Safe and Privacy-Friendly Cloud Infrastructures


Cloud infrastructures raise concerns regarding privacy, integrity, and security of offsite data. These concerns are addressed by encrypting the data to be stored in the cloud. However, if the data is encrypted, the cloud infrastructure can only be used as a backup for the data, but not for running computations on the data. This prevents us from using the computational capabilities of cloud infrastrutures.

To be able to use the computation capabilities and still provide privacy, integrity and security of the data in cloud infrastrutures, a specialized set of algorithms and cryptography are needed. We find these in the fields of Secure Multi-party Computations (SMC), Homomorphic Encryption, and Erasure Resistant Encodings.

Secure Multi-party Computation algorithms allow two parties to compute a result without either party knowing the inputs of the other party. This helps to preserve the privacy of the involved parties as their data is kept private throughout the computation. Any information that is given out about their input is only through the result acquired from the computed function. Obviously, not every function could be computed in this way. However, the current state-of-the-art allows us to compute some functions which are already useful for practical use-cases, albeit moderate to high computational costs. SafeCloud project aims to realize such a use-case by working with a healthcare systems provider. Furthermore, it explores practical implementations of new algorithms to reduce the involved computational costs.

Homomorphic Encryption is used to compute functions on encrypted data. A subset of SMC functions can be realized using this type of encryption. The results of such computations may be encrypted and can only be known to the parties providing the encrypted inputs to the function. This allows us to use the cloud infrastructure for computation while keeping the data encrypted.

Erasure Resistance Encodings are helpful to tangle data from a customer with that of other customers. The tangled data cannot be deleted without severely corrupting the data it is tangled with. This is useful to provide service guarantees by a service provider because the service provider, or an attacker, has no way to delete the data of a customer without deleting data of other customers.

Our contribution to the project is in the development of secure communications middleware. Together with INESC-ID, Portugal we explore ways to provide vulnerability-tolerant communication channels, protected service provising, route monitoring, and multi-path communications.


Related publications

2018-02-01 F. Helfert, H. Niedermayer, G. Carle, “Evaluation of Algorithms for Multipath Route Selection over the Internet ,” in 14th International Workshop on Design of Reliable Communication Networks (DRCN), Feb. 2018. [Bib]
2016-09-01 Daniel Sel, Sree Harsha Totakura, Georg Carle, “sKnock: Scalable Port-Knocking for Masses ,” in Workshop on Mobility and Cloud Security & Privacy, Budapest, Hungary, Sep. 2016. [Preprint] [Sourcecode] [Bib]
2016-05-01 Cornelius Diekmann, Julius Michaelis, Maximilian Haslbeck, Georg Carle, “Verified iptables Firewall Analysis,” in IFIP Networking 2016, Vienna, Austria, May 2016. [Url] [Pdf] [Slides] [Sourcecode] [Rawdata] [Bib]
2016-04-01 Oliver Gasser, Quirin Scheitle, Sebastian Gebhard, Georg Carle, “Scanning the IPv6 Internet: Towards a Comprehensive Hitlist,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Url] [Pdf] [Slides] [Bib]
2016-04-01 Oliver Gasser, Felix Emmert, Georg Carle, “Digging for Dark IPMI Devices: Advancing BMC Detection and Evaluating Operational Security,” in Proc. 8th Int. Workshop on Traffic Monitoring and Analysis, Louvain-la-Neuve, Belgium, Apr. 2016. [Pdf] [Bib]
2015-11-01 Cornelius Diekmann, Lukas Schwaighofer, Georg Carle, “Certifying Spoofing-Protection of Firewalls,” in 11th International Conference on Network and Service Management, CNSM, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Sourcecode] [Rawdata] [DOI] [Bib]
2015-11-01 Cornelius Diekmann, Andreas Korsten, Georg Carle, “Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations,” in 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, Nov. 2015. [Url] [Preprint] [Slides] [Sourcecode] [DOI] [Bib]

