MSc Thesis Defense: Ramin Armanfar
  • FENS
  • MSc Thesis Defense: Ramin Armanfar

You are here

A Practical Privacy-Preserving Public Key Repository

 

 

Ramin Armanfar

Computer Science and Engineering, MSc. Thesis, 2017

 

Thesis Jury

Prof. Albert Levi (Thesis Advisor), Asst. Prof. Cemal Yılmaz ve Asst. Prof. Cengiz Toğay (Uludağ Ünivesitesi)

 

 

Date & Time:  27th of March, 2017 –  3:45 PM

Place: FENS 2008

 

 

Abstract

 

Internet and mobile users have been using financial institutions' alternative channels for their financial transactions with an increasing rate. In order to avoid frauds, the financial institutions make use of second factor authentication tokens such as one-time passwords sent to mobile phones as text. Another trend of such transaction verification is utilizing fully cryptographic protocols, in which the transactions are signed by the users. In the implementation of such an approach, in order to provide end-to-end security between the financial institution and its client, each client must have a public-private key pair. In some cases, especially for small-scale institutions, such a transaction verification system is fully outsourced as a Cloud service including clients' public keys. However, even in this outsourced model, the institutions need to access their clients' public keys for end-to-end security. In such a case, in order to provide privacy of the clients against the outsourced database, we need a privacy-preserving public key repository. In this thesis, we developed such a privacy-preserving public key repository based on Path ORAM mechanism. We have developed adaptation layers for Path ORAM so that the queries are performed via regular SQL queries and the data is stored in a regular relational database, rather than Path ORAM's non-standard data structure. In this way, the non-standard features are hidden from both the financial institutions and the Cloud provider. We analyzed the performance of our system under different database sizes, network connection models and query types. We conclude that such a Path ORAM based system is feasible to be used in a practical system since even with a regular computer used as a server, the computational overhead is at marginal level.