Cryptographic Techniques for Securing Data in the Cloud

El paradigma de la computació al núvol proporciona accés remot a potents infraestructures a cost reduït. Tot i que l’adopció del núvol ofereix nombrosos beneficis, la migració de dades sol requerir un alt nivell de confiança en el proveïdor de serveis i introdueix problemes de privacitat. En aquesta tesi es dissenyen tècniques per a permetre a usuaris del núvol protegir un conjunt de dades externalitzades. Les solucions proposades emanen del projecte H2020 de la Comissió Europea “CLARUS: User-Centered Privacy and Security in the Cloud”. Els problemes explorats són la cerca sobre dades xifrades, la delegació de càlculs d’interpolació, els esquemes de compartició de secrets i la partició de dades. Primerament, s’estudia el problema de la cerca sobre dades xifrades mitjançant els esquemes de xifrat cercable simètric (SSE), i es desenvolupen tècniques que permeten consultes per rangs dos-dimensionals a SSE. També es tracta el mateix problema utilitzant esquemes de xifrat cercable de clau pública (PEKS), i es presenten esquemes PEKS que permeten consultes conjuntives i de subconjunt. En aquesta tesi també s’aborda la delegació privada de computacions Kriging. Kriging és un algoritme d’interpolació espaial dissenyat per a aplicacions geo-estadístiques. Es descriu un mètode per a delegar interpolacions Kriging de forma privada utilitzant xifrat homomòrfic. Els esquemes de compartició de secrets són una primitiva fonamental en criptografia, utilitzada a diverses solucions orientades al núvol. Una de les mesures d’eficiència relacionades més importants és la taxa d’informació òptima. Atès que calcular aquesta taxa és generalment difícil, s’obtenen propietats que faciliten la seva descripció. Finalment, es tracta el camp de la partició de dades per a la protecció de la privacitat. Aquesta tècnica protegeix la privacitat de les dades emmagatzemant diversos fragments a diferents ubicacions. Aquí s’analitza aquest problema des d’un punt de vista combinatori, fitant el nombre de fragments i proposant diversos algoritmes.El paradigma de la computación en la nube proporciona acceso remoto a potentes infraestructuras a coste reducido. Aunque la adopción de la nube ofrece numerosos beneficios, la migración de datos suele requerir un alto nivel de confianza en el proveedor de servicios e introduce problemas de privacidad. En esta tesis se diseñan técnicas para permitir a usuarios de la nube proteger un conjunto de datos externalizados. Las soluciones propuestas emanan del proyecto H2020 de la Comisión Europea “CLARUS: User-Centered Privacy and Security in the Cloud”. Los problemas explorados son la búsqueda sobre datos cifrados, la delegación de cálculos de interpolación, los esquemas de compartición de secretos y la partición de datos. Primeramente, se estudia el problema de la búsqueda sobre datos cifrados mediante los esquemas de cifrado simétrico buscable (SSE), y se desarrollan técnicas para permitir consultas por rangos dos-dimensionales en SSE. También se trata el mismo problema utilizando esquemas de cifrado buscable de llave pública (PEKS), y se presentan esquemas que permiten consultas conyuntivas y de subconjunto. Adicionalmente, se aborda la delegación privada de computaciones Kriging. Kriging es un algoritmo de interpolación espacial diseñado para aplicaciones geo-estadísticas. Se describe un método para delegar interpolaciones Kriging privadamente utilizando técnicas de cifrado homomórfico. Los esquemas de compartición de secretos son una primitiva fundamental en criptografía, utilizada en varias soluciones orientadas a la nube. Una de las medidas de eficiencia más importantes es la tasa de información óptima. Dado que calcular esta tasa es generalmente difícil, se obtienen propiedades que facilitan su descripción. Por último, se trata el campo de la partición de datos para la protección de la privacidad. Esta técnica protege la privacidad de los datos almacenando varios fragmentos en distintas ubicaciones. Analizamos este problema desde un punto de vista combinatorio, acotando el número de fragmentos y proponiendo varios algoritmos.The cloud computing paradigm provides users with remote access to scalable and powerful infrastructures at a very low cost. While the adoption of cloud computing yields a wide array of benefits, the act of migrating to the cloud usually requires a high level of trust in the cloud service provider and introduces several security and privacy concerns. This thesis aims at designing user-centered techniques to secure an outsourced data set in cloud computing. The proposed solutions stem from the European Commission H2020 project “CLARUS: User-Centered Privacy and Security in the Cloud”. The explored problems are searching over encrypted data, outsourcing Kriging interpolation computations, secret sharing and data splitting. Firstly, the problem of searching over encrypted data is studied using symmetric searchable encryption (SSE) schemes, and techniques are developed to enable efficient two-dimensional range queries in SSE. This problem is also studied through public key encryption with keyword search (PEKS) schemes, efficient PEKS schemes achieving conjunctive and subset queries are proposed. This thesis also aims at securely outsourcing Kriging computations. Kriging is a spatial interpolation algorithm designed for geo-statistical applications. A method to privately outsource Kriging interpolation is presented, based in homomorphic encryption. Secret sharing is a fundamental primitive in cryptography, used in many cloud-oriented techniques. One of the most important efficiency measures in secret sharing is the optimal information ratio. Since computing the optimal information ratio of an access structure is generally hard, properties are obtained to facilitate its description. Finally, this thesis tackles the privacy-preserving data splitting technique, which aims at protecting data privacy by storing different fragments of data at different locations. Here, the data splitting problem is analyzed from a combinatorial point of view, bounding the number of fragments and proposing various algorithms to split the data

