Published on

IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003 Optimistic Outsourcing of Linear Programming in Cloud Computing Using Stassen’s Matrix Multiplication and Sparse Matrix Surisetti Lavanya (Department of Software Engineering , JNTUK University, Kakinada)ABSTRACT Cloud Computing has great potential of demand network access to a shared pool ofproviding robust computational power to the configurable computing resources that can besociety at reduced cost. It enables customers rapidly deployed with great efficiency and minimalwith limited computational resources to management overhead [1]. One fundamentaloutsource their large computation workloads advantage of the cloud paradigm is computationto the cloud, and economically enjoy the outsourcing, where the computational power ofmassive computational power, bandwidth, cloud customers is no longer limited by theirstorage, and even appropriate software that resource constraint devices. By outsourcing thecan be shared in a pay-per-use manner. workloads into the cloud, customers could enjoy theDespite the tremendous benefits, security is the literally unlimited computing resources in a pay-per-primary obstacle that prevents the wide use manner without committing any large capitaladoption of this promising computing model, outlays in the purchase of both hardware andespecially for customers when their software or the operational overhead therein.confidential data are consumed and producedduring the computation. we must design Despite the tremendous benefits,mechanisms that not only protect sensitive outsourcing computation to the commercial publicinformation by enabling computations with cloud is also depriving customers‟ direct controlencrypted data, but also protect customers over the systems that consume and produce theirfrom malicious behaviors by enabling the data during the computation, which inevitablyvalidation of the computation result. To design brings in new security concerns and challengesmechanisms that are practically efficient towards this promising computing model [2]. On theremains a very challenging problem. In order one hand, the outsourced computation workloadsto achieve practical efficiency, our mechanism often contain sensitive information, such as thedesign explicitly decomposes the LP business financial records, proprietary research data,computation outsourcing into public LP or personally identifiable health information etc. Tosolvers running on the cloud and private LP combat against unauthorized information leakage,parameters owned by the customer. The sensitive data have to be encrypted beforeresulting flexibility allows us to explore outsourcing [2] so as to provide end- to-end dataappropriate security/efficiency tradeoff via confidentiality assurance in the cloud and beyond.higher-level abstraction of LP computations However, ordinary data encryption techniques inthan the general circuit representation. In essence prevent cloud from performing anyparticular, by formulating private data owned meaningful operation of the underlying plaintextby the customer for LP problem as a set of data [3], making the computation over encryptedmatrices and vectors, we are able to develop data a very hard problem. On the other hand, thea set of some arbitrary one while protecting operational details inside the cloud are notsensitive input/output information. To validate transparent enough to customers [4]. As a result,the computation result, we further explore the there do exist various motivations for cloud serverfundamental duality theorem of LP to behave unfaithfully and to return incorrect results,computation and derive the necessary and i.e., they may behave beyond the classical semi-sufficient conditions that correct result must honest model. For example, for the computationssatisfy. that require a large amount of computing resources, there are huge financial incentives for the cloud toKeywords: Affine mapping ,High level language be “lazy” if the customers cannot tell the correctness,public LP Solvers ,LP - Linear programming ,LP of the output. Besides, possible software bugs,Parameters. hardware failures, or even outsider attacks might also affect the quality of the computed results. Thus,1. INTRODUCTION we argue that the cloud is intrinsically not secure Cloud Computing provides convenient on- from the viewpoint of customers. Without providing a mechanism for secure computation outsourcing, 1994 | P a g e
  2. 2. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003i.e., to protect the sensitive input and output etc. [13]. Because LP computations require ainformation of the workloads and to validate the substantial amount of computational power andintegrity of the computation result, it would be hard usually involve confidential data, we propose toto expect cloud customers to turn over control of explicitly decompose the LP computationtheir workloads from local machines to cloud solely outsourcing into public LP solvers running on thebased on its economic savings and resource cloud and private LP parameters owned by theflexibility. For practical consideration, such a design customer. The flexibility of such a decompositionshould further ensure that customers perform less allows us to explore higher-level abstraction of LPamount of operations following the mechanism than computations than the general circuit representationcompleting