Abstract: Described is a system for anonymous job allocation and majority voting in a cloud computing environment. The system broadcasts a job to physical nodes, each of the physical nodes having a control operations plane (COP) node and one or more service nodes associated with the COP node. A set of redundant job assignments is distributed to individual COP nodes pursuant to a private job assignment schedule, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes execute the job assigned to the COP nodes such that the service nodes each complete a task associated with the job and forward an individual result to their associated COP node. A privacy-preserving result checking protocol is performed amongst the COP nodes such that secret shares of a majority result are obtained and the majority result is provided to a client.

Abstract: Described is a system for secure database searching. The system comprises a client-server architecture which allows a client to securely search a database of records possessed by a server. A database query is generated by the client and transmitted to the server. The database query is processed by the server using a privacy-preserving search protocol. An encrypted match result is produced by the server without decrypting the database query. The encrypted match result is sent to the client, and the client decrypts the encrypted match result to obtain a set of block identifiers representing blocks of records in the database that match the database query. The client obtains a block of encrypted records containing match results using only the set of block identifiers. The match results are decrypted by the client using a key obtained from the server. The unencrypted match results to the database query are then output.

Abstract: Described is a secure system for generic pattern matching. In operation, the system determines if a pattern p, as presented by a second party, is within a textual pattern T, as maintained by a first party. In making such a determination, the system uses a series of binary value matrices and corresponding pairs of encrypted permuted matrices. Challenge bits are then used to generate permutations and later verify correctness of the various encrypted permuted matrices. If it is determined that pattern p is within text T, the, for example, an access protocol is initiated.

Abstract: Described is a system for anonymous job allocation and majority voting in a cloud computing environment. The system broadcasts a job to physical nodes, each of the physical nodes having a control operations plane (COP) node and one or more service nodes associated with the COP node. A set of redundant job assignments is distributed to individual COP nodes pursuant to a private job assignment schedule, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes execute the job assigned to the COP nodes such that the service nodes each complete a task associated with the job and forward an individual result to their associated COP node. A privacy-preserving result checking protocol is performed amongst the COP nodes such that secret shares of a majority result are obtained and the majority result is provided to a client.

Abstract: Described is a system for the implementation of biometric scanning in a user-privacy preserving fashion with respect to identification, authentication, and online credential systems. At enrollment, the user enrolls or initially registers at a physical location, where the user is provided a Fuzzy Extractor (FE) encrypted output (Enc(R)). The user is then registered with an online server, which creates an ID-Wallet for the user and stores the ID-Waller. During operation, the user sends an authentication request to the online server, which provides a corresponding authentication response. The user or user's client then extracts secret (R) for user authentication. The user can then be authenticated with the online server to retrieve credentials from the ID-Wallet, which can be used for a variety of online services.

Abstract: Described is a system for securely searching streaming data. The system executes a secure pattern matching protocol between a client and at least one of a server and a processing element. Using the processing element, an encryption of a character delay based on a pattern to be searched is received. Streaming data is received at the processing element. A secure search is performed blindly at the processing element to find a match for the pattern in the streaming data, the search being performed using the encryption of the character delay vector. Encrypted results from the secure search are sent back to the client.

Abstract: Described is a system for a cloud control operations plane. In operation, a job is broadcast to a plurality of physical hosts, one or more of the physical hosts having a control operations plane (COP) node and a service node associated with the COP node. The COP nodes jointly create a private job assignment. A set of job assignments is redundantly distributed to individual COP nodes pursuant to the private job assignments, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes then each complete a task associated with the job and generate an output. When a set of service nodes performing a redundant job complete their task, the corresponding COP nodes jointly perform a private result checking protocol to generate a final output. The final output is then sent to the user.

Abstract: Described is a system for implementing proactive secret sharing. The system uses a Secret-Share protocol to distribute, by a computing device, a block of secret data comprising shares of secret data among a set of computing devices, wherein each computing device in the set of computing devices holds an initial share of secret data. The system uses at least one Secret-Redistribute protocol to periodically redistribute the plurality of shares of secret data among the set of computing devices, wherein each computing device in the set of computing devices holds a subsequent share of secret data from the block of secret data that is independent of the initial share of secret data. Finally, a Secret-Open protocol is initialized to reveal the block of secret data.

Abstract: Described is a protocol for multi-dimensional secure pattern matching. The protocol is to be evaluated between two parties, P1 (or Client) and P2 (or Server). P1 holds a multi-dimensional pattern, p, and P2 holds a multi-dimensional text T (where both p and T have the same number of dimensions, but where p may be of smaller length in each dimension compared to T). P1 and P2 would then engage in a protocol that allows P1 to find out whether p is present in T or not. The security and privacy requirements are that P2 does not learn any information about the pattern p nor the result of the matching. P1 should also not learn any information about T other than whether p is present in it or not. Upon implementation of the protocol, p matches T if there exists an m× . . . ×m sub-hypermatrix (or sub-array) of T that equals p.

Abstract: Described, is system for mobile proactive secret sharing. The system initializes a RobustShare protocol to distribute a block of secret data among a set of servers comprising n servers. The block of secret data comprises a plurality of shares of data, wherein each server in the set of servers holds one share of data encoding the block of secret data. At least one Block-Redistribute protocol is initialized to protect against at least one adversary that attempts to corrupt the set of servers. During a Block-Redistribute protocol, the set of servers periodically refreshes its plurality of shares of data such that each server holds a new share of data that is independent of the previous share of data. Finally, a Reco protocol is initialized to reveal the block of secret data.

Abstract: Described is system for transforming a SHARE protocol into a proactively secure secret sharing (PSS) protocol. A PREFRESH protocol is performed that includes execution of the SHARE protocol. The PREFRESH protocol refreshes shares of secret data among multiple parties. The SHARE protocol is a non-proactively secure secret sharing protocol.

Abstract: Described is a system for proactively secure multi-party computation (MPC). Secret shares representing data are constructed to perform computations between a plurality of parties modeled as probabilistic polynomial-time interactive turing machines. A number of rounds of communication where the plurality of parties jointly compute on the secret shares is specified. Additionally, a threshold of a number of the plurality of parties that can be corrupted by an adversary is specified. The secret shares are periodicially refreshed and reshared among the plurality of parties before and after computations in each of the rounds of communication. The data the secret shares represent is proactively secured.

Abstract: Described is system for secure proactive multi-party computation. The system securely evaluates a circuit in the presence of an adversary. The circuit receives inputs of secret values from a set of servers. A RobustShare protocol is initialized to allow each server to distribute their secret values among the other servers. A RauDouSha protocol is initialized to generate random sharings of the secret values. A Block-Redistribute protocol is initialized to redistribute the secret values amount the set of servers. For each layer of the circuit, a permutation of the secret values is performed, and each layer of the circuit is evaluated. The Block-Redistribute is protocol is initialized to re-randomize the secret values such that privacy of the secret values is preserved. A sharing of the secret values is determined for each output gate, and a Reco protocol is initialized to reveal each sharing of secret values to an intended recipient.

Abstract: Described is a system for allowing sets of processors to engage in a secure pattern matching protocol. An input pattern is received from a first set of processors, while a text is received from a second set of processors. A matrix is constructed based on values computed for each character determined by each character's position in the pattern. The first set of processors sends an encrypted matrix to the second set of processors. The second set of processors processes each character in the text and creates a set of vectors. A final activation vector is created based on processing the set of vectors and an encrypted activation vector. The second set of processors sends the final activation vector to the first set of processors. The second set of processors decrypts the final activation vector. The system provides to the first set of processors where the pattern matches the text.