Local Bounds for the Optimal Information Ratio of Secret Sharing Schemes

The information ratio of a secret sharing scheme $\Sigma$ is the ratio between the length of the largest share and the length of the secret, and it is denoted by $\sigma(\Sigma)$. The optimal information ratio of an access structure $\Gamma$ is the infimum of $\sigma(\Sigma)$ among all schemes $\Sigma$ with access structure $\Gamma$, and it is denoted by $\sigma(\Gamma)$. The main result of this work is that for every two access structures $\Gamma$ and $\Gamma\u27$, $|\sigma(\Gamma)-\sigma(\Gamma\u27)|\leq |\Gamma\cup\Gamma\u27|-|\Gamma\cap\Gamma\u27|$. We prove it constructively. Given any secret sharing scheme $\Sigma$ for $\Gamma$, we present a method to construct a secret sharing scheme $\Sigma\u27$ for $\Gamma\u27$ that satisfies that $\sigma(\Sigma\u27)\leq \sigma(\Sigma)+|\Gamma\cup\Gamma\u27|-|\Gamma\cap\Gamma\u27|$. As a consequence of this result, we see that \emph{close} access structures admit secret sharing schemes with similar information ratio. We show that this property is also true for particular classes of secret sharing schemes and models of computation, like the family of linear secret sharing schemes, span programs, Boolean formulas and circuits. In order to understand this property, we also study the limitations of the techniques for finding lower bounds on the information ratio and other complexity measures. We analyze the behavior of these bounds when we add or delete subsets from an access structure

El impacto de las nuevas tecnologías de la información y de la comunicación en el sistema escolar

Summary One of the aims of the school as institution is to insert pupils, generally children and teenagers, in a culture developped in a wider social and economical context. School centres are strongly encouraged to accept the rules imposed by the social reproduction system leading groups. That is why the incorporation of the new technologies means, as printing press and audiovisual aids did in the past, a chance to spread knowledge among a bigger number of people, but -at the same time- it involves the risk of a mechanical, uncritical cultural assimilation which is likely to make clients more than citizens. Key words: Education system, new technologies of information and knowledge, relationships between science and history Una de las finalidades de la escuela como institución es insertar a los alumnos, niños y adolescentes por lo general, en la cultura desarrollada en un contexto social y económico más diverso. Los centros escolares reciben numerosos estímulos para aceptar las reglas impuestas por los grupos hegemónicos en el sistema de reproducción social. Por ello la incorporación de las nuevas tecnologías representa, como en su momento fue la imprenta y los medios audiovisuales, una oportunidad para difundir el conocimiento entre un mayor número de ciudadanos, pero -al mismo tiempo- supone un riesgo de una asimilación cultural mecánica, poco crítica y que forme más a clientes que a ciudadanos. Palabras clave: Sistema escolar, nuevas tecnologías de información y comunicación, relaciones entre ciencia e histori

