SafeCloud

Safe and Privacy-Friendly Cloud Infrastructures

Description

Cloud infrastructures raise concerns regarding privacy, integrity, and security of offsite data. These concerns are addressed by encrypting the data to be stored in the cloud. However, if the data is encrypted, the cloud infrastructure can only be used as a backup for the data, but not for running computations on the data. This prevents us from using the computational capabilities of cloud infrastrutures.

To be able to use the computation capabilities and still provide privacy, integrity and security of the data in cloud infrastrutures, a specialized set of algorithms and cryptography are needed. We find these in the fields of Secure Multi-party Computations (SMC), Homomorphic Encryption, and Erasure Resistant Encodings.

Secure Multi-party Computation algorithms allow two parties to compute a result without either party knowing the inputs of the other party. This helps to preserve the privacy of the involved parties as their data is kept private throughout the computation. Any information that is given out about their input is only through the result acquired from the computed function. Obviously, not every function could be computed in this way. However, the current state-of-the-art allows us to compute some functions which are already useful for practical use-cases, albeit moderate to high computational costs. SafeCloud project aims to realize such a use-case by working with a healthcare systems provider. Furthermore, it explores practical implementations of new algorithms to reduce the involved computational costs.

Homomorphic Encryption is used to compute functions on encrypted data. A subset of SMC functions can be realized using this type of encryption. The results of such computations may be encrypted and can only be known to the parties providing the encrypted inputs to the function. This allows us to use the cloud infrastructure for computation while keeping the data encrypted.

Erasure Resistance Encodings are helpful to tangle data from a customer with that of other customers. The tangled data cannot be deleted without severely corrupting the data it is tangled with. This is useful to provide service guarantees by a service provider because the service provider, or an attacker, has no way to delete the data of a customer without deleting data of other customers.

Our contribution to the project is in the development of secure communications middleware. Together with INESC-ID, Portugal we explore ways to provide vulnerability-tolerant communication channels, protected service provising, route monitoring, and multi-path communications.

Partners:

Related publications

2016.09 Daniel Sel, Sree Harsha Totakura, Georg Carle, “sKnock: Scalable Port-Knocking for Masses ,” in Workshop on Mobility and Cloud Security & Privacy, Budapest, Hungary, Sep. 2016. [Preprint] [Sourcecode] [Bib]
2016.05 Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2016.04 Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]
2016.04 Oliver Gasser, Felix Emmert, Georg Carle, “Digging for Dark IPMI Devices: Advancing BMC Detection and Evaluating Operational Security,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Pdf] [Bib]
2015.11 Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]
2015.11 Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]

Finished student theses

Author Title Type Advisors Links
Sirus Shahbakhti Scalable Solution for the Protection of SSH using DNSSEC BA Dr. Heiko Niedermayer, Lukas Schwaighofer Pdf
Benedikt Engeser Informed Route Selection Strategies for Multipath Routing MA Heiko Niedermayer, Sree Harsha Totakura Pdf
Hugues Fafard Secure Port-Knocked Communications BA Sree Harsha Totakura Pdf
Daniel Sel Authenticated Scalable Port-Knocking BA Sree Harsha Totakura, Heiko Niedermayer Pdf
Pirmin Blanz IPv6 TLS Security Scanning MA Oliver Gasser, Quirin Scheitle
Elias Hazboun Applicability and Performance Analysis of Encrypted Databases for Smart Environments MA Dr. Heiko Niedermayer, Dr. Holger Kinkelin, Marcel von Maltitz Pdf
Sebastian Gebhard IPv6 Scanning - Smart Address Selection and Comparison to Legacy IP MA Oliver Gasser, Quirin Scheitle Pdf
Felix Emmert Messung und Evalution der Verbreitung von IPMI-Geräten mit aktiven Scans BA Oliver Gasser

Open and running student theses

Author Title Type Advisors Links
Max Helm Evaluating TLS Certificate Transparency Logs using Active Scans IDP Oliver Gasser, Benjamin Hof Pdf
Hendrik Eichner Revisiting SSH Security in the Internet BA Oliver Gasser, Minoo Rouhi Pdf
Jan-Philipp Lauinger Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans Forschungspraxis Oliver Gasser, Sree Harsha Totakura Pdf
Fabian Raab Influence of BGP Community Attributes on Routing and Internet Traffic IDP Oliver Gasser, Quirin Scheitle, Christoph Dietzel Pdf
Benedict Drechsler Federated Identity and Transaction Management over Blockchain BA Dr. Heiko Niedermayer, Dr.Holger Kinkelin Pdf
Jan Felix Hoops Federated Identity and Transaction Management over Blockchain II BA Dr. Heiko Niedermayer, Dr.Holger Kinkelin Pdf
open Certificate Monitoring BA, MA Heiko Niedermayer, Sree Harsha Totakura Pdf
Markus Paulsen Certificate Monitoring BA Heiko Niedermayer Pdf
open Models for Normal and Attack Traffic in Traffic Causality Graphs BA, MA Heiko Niedermayer Pdf
open Traceable Measurement Result Publication in Append-only Ledgers MA, IDP, Hiwi Oliver Gasser, Quirin Scheitle Pdf
Michael Mitterer Applicability and Performance Analysis of Encrypted Databases for Smart Environments BA Dr. Heiko Niedermayer, Marcel von Maltitz Pdf
open Enhanced Certificate Protection BA, MA Heiko Niedermayer, Sree Harsha Totakura Pdf
open Route Monitoring to Detect Anomalies On Your Connection BA, MA Heiko Niedermayer, Sree Harsha Totakura Pdf
open An Informed Path Selection Overlay (extended) BA, MA Heiko Niedermayer, Sree Harsha Totakura Pdf