the computations by themselves directly. for the practical efficiency.Otherwise, there is no point for customers to seekhelp from cloud. Specifically, we first formulate private data owned by the customer for LP problem as a set of Recent researches in both the cryptography matrices and vectors. This higher leveland the theoretical computer science communities representation allows us to apply a set of efficienthave made steady advances in “secure outsourcing privacy-preserving problem transformationexpensive computations” (e.g. [5]– [10]). Based on techniques, including matrix multiplication andYao‟s garbled circuits [11] and Gentry‟s affine mapping, to transform the original LPbreakthrough work on fully homomorphic problem into some arbitrary one while protecting theencryption (FHE) scheme [12], a general result of sensitive input/output information. One crucialsecure computation outsourcing has been shown benefit of this higher level problem transformationviable in theory [9], where the computation is method is that existing algorithms and tools for LPrepresented by an encrypted combinational solvers can be directly reused by the cloud server.Boolean circuit that allows to be evaluated with To validate the computation result, we utilize theencrypted private inputs. However, applying this fact that the result is from cloud server solving thegeneral mechanism to our daily computations would transformed LP problem. In particular, we explorebe far from practical, due to the extremely high the fundamental duality theorem together with thecomplexity of FHE operation as well as the piece-wise construction of auxiliary LP problem topessimistic circuit sizes that cannot be handled in derive a set of necessary and sufficient conditionspractice when constructing original and encrypted that the correct result must satisfy. Such a methodcircuits. This overhead in general solutions of result validation can be very efficient and incursmotivates us to seek efficient solutions at higher close-to-zero additional overhead on both customerabstraction levels than the circuit representations for and cloud server. With correctly verified result,specific computation outsourcing problems. customer can use the secret transformation to mapAlthough some elegant designs on secure back the desired solution for his original LPoutsourcing of scientific computations, sequence problem.comparisons, and matrix multiplication etc. havebeen proposed in the literature, it is still hardly We summarize our contributions as follows:possible to apply them directly in a practically 1) For the first time, we formalize the problemefficient manner, especially for large problems. In of securely outsourcing LP computations, andthose approaches, either heavy cloud-side provide such a secure and practical mechanismcryptographic computations [7], [8], or multi-round design which fulfills input/output privacy, cheatinginteractive protocol executions [5], or huge resilience, and efficiency.communication complexities [10], are involved 2) Our mechanism brings cloud customer great(detailed discussions in Section VI). In short, computation savings from secure LP outsourcing aspractically efficient mechanisms with immediate it only incurs O(nρ ) for some 2 < ρ ≤ 3 localpractices for secure computation outsourcing in computation overhead on the customer, whilecloud are still missing. solving a normal LP problem usually requires Focusing on engineering computing and more than O(n3) time [13].optimization tasks, in this paper, we study 3) The computations done by the cloud serverpractically efficient mechanisms for secure shares the same time complexity of currentlyoutsourcing of linear programming (LP) practical algorithms for solving the linearcomputations. Linear programming is an programming problems, which ensures that the usealgorithmic and computational tool which captures of cloud is economically viable.the first order effects of various system parameters 4) The experiment evaluation further demonstratesthat should be optimized, and is essential to the immediate practicality: our mechanism canengineering optimization. It has been widely used in always help customers achieve more than 30%various engineering disciplines that analyze and savings when the sizes of the original LP problemsoptimize real-world systems, such as packet routing, are not too small, while introducing no substantialflow control, power management of data centers, overhead on the cloud. 1995 | P a g e
  3. 3. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003 problem that seeks the values for a set of decision2. PROBLEM STATEMENT variables to minimize (or maximize) an objective2.1 System and Threat Model function representing the cost subject to a set of We consider a computation outsourcing constraints. For linear programming, the objectivearchitecture involving two different entities, as function is an affine function of the decisionillustrated in Fig. 1: the cloud customer, who has variables, and the constraints are a system of linearlarge amount of computationally expensive LP equations and inequalities. Since a constraint in theproblems to be outsourced to the cloud; the cloud form of a linear inequality can be expressed as aserver (CS), which has significant computation linear equation by introducing a non-negative slackresources and provides utility computing services, variable, and