A security model for randomization-based protected caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.This research was supported by the European Union Regional Development Fund withinthe framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of50% of the total cost eligible, under the DRAC project [001-P-001723], and by the SpanishGovernment, under the CONSENT project [RTI2018-095094-B-C21]. Carles Hernándezis partially supported by Spanish Ministry of Science, Innovation and Universities under“Ramón y Cajal”, fellowship No. RYC2020-030685-I. Vatistas Kostalabros is partiallysupported by the Agency for Management of University and Research Grants (AGAUR) ofthe Government of Catalonia, under “Ajuts per a la contractació de personal investigadornovell”, fellowship No. 2019FI B01274. Miquel Moretó is partially supported by theSpanish Ministry of Economy, Industry and Competitiveness under “Ramón y Cajal”,fellowship No. RYC-2016-21104.Peer ReviewedPostprint (published version

HLS-based HW/SW co-design of the post-quantum classic McEliece cryptosystem

While quantum computers are rapidly becoming more powerful, the current cryptographic infrastructure is imminently threatened. In a preventive manner, the U.S. National Institute of Standards and Technology (NIST) has initiated a process to evaluate quantum-resistant cryptosystems, to form the first post-quantum (PQ) cryptographic standard. Classic McEliece (CM) is one of the most prominent cryptosystems considered for standardization in NIST’s PQ cryptography contest. However, its computational cost poses notable challenges to a big fraction of existing computing devices. This work presents an HLS-based, HW/SW co-design acceleration of the CM Key Encapsulation Mechanism (CM KEM). We demonstrate significant maximum speedups of up to 55.2 ×, 3.3 ×, and 8.7 × in the CM KEM algorithms of key generation, encapsulation, and decapsulation respectively, comparing to a SW-only scalar implementation.This research was supported by the European Union Regional Development Fund within the framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of 50% of the total cost eligible, under the DRAC project [001- P-001723]. It was also supported by the Spanish goverment (grant RTI2018-095094-B-C21 “CONSENT”), by the Spanish Ministry of Science and Innovation (contracts PID2019- 107255GB-C21, PID2019-107255GB-C21) and by the Catalan Government (contracts 2017-SGR-1414, 2017-SGR-705). This work has also received funding from the European Union Horizon 2020 research and innovation programme under grant agreement No. 871467. V. Kostalabros has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under "Ajuts per a la contractació de personal investigador novell" fellowship No. 2019FI B01274. M. Moreto was also partially supported by the Spanish Ministry of Economy, Industry and Competitiveness under "Ramón y Cajal" fellowship No. RYC-2016-21104.Peer ReviewedPostprint (author's final draft

A security model for randomization-based protected caches

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache sidechannel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.This research was supported by the European Union Regional Development Fund withinthe framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of50% of the total cost eligible, under the DRAC project [001-P-001723], and by the SpanishGovernment, under the CONSENT project [RTI2018-095094-B-C21]. Carles Hernándezis partially supported by Spanish Ministry of Science, Innovation and Universities under“Ramón y Cajal”, fellowship No. RYC2020-030685-I. Vatistas Kostalabros is partiallysupported by the Agency for Management of University and Research Grants (AGAUR) ofthe Government of Catalonia, under “Ajuts per a la contractació de personal investigadornovell”, fellowship No. 2019FI B01274. Miquel Moretó is partially supported by theSpanish Ministry of Economy, Industry and Competitiveness under “Ramón y Cajal”,fellowship No. RYC-2016-21104.Peer ReviewedPostprint (published version

First attempts to obtain a reference drift curve for traditional olive grove's plantations following ISO 22866

