Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

A Type-and-Identity-based Proxy Re-Encryption Scheme and its Application in Healthcare

Proxy re-encryption is a cryptographic primitive developed to delegate the decryption right from one party (the delegator) to another (the delegatee). In a proxy re-encryption scheme, the delegator assigns a key to a proxy to re-encrypt all messages encrypted with his public key such that the re-encrypted ciphertexts can be decrypted with the delegatee’s private key. We propose a type-and-identity-based proxy re-encryption scheme based on the Boneh-Franklin Identity Based Encryption (IBE) scheme. In our scheme, the delegator can categorize messages into different types and delegate the decryption right of each type to the delegatee through a proxy. Our scheme enables the delegator to provide the proxy fine-grained re-encryption capability. As an application, we propose a fine-grained Personal Health Record (PHR) disclosure scheme for healthcare service by applying the proposed scheme

Proxy Key Re-encapsulation Mechanism for Group Communications

Many practical applications use hybrid encryption mechanism to deal with large plaintext messages or real-time communication since the performance of the public key encryption scheme is poor. The key encapsulation is a crucial part in hybrid encryption mechanism, which allows a sender to generate a random session key and distribute it to recipient. In this paper we present a proxy key re-encapsulation scheme for group communication. The proxy in our scheme is allowed to transform the encapsulated message corresponding to group A\u27s public key into one that can be decapsulated by the member in group B. It can be used in cases when a group users need to perform sensitive operation without holding the necessary secret key

Revisit of Group-based Unidirectional Proxy Re-encryption Scheme

Currently, researchers have focused their attention on proxy re-encryption scheme deployed between two entities. Lots of bidirectional schemes have been proposed and this kind of scheme is suitable for the scenario in which the two entities have already established a relationship of trust. How to construct a unidirectional scheme is an open problem and receiving increasing attention. In this paper, we present a unidirectional proxy re-encryption scheme for group communication. In this scheme, a proxy is only allowed to convert ciphertext for Alice into ciphertext for Bob without revealing any information on plaintext or private key. It is suitable for the environment in which no mutual relationship exists and transitivity is not permitted. We prove the scheme secure against chosen ciphertext attack in standard model

Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store

Cloud computing is being used by almost everyone, from regular consumer to IT specialists, as it is a way to have high availability, geo-replication, and resource elasticity with pay-as-you-go charging models. Another benefit is the minimal management effort and maintenance expenses for its users. However, security is still pointed out as the main reason hindering the full adoption of cloud services. Consumers lose ownership of their data as soon as it goes to the cloud; therefore, they have to rely on cloud provider’s security assumptions and Service Level Agreements regarding privacy and integrity guarantees for their data. Hardware Security Modules (HSMs) are dedicated cryptographic processors, typically used in secure cloud applications, that are designed specifically for the protection of cryptographic keys in all steps of their life cycles. They are physical devices with tamperproof resistance, but rather expensive. There have been some attempts to virtualize HSMs. Virtual solutions can reduce its costs but without much success as performance is incomparable and security guarantees are hard to achieve in software implementations. In this dissertation, we aim at developing a virtualized HSM supported by modern attestation-based trusted hardware in commodity CPUs to ensure privacy and reliability, which are the main requirements of an HSM. High availability will also be achieved through techniques such as cloud-of-clouds replication on top of those nodes. Therefore virtual HSMs, on the cloud, backed with trusted hardware, seem increasingly promising as security, attestation, and high availability will be guaranteed by our solution, and it would be much cheaper and as reliable as having physical HSMs

Coercion-resistant Proxy Voting

In general, most elections follow the principle of equality, or as it came to be known, the principle of “one man – one vote”. However, this principle might pose difficulties for voters, who are not well informed regarding the particular matter that is voted on. In order to address this issue, a new form of voting has been proposed, namely proxy voting. In proxy voting, each voter has the possibility to delegate her voting right to another voter, so called proxy, that she considers a trusted expert on the matter. In this paper we propose an end-to-end verifiable Internet voting scheme, which to the best of our knowledge is the first scheme to address voter coercion in the proxy voting setting

Blockchain in maritime cybersecurity

Blockchain technologies can be used for many different purposes from handling large amounts of data to creating better solutions for privacy protection, user authentication and a tamper proof ledger which lead to growing interest among industries. Smart contracts, fog nodes and different consensus methods create a scalable environment to secure multi-party connections with equal trust of participanting nodes’ identity. Different blockchains have multiple options for methodologies to use in different environments. This thesis has focused on Ethereum based open-source solutions that fit the remote pilotage environment the best. Autonomous vehicular networks and remote operatable devices have been a popular research topic in the last few years. Remote pilotage in maritime environment is persumed to reach its full potential with fully autonomous vessels in ten years which makes the topic interesting for all researchers. However cybersecurity in these environments is especially important because incidents can lead to financial loss, reputational damage, loss of customer and industry trust and environmental damage. These complex environments also have multiple attack vectors because of the systems wireless nature. Denial-of-service (DoS), man-in-the-middle (MITM), message or executable code injection, authentication tampering and GPS spoofing are one of the most usual attacks against large IoT systems. This is why blockchain can be used for creating a tamper proof environment with no single point-of-failure. After extensive research about best performing blockchain technologies Ethereum seemed the most preferable for decentralised maritime environment. In comparison to most of 2021 blockchain technologies that have focused on financial industries and cryptocurrencies, Ethereum has focused on decentralizing applications within many different industries. This thesis provides three Ethereum based blockchain protocol solutions and one operating system for these protocols. All have different features that add to the base blockchain technology but after extensive comparison two of these protocols perform better in means of concurrency and privacy. Hyperledger Fabric and Quorum provide many ways of tackling privacy, concurrency and parallel execution issues with consistent high throughput levels. However Hyperledger Fabric has far better throughput and concurrency management. This makes the solution of Firefly operating system with Hyperledger Fabric blockchain protocol the most preferable solution in complex remote pilotage fairway environment