Chameleon: A Secure Cloud-Enabled and Queryable System with Elastic Properties

There are two dominant themes that have become increasingly more important in our technological society. First, the recurrent use of cloud-based solutions which provide infrastructures, computation platforms and storage as services. Secondly, the use of applicational large logs for analytics and operational monitoring in critical systems. Moreover, auditing activities, debugging of applications and inspection of events generated by errors or potential unexpected operations - including those generated as alerts by intrusion detection systems - are common situations where extensive logs must be analyzed, and easy access is required. More often than not, a part of the generated logs can be deemed as sensitive, requiring a privacy-enhancing and queryable solution. In this dissertation, our main goal is to propose a novel approach of storing encrypted critical data in an elastic and scalable cloud-based storage, focusing on handling JSONbased ciphered documents. To this end, we make use of Searchable and Homomorphic Encryption methods to allow operations on the ciphered documents. Additionally, our solution allows for the user to be near oblivious to our system’s internals, providing transparency while in use. The achieved end goal is a unified middleware system capable of providing improved system usability, privacy, and rich querying over the data. This previously mentioned objective is addressed while maintaining server-side auditable logs, allowing for searchable capabilities by the log owner or authorized users, with integrity and authenticity proofs. Our proposed solution, named Chameleon, provides rich querying facilities on ciphered data - including conjunctive keyword, ordering correlation and boolean queries - while supporting field searching and nested aggregations. The aforementioned operations allow our solution to provide data analytics upon ciphered JSON documents, using Elasticsearch as our storage and search engine.O uso recorrente de soluções baseadas em nuvem tornaram-se cada vez mais importantes na nossa sociedade. Tais soluções fornecem infraestruturas, computação e armazenamento como serviços, para alem do uso de logs volumosos de sistemas e aplicações para análise e monitoramento operacional em sistemas críticos. Atividades de auditoria, debugging de aplicações ou inspeção de eventos gerados por erros ou possíveis operações inesperadas - incluindo alertas por sistemas de detecção de intrusão - são situações comuns onde logs extensos devem ser analisados com facilidade. Frequentemente, parte dos logs gerados podem ser considerados confidenciais, exigindo uma solução que permite manter a confidencialidades dos dados durante procuras. Nesta dissertação, o principal objetivo é propor uma nova abordagem de armazenar logs críticos num armazenamento elástico e escalável baseado na cloud. A solução proposta suporta documentos JSON encriptados, fazendo uso de Searchable Encryption e métodos de criptografia homomórfica com provas de integridade e autenticação. O objetivo alcançado é um sistema de middleware unificado capaz de fornecer privacidade, integridade e autenticidade, mantendo registos auditáveis do lado do servidor e permitindo pesquisas pelo proprietário dos logs ou usuários autorizados. A solução proposta, Chameleon, visa fornecer recursos de consulta atuando em cima de dados cifrados - incluindo queries conjuntivas, de ordenação e booleanas - suportando pesquisas de campo e agregações aninhadas. As operações suportadas permitem à nossa solução suportar data analytics sobre documentos JSON cifrados, utilizando o Elasticsearch como armazenamento e motor de busca

Novel Techniques for Secure Use of Public Cloud Computing Resources

The federal government has an expressed interest in moving data and services to third party service providers in order to take advantage of the flexibility, scalability, and potential cost savings. This approach is called cloud computing. The thesis for this research is that efficient techniques exist to support the secure use of public cloud computing resources by a large, federated enterprise. The primary contributions of this research are the novel cryptographic system MA-AHASBE (Multi-Authority Anonymous Hierarchical Attribute-Set Based Encryption), and the techniques used to incorporate MA-AHASBE in a real world application. Performance results indicate that while there is a cost associated with enforcing the suggested security model, the cost is not unreasonable and the benefits in security can be significant. The contributions of this research give the DoD additional tools for supporting the mission while taking advantage of the cost efficient public cloud computing resources that are becoming widely available

