SafeCloud
Safe and Privacy-Friendly Cloud Infrastructures
| Scientists: | Sree Harsha Totakura, M. Sc, Dr. Heiko Niedermayer, Prof. Dr.-Ing. Georg Carle |
| Duration: | 01.09.2015 – 30.09.2018 |
| Funding: | EU Horizon 2020 |
| Homepage: | http://www.safecloud-project.eu/ |
Description
Cloud infrastructures raise concerns regarding privacy, integrity, and security of offsite data. These concerns are addressed by encrypting the data to be stored in the cloud. However, if the data is encrypted, the cloud infrastructure can only be used as a backup for the data, but not for running computations on the data. This prevents us from using the computational capabilities of cloud infrastrutures.
To be able to use the computation capabilities and still provide privacy, integrity and security of the data in cloud infrastrutures, a specialized set of algorithms and cryptography are needed. We find these in the fields of Secure Multi-party Computations (SMC), Homomorphic Encryption, and Erasure Resistant Encodings.
Secure Multi-party Computation algorithms allow two parties to compute a result without either party knowing the inputs of the other party. This helps to preserve the privacy of the involved parties as their data is kept private throughout the computation. Any information that is given out about their input is only through the result acquired from the computed function. Obviously, not every function could be computed in this way. However, the current state-of-the-art allows us to compute some functions which are already useful for practical use-cases, albeit moderate to high computational costs. SafeCloud project aims to realize such a use-case by working with a healthcare systems provider. Furthermore, it explores practical implementations of new algorithms to reduce the involved computational costs.
Homomorphic Encryption is used to compute functions on encrypted data. A subset of SMC functions can be realized using this type of encryption. The results of such computations may be encrypted and can only be known to the parties providing the encrypted inputs to the function. This allows us to use the cloud infrastructure for computation while keeping the data encrypted.
Erasure Resistance Encodings are helpful to tangle data from a customer with that of other customers. The tangled data cannot be deleted without severely corrupting the data it is tangled with. This is useful to provide service guarantees by a service provider because the service provider, or an attacker, has no way to delete the data of a customer without deleting data of other customers.
Our contribution to the project is in the development of secure communications middleware. Together with INESC-ID, Portugal we explore ways to provide vulnerability-tolerant communication channels, protected service provising, route monitoring, and multi-path communications.
Partners:
- Cloud&Heat, Germany
- Cybernetica, Estonia
- INESC-ID, Portugal
- INESC-TEC, Portugal
- Maxdata Software, Portugal
- Université de Neuchâtel, Switzerland
- Technische Universität München, Germany
Related publications
| 2018-02-01 | F. Helfert, H. Niedermayer, G. Carle, “Evaluation of Algorithms for Multipath Route Selection over the Internet ,” in 14th International Workshop on Design of Reliable Communication Networks (DRCN), Feb. 2018. [Pdf] [Bib] |
| 2016-09-01 | Daniel Sel, Sree Harsha Totakura, Georg Carle, “sKnock: Scalable Port-Knocking for Masses ,” in Workshop on Mobility and Cloud Security & Privacy, Budapest, Hungary, Sep. 2016. [Preprint] [Sourcecode] [Bib] |
| 2016-05-01 | Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib] |
| 2016-04-01 | Oliver Gasser, Felix Emmert, Georg Carle, “Digging for Dark IPMI Devices: Advancing BMC Detection and Evaluating Operational Security,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Pdf] [Bib] |
| 2016-04-01 | Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib] |
| 2015-11-01 | Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib] |
| 2015-11-01 | Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib] |
Finished student theses
| Author | Title | Type | Advisors | Year | Links |
| Dominik Pham | Experimental Evaluation of Route Hijacking Detection | BA | Heiko Niedermayer, Miguel Pardal | 2018 |
|
| Yannick Gehring | Incorporating Automated Checks in a Distributed Ledger-Based Certificate Issuance System | BA | Dr. Heiko Niedermayer, Dr. Holger Kinkelin | 2018 |
|
| Hamza Zafar | Amplification Attack Detection using Active Measurements | MA | Simon Bauer, Oliver Gasser, Stefan Metzger | 2018 |
|
| Markus Paulsen | Certificate Monitoring | BA | Heiko Niedermayer | 2017 |
|
| Andrea Drekovic | Models for Normal and Attack Traffic in Traffic Causality Graphs | BA | Heiko Niedermayer | 2017 |
|
| Markus Hinz | Experimental Evaluation of Route Monitoring | BA | Heiko Niedermayer, Miguel Pardal | 2017 |
|
| Adrian Schultz | Route Monitoring to detect anomalies on your connection | BA | Heiko Niedermayer | 2017 |
|
| Fabian Helfert | Framework for Informed Route Selection Analysis in Overlay Networks | BA | Heiko Niedermayer, Sree Harsha Totakura | 2017 |
|
| Frederic Naumann | Enhanced Certificate Protection | BA | Heiko Niedermayer, Sree Harsha Totakura | 2017 |
|
| Michael Mitterer | Applicability and Performance Analysis of Encrypted Databases for Smart Environments | BA | Dr. Heiko Niedermayer, Marcel von Maltitz | 2017 |
|
| Sirus Shahbakhti | Scalable Solution for the Protection of SSH using DNSSEC | BA | Dr. Heiko Niedermayer, Lukas Schwaighofer | 2017 |
|
| Jan Felix Hoops | Federated Identity and Transaction Management over Blockchain II | BA | Dr. Heiko Niedermayer, Dr. Holger Kinkelin | 2017 |
|
| Fabian Raab | Influence of BGP Community Attributes on Routing and Internet Traffic | IDP | Oliver Gasser, Quirin Scheitle, Christoph Dietzel | 2017 |
|
| Tobias Brunnwieser | A Framework for Detection and Analysis of HTTPS Interception | MA | Oliver Gasser, Sree Harsha Totakura, Florian Wohlfart | 2017 | |
| Max Helm | Traceable Measurement Result Publication in Append-only Ledgers | MA | Oliver Gasser, Benjamin Hof, Quirin Scheitle | 2017 |
|
| Jan-Philipp Lauinger | Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans | Forschungspraxis | Oliver Gasser, Sree Harsha Totakura | 2017 |
|
| Hendrik Eichner | Revisiting SSH Security in the Internet | BA | Oliver Gasser, Minoo Rouhi | 2017 |
|
| Max Helm | Evaluating TLS Certificate Transparency Logs using Active Scans | IDP | Oliver Gasser, Benjamin Hof | 2017 |
|
| Benedikt Engeser | Informed Route Selection Strategies for Multipath Routing | MA | Heiko Niedermayer, Sree Harsha Totakura | 2016 |
|
| Hugues Fafard | Secure Port-Knocked Communications | BA | Sree Harsha Totakura | 2016 |
|
| Daniel Sel | Authenticated Scalable Port-Knocking | BA | Sree Harsha Totakura, Heiko Niedermayer | 2016 |
|
| Elias Hazboun | Applicability and Performance Analysis of Encrypted Databases for Smart Environments | MA | Dr. Heiko Niedermayer, Dr. Holger Kinkelin, Marcel von Maltitz | 2016 |
|
| Pirmin Blanz | IPv6 TLS Security Scanning | MA | Oliver Gasser, Quirin Scheitle | 2016 | |
| Sebastian Gebhard | IPv6 Scanning - Smart Address Selection and Comparison to Legacy IP | MA | Oliver Gasser, Quirin Scheitle | 2015 |
|
| Felix Emmert | Messung und Evalution der Verbreitung von IPMI-Geräten mit aktiven Scans | BA | Oliver Gasser | 2015 |