a free decision variable can besuch as hosting the public LP solvers in a pay-per- expressed as the difference of two non-negativeuse manner. The customer has a large-scale linear auxiliary variables, any linear programmingprogramming problem Φ (to be formally defined problem can be expressed in the followinglater) to be solved. However, due to the lack of standard form,computing resources, like processing power,memory, and storage etc., he cannot carry out suchexpensive computation locally. Thus, the customerresorts to CS for solving the LP computation andleverages its computation capacity in a pay-per-usemanner. Instead of directly sending originalproblem Φ, the customer first uses a secret K tomap Φ into some encrypted version ΦK andoutsources problem ΦK to CS. CS then uses itspublic LP solver to get the answer of ΦK andprovides a correctness proof Γ but it issupposed to learn nothing or little of the sensitiveinformation contained in the original problemdescription Φ. After receiving the solution ofencrypted problem ΦK, the customer should be Fig 1. Architecture of secure outsourcing linearable to first verify the answer via the appended programming problems in Cloud Computingproof Γ. If it‟s correct, he then uses the secret K tomap the output into the desired answer for the Minimize cT x subject to Ax = b, x ≥ 0.original problem Φ. … (1) The security threats faced by the Here x is an n × 1 vector of decision variables, A iscomputation model primarily come from the an m × n matrix, and both c and b are n × 1 vectors.malicious behavior of CS. We assume that the CS It can be assumed further that m ≤ n and that Amay behave beyond “honest-but-curious”, i.e. the has full row rank; otherwise, extras rows cansemi- honest model that was assumed by many always be eliminated from A.previous researches (e.g., [14],[15]), either because In this paper, we study a more general form asit intends to do so or because it is compromised. follows,The CS may be persistently interested in analyzingthe encrypted input sent by the customer and the Minimize cTx subject to Ax = b, Bx ≥ 0.encrypted output produced by the computation to ...(2)learn the sensitive information as in the semi-honest In Eq. (2), we replace the non-negative requirementsmodel. In addition, CS can also behave unfaithfully in Eq. (1) by requiring that each component of Bxor intentionally sabotage the computation, e.g. to lie to be non-negative, where B is an n × n non-about the result to save the computing resources, singular matrix, i.e. Eq. (2) degenerates to Eq.while hoping not to be caught at the same time. (1) when B is the identity matrix. Thus, the LPFinally note that we assume the communication problem can be defined via the tuple Φ = (A, B,channels between each cloud server and the b, c) as input, and the solution x as output.customer is authenticated and reliable, which canbe achieved in practice with little overhead. Theseauthentication handshakes are omitted in the 3. THE PROPOSED SCHEMESfollowing presentation. This section presents our LP outsourcing scheme which provides a complete outsourcing solution for – not only the privacy2.2 Background on Linear Programming An optimization problem is usually protection of problem input/output, but also itsformulated as a mathematical programming efficient result checking. We start from an overview of secure LP outsourcing design framework and 1996 | P a g e
  4. 4. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003discuss a few basic techniques and their demerits, analysis will give insights on how a strongerwhich leads to a stronger problem transformation mechanism should be designed. Note that todesign utilizing affine mapping. We then discuss simplify the presentation, we assume that the cloudeffective result verification by leveraging the server honestly performs the computation, and deferduality property of LP. Finally, we give the full the discussion on soundness to a later section.scheme description. 1) Hiding equality constraints (A,b): First3.1 Design Framework of all, a randomly generated m × m non-singular We propose to apply problem matrix Q can be the part of the secret key K. Thetransformation for mechanism design. The general customer can apply the matrix to Eq. (2) for theframework is adopted from a generic approach [9], following constraints transformation,while our instantiation is completely different and Ax = b ⇒ A‟x = b‟novel. In this framework, the process on cloud Where A‟=QA , b‟ =Qb.server can be represented by algorithm ProofGen Since we have assumed that A has full row rank,and the process on customer can be organized into A‟ must have full row rank. Without knowing Q,three algorithms (KeyGen, ProbEnc, ResultDec). it is not possible for one to determine the exactThese four algorithms are summarized below and elements of A. However, the null spaces of A andwill be instantiated later. A‟ remains the same, which may violate the• KeyGen(1k ) → {K }.This is a randomized security requirement of some applications. Thekey generation algorithm which takes a system vector b is encrypted in a perfect way since itsecurity parameter k, and returns a secret key K that can be mapped to an arbitrary b′ with a properis used later by customer to encrypt the target LP choice of Q.problem. • ProbEnc(K, Φ) → {ΦK }. This algorithm 2) Hiding inequality constraints (B): Theencrypts the input