An SLR on Edge Computing Security and possible threat protection

Mobile and Internet of Things devices are generating enormous amounts of multi-modal data due to their exponential growth and accessibility. As a result, these data sources must be directly analyzed in real time at the network edge rather than relying on the cloud. Significant processing power at the network's edge has made it possible to gather data and make decisions prior to data being sent to the cloud. Moreover, security problems have significantly towered as a result of the rapid expansion of mobile devices, Internet of Things (IoT) devices, and various network points. It's much harder than ever to guarantee the privacy of sensitive data, including customer information. This systematic literature review depicts the fact that new technologies are a great weapon to fight with the attack and threats to the edge computing security

USER PERCEPTIONS OF AND ATTITUDES TOWARD ENCRYPTED COMMUNICATION

As people rely more heavily on online communication, privacy becomes an increasingly critical concern. Users of communication services (e.g., email and messaging) risk breaches of confidentiality due to attacks on the service from outsiders or rogue employees, or even government subpoenas and network surveillance. End-to-end encryption, in which anyone cannot read the user's content, is the only way to fully protect their online communications from malicious attackers, rogue company employees, and government surveillance. Although in recent years we have witnessed considerable efforts to push end-to-end encryption into broader adoption, and indeed several popular messaging tools have adopted end-to-end encryption, some obstacles still remain which hinder general users from proactively and confidently adopting end-to-end encrypted communication tools and acknowledge their security benefits. In this dissertation, we investigated the adoption of end-to-end encrypted communication from a variety of user-centered perspectives. In the first part, we conducted a lab study (n=52), evaluating how general users understand the balance between the usability and security for different key management models in end-to-end encryption. We found that participants understood the models well and made coherent assessments about when different tradeoffs might be appropriate. Our participants recognized that the less-convenient exchange model was more secure overall, but found the security of the key-directory based model to be "good enough" for many everyday purposes. In the second part, we explored how general users value the usability and security tradeoffs for different approaches of searching over end-to-end encrypted messages. After systematizing these tradeoffs to identify key feature differences, we used these differences as a basis for a choice-based conjoint analysis experiment (n=160). We found that users indicated high relative importance for increasing privacy and minimizing local storage requirements. While privacy was more important overall, after the initial improvement was made, further improvement was considered less valuable. Also, local storage requirement was more important than adding marginal privacy. Since significant research indicated that non-expert users' mental models about end-to-end encryption led them to make mistakes when using these tools, in the third part of this dissertation, we took the first step to tackle this problem by providing high-level, roughly correct information about end-to-end encryption to non-expert users. In a lab study, participants (n=25) were shown one of several variations on a short tutorial. Participants were asked about their understanding of end-to-end encryption before and after the tutorial, as well as which information they found most useful and surprising. Overall, participants effectively learned many benefits and limitations of end-to-end encryption; however, some concerns and misconceptions still remained, and our participants even developed new ones. The results provided insight into how to structure new educational materials for end-to-end encryption

Design tools for ontology-based network communication protocols

Internet of Things has evolved quickly and reached to every aspect of our lives over the years. The number of new heterogeneous, distributed devices and applications connecting to the Internet is growing exponentially every day. As a result, data interoperability has become a prerequisite for IoT networks. However, the current infrastructures and communication protocols do not provide a convenient way for applications from different domains to interpret and process each other’s data, which is stored in vastly diversified, non-standardized formats. Due to this lack of common ground, in many cases, the integration overhead hinders organisations from exchanging their data to generate business values. Semantic technologies would be a promising solution for these issues, thanks to its ability to capture the high-level meaning of data. Asema is developing SmartAPI, a semantics-based API framework for sharing data between IoT systems. This thesis work is a part of SmartAPI project, focuses on designing and developing a data designer application. I build a single page web application with a modern graphical user interface, allowing users to create, organise and share data models