LINCOS - A Storage System Providing Long-Term Integrity, Authenticity, and Confidentiality (Full Paper)

The amount of digital data that requires long-term protection of integrity, authenticity, and confidentiality grows rapidly. Examples include electronic health records, genome data, and tax data. In this paper we present the secure storage system LINCOS, whichprovides protection of integrity, authenticity, and confidentiality in the long-term, i.e., for an indefinite time period. It is the first such system. It uses the long-term integrity scheme COPRIS, which is also presented here and is the first such scheme that does not leak any information about the protected data. COPRIS uses information-theoretic hiding commitments for confidentiality-preserving integrity and authenticity protection. LINCOS uses proactive secret sharing for confidential storage of secret data. We also present implementations of COPRIS and LINCOS. A special feature of our LINCOS implementation is the use of quantum key distribution and one-time pad encryption for information-theoretic private channels within the proactive secret sharing protocol. The technological platform for this is the Tokyo QKD Network, which is one of worlds most advanced networks of its kind. Our experimental evaluation establishes the feasibility of LINCOS and shows that in view of the expected progress in quantum communication technology, LINCOS is a promising solution for protecting very sensitive data in the cloud

Flexible Long-Term Secure Archiving

Privacy and data protection have always been basic human needs in any society that makes use of written language. From simple personal correspondence over military communication to trade secrets or medical information, confidentiality has been of utmost importance. The implications of a leak of such sensitive information may prove devastating, as the previous examples illustrate perfectly. Furthermore reliability, that is, integrity and authenticitiy of information, is critical with risks reaching from annoying to lethal as can again be seen in the previous examples. This need for data protection has carried over from the analogue to the digital age seamlessly with the amount of data being generated, transmitted and stored increasing steadily and containing more and more personal details. And in regard of the developments in computational technology that recent years have seen, such as the ongoing improvements with respect to quantum computing as well as cryptoanalytical advances, the capabilities of attackers on the security of private information have never been more distinct. Thus the need for privacy and data protection has rarely been more dire

Long-Term Confidential Secret Sharing-Based Distributed Storage Systems

Secret sharing-based distributed storage systems can provide long-term protection of confidentiality and integrity of stored data. This is achieved by periodically refreshing the stored shares and by checking the validity of the generated shares through additional audit data. However, in most real-life environments (e.g. companies), this type of solution is not optimal for three main reasons. Firstly, the access rules of state of the art secret sharing-based distributed storage systems do not match the hierarchical organization in place in these environments. Secondly, data owners are not supported in selecting the most suitable storage servers while first setting up the system nor in maintaining it secure in the long term. Thirdly, state of the art approaches require computationally demanding and unpractical and expensive building blocks that do not scale well. In this thesis, we mitigate the above mentioned issues and contribute to the transition from theory to more practical secret sharing-based long-term secure distributed storage systems. Firstly, we show that distributed storage systems can be based on hierarchical secret sharing schemes by providing efficient and secure algorithms, whose access rules can be adapted to the hierarchical organization of a company and its future modifications. Secondly, we introduce a decision support system that helps data owners to set up and maintain a distributed storage system. More precisely, on the one hand, we support data owners in selecting the storage servers making up the distributed storage system. We do this by providing them with scores that reflect their actual performances, here used in a broad sense and not tied to a specific metric. These are the output of a novel performance scoring mechanism based on the behavioral model of rational agents as opposed to the classical good/bad model. On the other hand, we support data owners in choosing the right secret sharing scheme parameters given the performance figures of the storage servers and guide them in updating them accordingly with the updated performance figures so as to maintain the system secure in the long term. Thirdly, we introduce efficient and affordable distributed storage systems based on a trusted execution environment that correctly outsources the data and periodically computes valid shares. This way, less information-theoretically secure channels have to be established for confidentiality guarantees and more efficient primitives are used for the integrity safeguard of the data. We present a third-party privacy-preserving mechanism that protects the integrity of data by checking the validity of the shares

Hypercube and Cascading-based Algorithms for Secret Sharing Schemes

Secret sharing is a very useful way to maintain secrecy of private data when stored in a distributed way among several nodes. Two significant questions in this area are 1. how to accommodate new nodes and assign shares to the new nodes, the problem becomes harder if the number of joining nodes or the access structure is not known in advance and can be (potentially) unbounded and 2. to reduce the computational complexity of secret sharing schemes. In this paper we propose two new constructions of such secret sharing schemes based on different combinatorial structures. The first construction is based on generalized paths joining the opposite vertices of a hypercube which has been divided into smaller hypercubes. The second construction is a forest- based construction utilizing a dynamic data structure technique known as fractional cascading. The generalized path we call a pavement is new to this paper. Both our constructions use a new secret redistribution scheme to assign and re-assign shares to nodes. Towards the second question we show that allowing certain trade-offs, the constructions are implementable by $AC^0$ circuits which is the lowest complexity class in which secret sharing and reconstruction is possible. To the best of the knowledge of the authors, none of the similar existing schemes (evolving or dynamic) are $AC^0$ computable and this paper for the first time combines the idea of hypercubes and dynamic data structures with secret sharing for preserving long-term confidentiality of secret data

EDU-COM 2004 International conference: new challenges for sustainability and growth in higher education

EDU-COM 2004, an international conference held in Khon Kaen, Thailand from the 24th to the 26th November, 2004 took the theme: New Challenges for Sustainability and Growth in Higher Education. EDU-COM 2004 was sponsored and organised by Edith Cowan University, Khon Kaen University and Bansomdejchaopraya Rajabhat University/ The Conference was structured to address five sub-themes pertinent to the challenges facing higher education worldwide: • Collaboration between campus and community in Higher Education • Collaboration targeting multi-cultural and cross-cultural issues in Higher Education • Collaboration through new teaching and learning technologies in Higher Education • Collaboration for quality: valuing and evaluating performance in Higher Education • Collaboration for effective governance in Higher Education Contributors were invited to address on or more of these sub-themes. All papers published in these proceedings reflect the drive for richer learning experiences, improved learning environments and recognition of the importance of the local community as technology enables us to think globally. Predictably perhaps, e-education brought the most substantial response, a clear indication of the perceived potential for new technologies to influence teaching, learning and administration in higher education. The papers also highlight some of the challenges and emerging expectations for higher education in a world that is increasingly characterised by international alliances, partnerships and tensions – a search for sustainability and equity in a period of rapid social and technological change. The Proceedings are in 3 sections. Section 1 – Keynote Speakers; Section 2 – Academic Peer Reviewed Papers: Section 3 - “Work in Progress”. EDU-COM 2004 was attended by delegates from Australia, Botswana, Cambodia, China, Denmark, England, Hong Kong, Iran, Ireland, Japan, Lao, Myanamar, Singapore, Tanzania, Thailand, Vietnam