tuple Φ into ΦK with the customer cannot transform the inequalitysecret key K . According to problem constraints in the similar way as used for thetransformation, the encrypted input ΦK has the equality constraints. This is because for ansame form as Φ, and thus defines the problem to arbitrary invertible matrix Q, Bx ≥ 0 is not equivalent to QBx ≥ 0 in general. To hide B, webe solved in the cloud. can leverage the fact that a feasible solution to Eq. • ProofGen(ΦK ) → {(y, Γ)}. This algorithm (2) must satisfy the equality constraints. To beaugments a generic solver that solves the problem more specific, the feasible regions defined by theΦK to produce both the output y and a proofΓ. The output y later decrypts to x, and Γ is following two groups of constraints are the same.used later by the customer to verify the Ax = b Ax=bcorrectness of y or x. => • ResultDec(K, Φ, y, Γ) → {x, ⊥ }. This Bx ≥ 0 (B − λA)x = B‟x ≥algorithm may choose to verify either y or x via the 0proof Γ. In any case, a correct output x is produced Where λ is a randomly generated n ×m matrix inby decrypting y using the secret K. The algorithm K satisfying that |B‟| = |B − λA| = 0 and λb = 0.outputs ⊥ when the validation fails, indicating the Since the condition λb = 0 is largelycloud server was not performing the computation underdetermined, it leaves great flexibility tofaithfully. Note that our proposed mechanism choose λ in order to satisfy the above conditions.provides us one-time-pad types of flexibility.Namely, we shall never use the same secret key K to 3) Hiding objective functions c and value cTtwo different problems. Thus, when analyzing the x: Given the widely application of LP, such as thesecurity strength of the mechanism, we focus on estimation of business annual revenues or personalthe ciphertext only attack. We do not consider portfolio holdings etc., the information contained inknown- plaintext attack in this paper but do allow objective function c and optimal objective value cTadversaries to do offline guessing or inferring via x might be as sensitive as the constraints of A, B,various problem-dependent information including b. Thus, they should be protected, too.sizes and signs of the solution, which are not To achieve this, we apply constant scaling tonecessary to be confidential. the objective function, i.e. a real positive scalar γ is generated randomly as part of encryption key K3.2 Basic Techniques and c is replaced by γc. It is not possible to Before presenting the details of ourproposed mechanism, we study in this subsection a derive the original optimal objective value cT xfew basic techniques and show that the input without knowing γ first, since it can be mapped toencryption based on these techniques along may any value with the same sign. While hiding theresult in an unsatisfactory mechanism. However, the objective value well, this approach does leak 1997 | P a g e
  5. 5. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003structure-wise information of objective function c. One can denote the constraints of above LP viaNamely, the number and position of zero-elements Eq. (3):in c are not protected. Besides, the ratio between A‟=QAMthe elements in c are also preserved after constant B‟=(B-λQA)Mscaling. b‟=Q(b+Ar) …(3) Summarization of basic techniques c‟ = γMT cOverall, the basic techniques would choose a secretkey K = (Q, λ, γ) and encryptthe input tuple Φ If the following conditions hold,into ΦK = (A‟, B‟, b‟, γc), which givesreasonable strength of problem input hiding. |B‟|!= 0, λb‟′= Br and b + Ar!= 0,Also, these techniques are clearly correct in the …(4)sense that solving ΦK would give the sameoptimal solution as solving Φ. However, it also Then the LP problem ΦK = (A‟, B‟, b‟, c‟ )implies that although input privacy is achieved, can be formulated via eqn..(5)there is no output privacy. Essentially, it shows Tthat although one can change the constraints to a Minimize c‟ y subject to A‟y = b‟, B‟y ≥completely different form, it is not necessary the 0. …(5)feasible region defined by the constraints will Discussion By keeping the randomlychange, and the adversary can leverage such selected M and r as part of secret key K for affineinformation to gain knowledge of the original LP mapping, it can be ensured that the feasible regionproblem. Therefore, any secure linear of encrypted problem ΦK no longer contains anyprogramming mechanism must be able to not resemblance of the feasible area in originalonly encrypt the constraints but also to encrypt the problem Φ. As we will show later, both input andfeasible region defined by the constraints. output privacy can be achieved by sending ΦK instead of Φ to the cloud server.3.3 Enhanced Techniques via Affine Mapping To enhance the security strength of LP 3.4 Result Verificationoutsourcing, we must be able to change the Till know we have been assuming thefeasible region of original LP and at the same server is honestly performing the computation,time hide output vector x during the problem input while being interested learning information ofencryption. We propose to encrypt the feasible original LP problem. However, such semi-honestregion of Φ by applying an affine mapping on the model is not strong enough to capture the adversarydecision variables x. This design principle is based behaviors in the real world. Even be malicious juston the following observation: ideally, if