Safe and Privacy-Friendly Cloud Infrastructures
|Scientists:||Sree Harsha Totakura, M. Sc (Contact person), Dr. Heiko Niedermayer, Prof. Dr.-Ing. Georg Carle|
|Duration:||01.09.2015 – 30.09.2018|
|Funding:||EU Horizon 2020|
Cloud infrastructures raise concerns regarding privacy, integrity, and security of offsite data. These concerns are addressed by encrypting the data to be stored in the cloud. However, if the data is encrypted, the cloud infrastructure can only be used as a backup for the data, but not for running computations on the data. This prevents us from using the computational capabilities of cloud infrastrutures.
To be able to use the computation capabilities and still provide privacy, integrity and security of the data in cloud infrastrutures, a specialized set of algorithms and cryptography are needed. We find these in the fields of Secure Multi-party Computations (SMC), Homomorphic Encryption, and Erasure Resistant Encodings.
Secure Multi-party Computation algorithms allow two parties to compute a result without either party knowing the inputs of the other party. This helps to preserve the privacy of the involved parties as their data is kept private throughout the computation. Any information that is given out about their input is only through the result acquired from the computed function. Obviously, not every function could be computed in this way. However, the current state-of-the-art allows us to compute some functions which are already useful for practical use-cases, albeit moderate to high computational costs. SafeCloud project aims to realize such a use-case by working with a healthcare systems provider. Furthermore, it explores practical implementations of new algorithms to reduce the involved computational costs.
Homomorphic Encryption is used to compute functions on encrypted data. A subset of SMC functions can be realized using this type of encryption. The results of such computations may be encrypted and can only be known to the parties providing the encrypted inputs to the function. This allows us to use the cloud infrastructure for computation while keeping the data encrypted.
Erasure Resistance Encodings are helpful to tangle data from a customer with that of other customers. The tangled data cannot be deleted without severely corrupting the data it is tangled with. This is useful to provide service guarantees by a service provider because the service provider, or an attacker, has no way to delete the data of a customer without deleting data of other customers.
Our contribution to the project is in the development of secure communications middleware. Together with INESC-ID, Portugal we explore ways to provide vulnerability-tolerant communication channels, protected service provising, route monitoring, and multi-path communications.
- Cloud&Heat, Germany
- Cybernetica, Estonia
- INESC-ID, Portugal
- INESC-TEC, Portugal
- Maxdata Software, Portugal
- Université de Neuchâtel, Switzerland
- Technische Universität München, Germany
|2016.09||Daniel Sel, Sree Harsha Totakura, Georg Carle, “sKnock: Scalable Port-Knocking for Masses ,” in Workshop on Mobility and Cloud Security & Privacy, Budapest, Hungary, Sep. 2016. [Preprint] [Sourcecode] [Bib]|
|2016.05||Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]|
|2016.04||Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]|
|2016.04||Oliver Gasser, Felix Emmert, Georg Carle, “Digging for Dark IPMI Devices: Advancing BMC Detection and Evaluating Operational Security,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Pdf] [Bib]|
|2015.11||Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]|
|2015.11||Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]|
Finished student theses
|Sirus Shahbakhti||Scalable Solution for the Protection of SSH using DNSSEC||BA||Dr. Heiko Niedermayer, Lukas Schwaighofer|
|Benedikt Engeser||Informed Route Selection Strategies for Multipath Routing||MA||Heiko Niedermayer, Sree Harsha Totakura|
|Hugues Fafard||Secure Port-Knocked Communications||BA||Sree Harsha Totakura|
|Daniel Sel||Authenticated Scalable Port-Knocking||BA||Sree Harsha Totakura, Heiko Niedermayer|
|Pirmin Blanz||IPv6 TLS Security Scanning||MA||Oliver Gasser, Quirin Scheitle|
|Elias Hazboun||Applicability and Performance Analysis of Encrypted Databases for Smart Environments||MA||Dr. Heiko Niedermayer, Dr. Holger Kinkelin, Marcel von Maltitz|
|Sebastian Gebhard||IPv6 Scanning - Smart Address Selection and Comparison to Legacy IP||MA||Oliver Gasser, Quirin Scheitle|
|Felix Emmert||Messung und Evalution der Verbreitung von IPMI-Geräten mit aktiven Scans||BA||Oliver Gasser|
Open and running student theses
|Max Helm||Evaluating TLS Certificate Transparency Logs using Active Scans||IDP||Oliver Gasser, Benjamin Hof|
|Hendrik Eichner||Revisiting SSH Security in the Internet||BA||Oliver Gasser, Minoo Rouhi|
|Jan-Philipp Lauinger||Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans||Forschungspraxis||Oliver Gasser, Sree Harsha Totakura|
|Fabian Raab||Influence of BGP Community Attributes on Routing and Internet Traffic||IDP||Oliver Gasser, Quirin Scheitle, Christoph Dietzel|
|Benedict Drechsler||Federated Identity and Transaction Management over Blockchain||BA||Dr. Heiko Niedermayer, Dr.Holger Kinkelin|
|Jan Felix Hoops||Federated Identity and Transaction Management over Blockchain II||BA||Dr. Heiko Niedermayer, Dr.Holger Kinkelin|
|open||Certificate Monitoring||BA, MA||Heiko Niedermayer, Sree Harsha Totakura|
|Markus Paulsen||Certificate Monitoring||BA||Heiko Niedermayer|
|open||Models for Normal and Attack Traffic in Traffic Causality Graphs||BA, MA||Heiko Niedermayer|
|open||Traceable Measurement Result Publication in Append-only Ledgers||MA, IDP, Hiwi||Oliver Gasser, Quirin Scheitle|
|Michael Mitterer||Applicability and Performance Analysis of Encrypted Databases for Smart Environments||BA||Dr. Heiko Niedermayer, Marcel von Maltitz|
|open||Enhanced Certificate Protection||BA, MA||Heiko Niedermayer, Sree Harsha Totakura|
|open||Route Monitoring to Detect Anomalies On Your Connection||BA, MA||Heiko Niedermayer, Sree Harsha Totakura|
|open||An Informed Path Selection Overlay (extended)||BA, MA||Heiko Niedermayer, Sree Harsha Totakura|