Finished student theses

Author Title Type Advisors Year Links
Sirus Shahbakhti Scalable Solution for the Protection of SSH using DNSSEC BA Dr. Heiko Niedermayer, Lukas Schwaighofer 2017 Pdf
Max Helm Evaluating TLS Certificate Transparency Logs using Active Scans IDP Oliver Gasser, Benjamin Hof 2017 Pdf
Tobias Brunnwieser A Framework for Detection and Analysis of HTTPS Interception MA Oliver Gasser, Sree Harsha Totakura, Florian Wohlfart 2017
Markus Paulsen Certificate Monitoring BA Heiko Niedermayer 2017 Pdf
Andrea Drekovic Models for Normal and Attack Traffic in Traffic Causality Graphs BA Heiko Niedermayer 2017 Pdf
Adrian Schultz Route Monitoring to detect anomalies on your connection BA Heiko Niedermayer 2017 Pdf
Jan Felix Hoops Federated Identity and Transaction Management over Blockchain II BA Dr. Heiko Niedermayer, Dr.Holger Kinkelin 2017 Pdf
Frederic Naumann Enhanced Certificate Protection BA Heiko Niedermayer, Sree Harsha Totakura 2017 Pdf
Michael Mitterer Applicability and Performance Analysis of Encrypted Databases for Smart Environments BA Dr. Heiko Niedermayer, Marcel von Maltitz 2017 Pdf
Hendrik Eichner Revisiting SSH Security in the Internet BA Oliver Gasser, Minoo Rouhi 2017 Pdf
Jan-Philipp Lauinger Evaluating Client Discrimination in Anonymization Networks Using Active Network Scans Forschungspraxis Oliver Gasser, Sree Harsha Totakura 2017 Pdf
Fabian Helfert Framework for Informed Route Selection Analysis in Overlay Networks BA Heiko Niedermayer, Sree Harsha Totakura 2017 Pdf
Benedikt Engeser Informed Route Selection Strategies for Multipath Routing MA Heiko Niedermayer, Sree Harsha Totakura 2016 Pdf
Hugues Fafard Secure Port-Knocked Communications BA Sree Harsha Totakura 2016 Pdf
Daniel Sel Authenticated Scalable Port-Knocking BA Sree Harsha Totakura, Heiko Niedermayer 2016 Pdf
Elias Hazboun Applicability and Performance Analysis of Encrypted Databases for Smart Environments MA Dr. Heiko Niedermayer, Dr. Holger Kinkelin, Marcel von Maltitz 2016 Pdf
Pirmin Blanz IPv6 TLS Security Scanning MA Oliver Gasser, Quirin Scheitle 2016
Sebastian Gebhard IPv6 Scanning - Smart Address Selection and Comparison to Legacy IP MA Oliver Gasser, Quirin Scheitle 2015 Pdf
Felix Emmert Messung und Evalution der Verbreitung von IPMI-Geräten mit aktiven Scans BA Oliver Gasser 2015

Open and running student theses

Author Title Type Advisors Year Links
open Passive Privacy-Preserving Amplification Attack Detection at Scale MA, IDP, Hiwi Oliver Gasser, Simon Bauer, Stefan Metzger 2018 Pdf
open Amplification Attack Detection using Active Measurements MA, IDP, Hiwi Oliver Gasser, Simon Bauer, Stefan Metzger 2018 Pdf
offen Designing a Multipath Overlay BA, MA Heiko Niedermayer 2017 Pdf
Max Helm Traceable Measurement Result Publication in Append-only Ledgers MA Oliver Gasser, Benjamin Hof, Quirin Scheitle 2017 Pdf
Fabian Raab Influence of BGP Community Attributes on Routing and Internet Traffic IDP Oliver Gasser, Quirin Scheitle, Christoph Dietzel 2017 Pdf
open Certificate Monitoring BA, MA Heiko Niedermayer, Sree Harsha Totakura 2017 Pdf
open Route Monitoring to Detect Anomalies On Your Connection BA, MA Heiko Niedermayer, Sree Harsha Totakura 2016 Pdf