we can to sabotage any following- up computation at thearbitrarily transform the feasible area of problem customers. Since the cloud server promises to solveΦ from one vector space to another and keep the the LP problem ΦK = (A‟, B‟ , b‟, c‟), wemapping function as the secret key, there is no propose to solve the result verification problem byway for cloud server to learn the original feasible designing a method to verify the correctness of thearea information. Further, such a linear mapping solution y of ΦK . The soundness condition wouldalso serves the important purpose of output hiding,as illustrated below. be a corollary thereafter when we present theLet M be an nxn non-singular matrix and r be an whole mechanism in the next section. Note that innX1 vector. The affine mapping defined by M and r our design, the workload required for customerstransforms x into y= M-1(x+r) . Since this mapping on the result verification is substantially cheaperis an one-to-one mapping the LP problem Φ in Eq. than solving the LP problem on their own, which(2) can be expressed as the following LP problem ensures the great computation savings for secureof the decision variables y. LP outsourcing. Minimize cT My − cT r The LP problem does not necessarily have subject to AMy = b + Ar an optimal solution. There are three cases as BMy ≥ Br. follows.Using the basic techniques, this LP problem can • Normal: There is an optimal solution withbe further transformed to finite objective value. • Infeasible: The constraints cannot be all satisfied at the same time. Minimize γcT My • Unbounded: For the standard form in Eq. (1), subject to QAMy = Q(b + Ar), the objective function can be arbitrarily small while BMy − λQAMy ≥ Br − λQ(b + Ar). the constraints are all satisfied. Therefore, the result verification method not only 1998 | P a g e
  6. 6. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003needs to verify a solution if the cloud server problem Φ, the customer runs ProbEnc(K, Φ) toreturns one, but also needs to verify the cases compute the encrypted LP problem ΦK = (A‟,when the cloud server claims that the LP problem is B‟, b‟,c‟‟) from Eq. (3).infeasible or unbounded. We will first present the • ProofGen(ΦK ): The cloud server attempts toproof Γ that the cloud server should provide and theverification method when the cloud server returns solve the LP problem ΦK in Eq. (5) to obtain thean optimal solution, and then present the proofs and optimal solution y. If the LP problem ΦK hasthe methods for the other two cases, each of which an optimal solution, Γ should indicate so andis built upon the previous one. include the dual optimal solution (s, t). If the LP problem ΦK is infeasible, Γ should indicate so1) The normal case: We first assume that the and include the primal and the dual optimalcloud server returns an optimal solution y. In solutions of the auxiliary problem in Eq. (8). Iforder to verify y without actually solving the LP the LP problem ΦK is unbounded, y should be aproblems, we design our method by seeking a set feasible solution of it, and Γ should indicate soof necessary and sufficient conditions that the and include the primal and the dual optimaloptimal solution must satisfy. We derive these solutions of Eq. (9), i.e. the auxiliary problem ofconditions from the well-studied duality theory of the dual problem of ΦK.the LP problems [13]. For the primal LP problem • ResultDec(K, Φ, y, Γ): First, the customerΦK defined as Eq. (5), its dual problem is defined verifies y and Γ according to the various cases. Ifas, they are correct, the customer computes x = My − T T T r if there is an optimal solution or reports Φ to beMaximize b‟ s subject to A‟ s + B‟ t = c‟ , t ≥ infeasible or unbounded accordingly; otherwise the0, (6) customer outputs ⊥ , indicating the cloud server was not performing the computation faithfully. Where s and t are the m × 1 and n × 1vectors of dual decision variables respectively. Thestrong duality of the LP problems states that if a 4. SECURITY ANALYSISprimal feasible solution y and a dual feasible 4.1 Analysis on Correctness and Soundnesssolution (s, t) lead to the same primal and dual Guaranteeobjective value, then both y and (s, t) are the We give the analysis on correctness andoptimal solutions of the primal and the dual soundness guarantee via the following twoproblems respectively [13]. Therefore, we should theorems.ask the cloud server to provide the dual optimal Theorem 1: Our scheme is a correct verifiablesolution as part of the proof Γ. Then, the linear programming outsourcing scheme.correctness of y can be verified based on thefollowing conditions, Proof: The proof consists of two steps. First, we show that for any problem Φ and its encryptedc „T y = b‟T s, A‟y = b‟ , B‟y ≥ 0 , A‟T s + B‟Tt version ΦK , solution y computed by honest=c‟, t≥ 0. cloud server will always be verified successfully.