5,568 research outputs found
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment
With the evolution of computer systems, the amount of sensitive data to be
stored as well as the number of threats on these data grow up, making the data
confidentiality increasingly important to computer users. Currently, with
devices always connected to the Internet, the use of cloud data storage
services has become practical and common, allowing quick access to such data
wherever the user is. Such practicality brings with it a concern, precisely the
confidentiality of the data which is delivered to third parties for storage. In
the home environment, disk encryption tools have gained special attention from
users, being used on personal computers and also having native options in some
smartphone operating systems. The present work uses the data sealing, feature
provided by the Intel Software Guard Extensions (Intel SGX) technology, for
file encryption. A virtual file system is created in which applications can
store their data, keeping the security guarantees provided by the Intel SGX
technology, before send the data to a storage provider. This way, even if the
storage provider is compromised, the data are safe. To validate the proposal,
the Cryptomator software, which is a free client-side encryption tool for cloud
files, was integrated with an Intel SGX application (enclave) for data sealing.
The results demonstrate that the solution is feasible, in terms of performance
and security, and can be expanded and refined for practical use and integration
with cloud synchronization services
Multiplexing of encrypted data using fractal masks
This paper was published in OPTICS LETTERS and is made available as an electronic reprint with the permission of OSA. The paper can be found at the following URL on the OSA website: http://dx.doi.org/10.1364/OL.37.002895. Systematic or multiple reproduction or distribution to multiple locations via electronic or other means is prohibited and is subject to penalties under lawIn this Letter, we present to the best of our knowledge a new all-optical technique for multiple-image encryption and multiplexing, based on fractal encrypting masks. The optical architecture is a joint transform correlator. The multiplexed encrypted data are stored in a photorefractive crystal. The fractal parameters of the key can be easily tuned to lead to a multiplexing operation without cross talk effects. Experimental results that support the potential of the method are presented.This research was performed under grants TWAS-UNESCO Associateship Scheme at Centres of Excellence in the South, CONICET No. 0863 (Argentina), ANCYT PICT 1167 (Argentina), and Facultad de Ingenieria, Universidad Nacional de La Plata No. 11/I125 (Argentina), Sostenibilidad 2011-2012, and CODI (Universidad de Antioquia-Colombia). W. D. Furlan and J. A. Monsoriua acknowledge financial support from Ministerio de Economia y Competitividad (grant FIS2011-23175), Generalitat Valenciana (grant PROMETEO2009-077), and Universitat Politecnica de Valencia (grants PAID-05-11 and PAID-02-11), Spain.Barrera, J.; Tebaldi, M.; Amaya, D.; Furlan, W.; Monsoriu Serra, JA.; Bolognini, NA.; Torroba, RD.... (2012). Multiplexing of encrypted data using fractal masks. Optics Letters. 37(14):2895-2897. doi:10.1364/OL.37.002895S289528973714Refregier, P., & Javidi, B. (1995). Optical image encryption based on input plane and Fourier plane random encoding. Optics Letters, 20(7), 767. doi:10.1364/ol.20.000767Matoba, O., & Javidi, B. (1999). Encrypted optical memory system using three-dimensional keys in the Fresnel domain. Optics Letters, 24(11), 762. doi:10.1364/ol.24.000762Unnikrishnan, G., Joseph, J., & Singh, K. (2000). Optical encryption by double-random phase encoding in the fractional Fourier domain. Optics Letters, 25(12), 887. doi:10.1364/ol.25.000887Nomura, T. (2000). Polarization encoding for optical security systems. Optical Engineering, 39(9), 2439. doi:10.1117/1.1288369Tebaldi, M., Furlan, W. D., Torroba, R., & Bolognini, N. (2009). Optical-data storage-readout technique based on fractal encrypting masks. Optics Letters, 34(3), 316. doi:10.1364/ol.34.000316Situ, G., & Zhang, J. (2005). Multiple-image encryption by wavelength multiplexing. Optics Letters, 30(11), 1306. doi:10.1364/ol.30.001306Liu, Z., & Liu, S. (2007). Double image encryption based on iterative fractional Fourier transform. Optics Communications, 275(2), 324-329. doi:10.1016/j.optcom.2007.03.039Hwang, H.-E., Chang, H. T., & Lie, W.-N. (2009). Multiple-image encryption and multiplexing using a modified Gerchberg-Saxton algorithm and phase modulation in Fresnel-transform domain. Optics Letters, 34(24), 3917. doi:10.1364/ol.34.003917Matoba, O., & Javidi, B. (1999). Encrypted optical storage with angular multiplexing. Applied Optics, 38(35), 7288. doi:10.1364/ao.38.007288Fredy Barrera, J., Henao, R., Tebaldi, M., Torroba, R., & Bolognini, N. (2006). Multiplexing encryption–decryption via lateral shifting of a random phase mask. Optics Communications, 259(2), 532-536. doi:10.1016/j.optcom.2005.09.027Henao, R., Rueda, E., Barrera, J. F., & Torroba, R. (2010). Noise-free recovery of optodigital encrypted and multiplexed images. Optics Letters, 35(3), 333. doi:10.1364/ol.35.000333Barrera, J. F., Henao, R., Tebaldi, M., Torroba, R., & Bolognini, N. (2006). Multiple image encryption using an aperture-modulated optical system. Optics Communications, 261(1), 29-33. doi:10.1016/j.optcom.2005.11.055Mosso, F., Barrera, J. F., Tebaldi, M., Bolognini, N., & Torroba, R. (2011). All-optical encrypted movie. Optics Express, 19(6), 5706. doi:10.1364/oe.19.005706Monsoriu, J. A., Saavedra, G., & Furlan, W. D. (2004). Fractal zone plates with variable lacunarity. Optics Express, 12(18), 4227. doi:10.1364/opex.12.00422
Device-Based Isolation for Securing Cryptographic Keys
In this work, we describe an eective device-based isolation
approach for achieving data security. Device-based isolation
leverages the proliferation of personal computing devices to
provide strong run-time guarantees for the condentiality of
secrets. To demonstrate our isolation approach, we show its
use in protecting the secrecy of highly sensitive data that
is crucial to security operations, such as cryptographic keys
used for decrypting ciphertext or signing digital signatures.
Private key is usually encrypted when not used, however,
when being used, the plaintext key is loaded into the memory
of the host for access. In our threat model, the host may
be compromised by attackers, and thus the condentiality of
the host memory cannot be preserved. We present a novel
and practical solution and its prototype called DataGuard to
protect the secrecy of the highly sensitive data through the
storage isolation and secure tunneling enabled by a mobile
handheld device. DataGuard can be deployed for the key
protection of individuals or organizations
- …