The current standard for the field measurements of spray drift (ISO 22866) is the only official standard for drift measurements in field conditions for all type of crops, including bushes and trees. A series of field trials following all the requirements established in the standard were arranged in a traditional olive grove in Córdoba (south of Spain). The aims of the study were to evaluate the applicability of the current standard procedure to the particular conditions of traditional olive trees plantations, to evaluate the critical requirements for performing the tests and to obtain a specific drift curve for such as important and specific crop as olive trees in traditional plantations, considering the enormous area covered by this type of crop all around the world.The authors thank the Ministry of Economy and Competitiveness of the Spanish Government for their economic support through the pre-commercial procurement Mecaolivar project, financed with FEDER funds, and the AgVANCE project (AGL2013-48297-C2-1-R). The first author acknowledges the support of the Spanish Ministry of Education, Culture and SportPostprint (updated version

Antitumor Effects of Ral-GTPases Downregulation in Glioblastoma.

Glioblastoma (GBM) is the most common tumor in the central nervous system in adults. This neoplasia shows a high capacity of growth and spreading to the surrounding brain tissue, hindering its complete surgical resection. Therefore, the finding of new antitumor therapies for GBM treatment is a priority. We have previously described that cyclin D1-CDK4 promotes GBM dissemination through the activation of the small GTPases RalA and RalB. In this paper, we show that RalB GTPase is upregulated in primary GBM cells. We found that the downregulation of Ral GTPases, mainly RalB, prevents the proliferation of primary GBM cells and triggers a senescence-like response. Moreover, downregulation of RalA and RalB reduces the viability of GBM cells growing as tumorspheres, suggesting a possible role of these GTPases in the survival of GBM stem cells. By using mouse subcutaneous xenografts, we have corroborated the role of RalB in GBM growth in vivo. Finally, we have observed that the knockdown of RalB also inhibits cell growth in temozolomide-resistant GBM cells. Overall, our work shows that GBM cells are especially sensitive to Ral-GTPase availability. Therefore, we propose that the inactivation of Ral-GTPases may be a reliable therapeutic approach to prevent GBM progression and recurrence.This work was funded by the Catalan Government—AGAUR (2017 SGR-569), Ministerio de Ciencia e Innovaciön (PID2019-104859GB-I00; RTI2018-094739-B-I00; PID2019-104734RB-I00), and by the Xarxa de Bancs de Tumors de Catalunya sponsored by Pla Director d’Oncologia de Catalunya (XBTC). T Cemeli (FPU13/06590), M.Guasch (FPU17/00229), R. Navaridas (FPU18/04480), and M. Ribes (TALENT-IRBLleida) were supported by a pre-doctoral fellowship from Ministerio de Educación, Cultura y Deportes, and from Diputació de Lleida

A crowdsourcing database for the copy-number variation of the Spanish population

Background: Despite being a very common type of genetic variation, the distribution of copy-number variations (CNVs) in the population is still poorly understood. The knowledge of the genetic variability, especially at the level of the local population, is a critical factor for distinguishing pathogenic from non-pathogenic variation in the discovery of new disease variants. Results: Here, we present the SPAnish Copy Number Alterations Collaborative Server (SPACNACS), which currently contains copy number variation profiles obtained from more than 400 genomes and exomes of unrelated Spanish individuals. By means of a collaborative crowdsourcing effort whole genome and whole exome sequencing data, produced by local genomic projects and for other purposes, is continuously collected. Once checked both, the Spanish ancestry and the lack of kinship with other individuals in the SPACNACS, the CNVs are inferred for these sequences and they are used to populate the database. A web interface allows querying the database with different filters that include ICD10 upper categories. This allows discarding samples from the disease under study and obtaining pseudo-control CNV profiles from the local population. We also show here additional studies on the local impact of CNVs in some phenotypes and on pharmacogenomic variants. SPACNACS can be accessed at: http://csvs.clinbioinfosspa.es/spacnacs/. Conclusion: SPACNACS facilitates disease gene discovery by providing detailed information of the local variability of the population and exemplifies how to reuse genomic data produced for other purposes to build a local reference database