…(7) This follows directly from the duality theorem of linear programming. Namely, all conditions derived Here, c‟Ty =b‟Ts tests the equivalence of from duality theorem and auxiliary LP problemprimal and dual objective value for strong duality. construction for result verification are necessaryAll the remaining conditions ensure that both y and sufficient.and (s, t) are feasible solutions of the primal and Next, we show that correctly verifieddual problems, respectively. Note that due to the solution y a lways corresponds to the optimalpossible truncation errors in the computation, the solution x of original problem Φ. For space limit,equality test A‟y = b‟ can be achieved in practice we only focus on the normal case. The reasoningby checking whether | A‟ y – b‟|| is small enough. for infeasible/unbounded cases follows similarly. By way of contraction, suppose x = My − r is not the 3.5 The Complete Mechanism Description optimized solution for Φ. Then, there exists x* Based on the previous sections, the such that cT x* < cT x, where Ax* = b andproposed mechanism for secure outsourcing oflinear programming in the cloud is summarized Bx*≥ 0. Since x*=My*− r, it is straightforwardbelow. that cTMy*− cTr=cTx*< cT x = cTMy− cT r,• KeyGen(1k ): Let K = (Q, M, r,λ, γ). For where A‟′ y* = b‟′ and B‟y* ≥ 0. Thus, y* is athe system initialization, the customer runs better solution than y for problem ΦK , whichKeyGen(1k ) to randomly generate a secret K , contradicts the fact that the optimality of y haswhich satisfies Eq. (4). been correctly verified. This completes the proof of• ProbEnc(K, Φ): With secret K and original LP theorem 1. 1999 | P a g e
  7. 7. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003 input (A, B, b, c). As for the output privacy, we plug eq. (3) into ΦK ‟s dual problem defined in eq.Theorem 2: Our scheme is a sound verifiable (6) and rearrange it as,linear programming outsourcing scheme. Maximize [Q(b + Ar)]T sProof: Similar to correctness argument, the Subject to ATQT(s - λTt) + BTt = c γ , t≥0soundness of the proposed mechanism follows from …..(9)the facts that the LP problem Φ and ΦK areequivalent to each other through affine mapping,and all the conditions thereafter for result Note that MT in the equality constraint is canceledverification are necessary and sufficient. out during the rearrangement. Comparing eq. (8) and eq. (9), we derive the linear mapping between4.2. Analysis on Input and Output Privacy (α, β) and (s, t) as,Guarantee We now analyze the input and output α =(1/γ)Q T (s-λTt), β = (1/ γ) tprivacy guarantee. Note that the only information ….(10)that the cloud server obtains isΦK=(A‟,B‟,b‟,c‟). Following similar reasoning for Φ‟s output We start from the relationship between the privacy and analysis for hiding objective function cprimal problem Φ and its encrypted one ΦK. First in basic techniques (Section III-B3), the dual decision variables (α, β) of original problem Φ isof all, the matrix A and the vector b are protected well by the random choice of (Q, λ, γ).protected perfectly. Because for ∀ m × n matrixA‟ that has the full row rank and ∀ n × 1vector b‟, ∃ a tuple (Q, M,r) that transforms (A, 5. PERFORMANCE ANALYSISb) into (A‟, b‟). This is straightforward since we 5.1Theoretic Analysiscan always find invertible matrices Q, M for 1) Customer Side Overhead: According to ourequivalent matrices A and A‟ such that A‟ = mechanism, customer side computation overheadQAM, and then solve r from b‟ = Q(b + Ar). consists of key generation, problem encryptionThus from (A‟, b‟), cloud can only derive the rank operation, and result verification, whichand size information of original equality corresponds to the three algorithms KeyGen,constraints A, but nothing else. Secondly, the ProbEnc, and ResultDec, respectively. Becauseinformation of matrix B is protected by B‟=(B − KeyGen and Result- Dec only require a set of random matrix generation as well as vector-vectorλQA)M. Recall that the n × m matrix λ in and matrix-vector multiplication, the computationthecondition λb‟ = Br is largely complexity of these two algorithms are upperunderdetermined. Namely, for each m × 1 rowvector in λ, there are m − 1 elements that can be set bounded via O(n2 ). Thus, it is straight-forwardfreely. Thus, the abundant choices of λ, which can that the most time- consuming operations are thebe viewed as encryption key with large key space, matrix-matrix multiplications in problemensures that B is well obfuscated. Thirdly, the encryption algorithm ProbEnc. Since m≤n, thevector c is protected well by scaling factor γ and time complexity for the customer local computationM. By multiplication of matrix M, both the is thus asymptotically the same as matrix-matrixelements and the structure pattern of c are no multiplication, i.e., O(nρ ) for some 2 < ρ ≤ 3.longer exposed from c‟= γMTc. As for the In our experiment, the matrix multiplication isoutput, since M, r is kept as a one-time secret and implemented via standard cubic-time method, thusdrawn uniformly at random, deriving x = My − r the overall computation overhead is O(n3solely from y can be hard for cloud. ).However, other more efficient matrixGiven the complementary relationship of primal and multiplication algorithms can also be adopted, suchdual problem, it is also worth looking into the as the strassen‟s algorithm with time complexityinput/output privacy guarantee from dual problems O(n2.81 ) [18] or the Coppersmith-Winogradof both Φ and ΦK . Same as eq. (6), the dualproblem of Φ is defined as, algorithm [ 1 9 ] in O(n2.376 ). In either case, the overall customer side efficiency can be further improved.Maximize bTα subject to ATα+BTβ=c, β ≥ 0,.(8) 2) Server Side Overhead: For cloud server, its only computation overhead is to solve the encrypted where α and β are the m×1 and n×1 LP problem ΦK as well as generating the resultvectors of dual decision variables respectively. proof Γ, both of which correspond to the algorithmClearly, the analysis for primal problem Φ‟s input ProffGen. If the encrypted LP problem ΦK belongsprivacy guarantee still holds for its dual problem 2000 | P a g e
