In this dissertation, we conduct three research projects to improve the security and reliability of distributed systems from different aspects. In the first research project, we investigate the cooling systems of Amazon Web Services (AWS) data centers. We leverage two temperature side channels to capture the information leakage from AWS data centers. These two side channels essentially exploit the temperature effect on FPGAs and DRAMs. After comparing data from both side channels, we believe the information revealed by the data is reliable. This project is a practical application of FPGA- based temperature side channels for the measurement study on data centers. Subsequently, our second and third projects focus on small, resource-constrained devices, like IoT devices, that often provide data to data centers. Recent research adapts identity-based encryption (IBE) for IoT devices to encrypt messages, and servers are the receivers, but the application inherits the key escrow problem of IBE. In the second project, we propose an interactive protocol among decryptors to tackle it. We assume decryptors like servers have sufficient resources to handle the additional computation and communication costs. Our protocol is based on dhr-IBE (IBE with decentralized setup, homomorphic key derivation, re-encryptable ciphertext), and Boneh-Franklin IBE, Waters IBE, Boneh-Boyen-Goh IBE are classified as dhr-IBE. The protocol is to build an IBE system as if the master secret key is the sum of all secret keys. In the third project, we propose an alternative solution that takes a trade-off between security and efficiency into consideration, so that the protocol designer can make the decision. The alternative protocol optimizes linear computation and communication to polylogarithmic complexity, and it can be viewed as a type of registration-based encryption, but it does not protect unregistered users. To develop the new protocol, we extend the dhr-IBE to dhr-HIBE (hierarchical IBE), essentially abstracting properties of Waters HIBE, Boneh-Boyen HIBE, Boneh-Boyen-Goh HIBE. The major technique involves using an O(log n)-size HIBE based tree to minimize the computation and communication, meeting a subset of compactness and efficiency requirements of registration-based encryption. A significant advantage of our protocols is keeping the original encryption algorithm of identity-based encryption for IoT devices. In other words, the sender only needs the constant-size public parameter to encrypt messages. We implement software prototypes to verify the efficiency of our protocols.