  8. 8. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003to normal case, cloud server just solves it with and medium sized problems, where m and n arethe dual optimal solution as the result proof Γ, increased from 50 to 3200 and 60 to 3840,which is usually readily available in the current respectively. All these benchmarks are for theLP solving algorithms and incurs no additional normal cases with feasible optimal solutions. Sincecost for cloud (see Section III-D). If the encrypted in practice the infeasible/unbounded cases for LPproblem ΦK does not have an optimal computations are very rare, we do not conduct thosesolution, additional auxiliary LP problems can be experiments for the current preliminary work andsolved to provide a proof. Because for general LP leave it as one of our future tasks. Table I gives oursolvers, phase I method (solving the auxiliary LP) is experimental results, where each entry in the tablealways executed at first to determine the initial represents the mean of 20 trials. In this table, thefeasible solution [16], proving the auxiliary LP with sizes of the original LP problems are reported in theoptimal solutions also introduces little additional first two columns. The times to solve the original LPoverhead. Thus, in all the cases, the computation problem in seconds, toriginal, are reported in thecomplexity of the cloud server is asymptotically the third column. The times to solve the encrypted LPsame as to solve a normal LP problem, which problem in seconds are reported in the fourth andusually requires more than O(n3) time [13]. fifth columns, separated into the time for the cloudObviously, the customer will not spend more time to server tcloud and the time for the customerencrypt the problem and solve the problem in the tcustomer. Note that since each KeyGen wouldcloud than to solve the problem on his own. generate a different key, the encrypted LP problemTherefore, in theory, the proposed mechanism _K generated by ProbEnc would be different andwould allow the customer to outsource their LP thus result in a different running time to solve it.problems to the cloud and gain great computation The tcloud and tcustomer reported in Table I aresavings. thus the average of multiple trials. We propose to assess the practical efficiency by two characteristics5.2 Experiment Results calculated from toriginal, tcloud, and tcustomer. The We now assess the practical efficiency of Asymmetric Speedup, calculated as toriginalthe proposed secure and verifiable LP outsourcing tcustomer ,represents the savings of the computingscheme with experiments. We implement the resources for the customers to outsource the LPproposed mechanism including both the customer problems to the cloud using the proposedand the cloud side processes in Matlab and utilize mechanism. The Cloud Efficiency, calculated asthe MOSEK optimization [20] through its Matlab toriginal tcloud , represents the overhead introducedinterface to solve the original LP problem _ and to the overall computation by the proposedencrypted LP problem _K. Both customer and cloud mechanism. It can be seen from the table that weserver computations in our experiment are can always achieve more than 30% savings whenconducted on the same workstation with an Intel the sizes of the original LP problems are not tooCore 2 Duo processor running at 1.86 GHz with 4 small. On the other hand, from the last column, weGB RAM. In this way, the practical efficiency of the can claim that for the whole system including theproposed mechanism can be assessed without a real customers and the cloud, the proposed mechanismcloud environment. will not introduce a substantial amount of overhead.Table 1. Preliminary performance Results It thus confirms that secure outsourcing LP in cloud computing is economically viable. 6. CONCLUDING REMARKS In this paper, for the first time, we formalize the problem of securely outsourcing LP computations in cloud computing, and provide such a practical mechanism design which fulfills input/output privacy, cheating resilience, and efficiency. By explicitly decomposing LP computation outsourcing into public LP solvers and private data, our mechanism design is able to explore appropriate security/efficiency tradeoffs via higher level LP computation than the general circuit representation. We develop problem transformation techniques that enable customers to We also ignore the communication latency secretly transform the original LP into somebetween the customers and the cloud for this arbitrary one while protecting sensitive input/outputapplication since the computation dominates the information. We also investigate duality theoremrunning time as evidenced by our experiments. Our and derive a set of necessary and sufficientrandomly generated test benchmark covers the small condition for result verification. Such a cheating 2001 | P a g e
  9. 9. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003resilience design can be bundled in the overall We iterate this division process n timesmechanism with close-to-zero additional overhead. (recursively) until the sub matrices degenerate intoBoth security analysis and experiment results numbers (elements of the ring R). The resultingdemonstrates the immediate practicality of the product will be padded with zeroes just like A and B,proposed mechanism. and should be stripped of the corresponding rowsWe plan to investigate some interesting future work and columns.as follows: 2) When maximum elements in the matrix are1) By using Strassen‟s matrix multiplication zeros then better to use sparse matrix so we canalgorithm With time complexity O(N2.84074) will save memory as well as computational time. Whenreduce the processing time and improve the compared with normal matrix operations used in thisefficiency. when compared with normal matrix paper because only the non zero elements are storedmultiplication used in this paper with a time in the hard disk.complexity of O(N3) which requires slightly moretime than strassen‟s. RE FERENCESExample: [1] P. Mell and T. Grance, “Draft nistBy using normal matrix multiplication: working definition of cloud computing,”We partition A, B and C into equally sized block Referenced on Jan. 23rd, 2010 Online atmatrices. http://csrc.nist.gov/ groups/SNS/cloud- computing/index.html, 2010. [2] Cloud Security Alliance, “Security guidance for critical areas of focus in cloud computing,” 2009, online at http://www.cloudsecurityalliance.org.with [3] C. Gentry, “Computing arbitrary functions of encrypted data,” Commun. ACM, vol. 53, no. 3, pp. 97–105, 2010.then [4] Sun Microsystems, Inc., “Building customer trust in cloud computing with transparent security,” 2009, online at https://www.sun.com/offers/details/sun transparency.xml. [5] M. J. Atallah, K. N. Pantazopoulos, J.With this construction we have not reduced the R. Rice, and E. H. Spafford, “Securenumber of multiplications. We still need 8 outsourcing of scientific computations,”multiplications to calculate the Ci,j matrices, the Advances in Computers, vol. 54, pp. 216–same number of multiplications we need when using 272, 2001.standard matrix multiplication. [6] S. Hohenberger and A. Lysyanskaya,By using Strassen’s algorithm: “How to securely outsourceNow comes the important part. We define new cryptographic computations,” in Proc. ofmatrices TCC, 2005, pp. 264–282. [7] M. J. Atallah and J. Li,“Secure outsourcing of sequence comparisons, ”Int. J. Inf. Sec., vol. 4, no. 4, pp. 277–287, 2005. [8] D. Benjamin and M. J. Atallah, “Private and cheating-free outsourcing of algebraic computations,” in Proc. of 6th Conf. on Privacy, Security, and Trust (PST), 2008, pp. 240–245. [9] R. Gennaro, C. Gentry, and B. Parno,only using 7 multiplications(one for each Mk) “Non-interactive verifiable computing:instead of 8. Outsourcing computation to untrustedWe may now express the Ci,j in terms of Mk, like workers,” in Proc. of CRYPTO’10, Aug.this: 2010. [10] M. Atallah and K. Frikken, “Securely outsourcing linear algebra computations,” in Proc. of ASIACCS, 2010, pp. 48–59. [11] A. C.-C. Yao, “Protocols for secure computations (extended abstract),” in Proc. of FOCS’82, 1982, pp. 160–164. 2002 | P a g e
  10. 10. Surisetti Lavanya / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue5, September- October 2012, pp.1994-2003[12] C. Gentry, “Fully homomorphic encryption interactive proofs for muggles,” in Proc. using ideal lattices,” in Proc of STOC, of STOC, 2008, pp.113–122. 2009, pp. 169–178. [28] P. Golle and I. Mironov, “Uncheatable[13] D. Luenberger and Y. Ye, Linear and distributed computations,” in Proc. of CT- Nonlinear Programming, 3rd ed. Springer, RSA, 2001, pp. 425–440. 2008. [29] W. Du, J. Jia, M. Mangal, and M.[14] C. Wang, N. Cao, J. Li, K. Ren, and W. Murugesan, “Uncheatable grid Lou, “Secure ranked keyword search over computing,” in Proc. of ICDCS, 2004, pp. encrypted cloud data,” in Proc. of 4–11. ICDCS’10, 2010.[15] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine- grained access control in cloud computing,” in Proc. of IEEE INFOCOM’10, San Diego, CA, USA, March 2010.[16] S. Boyd and L. Vandenberghe, Convex Optimization. bridgeUniversity Press, 2004.[17] T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein, Introduction to Algorithms, 2nd ed. MIT press, 2008.[18] V. Strassen, “Gaussian elimination is not optimal,” Numer. Math., vol. 13, pp. 354–356, 1969.[19] D. Coppersmith and S. Winograd, “Matrix multiplication via arithmetic progressions,”in Proc. Of STOC’87,1987,pp. 1–6.[20] MOSEK ApS, “The MOSEK Optimization Software,” Online at http://www.mosek.com/, 2010.[21] P. Paillier, “Public-key cryptosystems based on composite degree residuosity classes,” in Proc. of EUROCRYPT’99, 1999, pp. 223–238.[22] S. Even, O. Goldreich, and A. Lempel, “A randomized protocol for signing contracts,” Commun. ACM, vol. 28, no. 6, pp. 637–647, 1985.[23] A. Shamir, “How to share a secret,” Commun. ACM, vol. 22, no. 11,pp. 612– 613, 1979.[24] O. Goldreich, S. Micali, and A. Wigderson, “How to play any mental game or a completeness theorem for protocols with honest majority,” in Proc. of STOC’87, 1987, pp. 218–229.[25] W. Du and M. J. Atallah, “Secure multi- party computation problems and their applications: a review and open problems,” in Proc. of New Security Paradigms Workshop (NSPW), 2001, pp. 13–22.[26] J. Li and M. J. Atallah, “Secure and private collaborative linear programming,” in Proc. of CollaborateCom, Nov. 2006.[27] S. Goldwasser, Y. T. Kalai, and G. N. Rothblum, “Delegating computation: 2003 | P a g e