Arnaud Kaiser

Light blind: Why encrypt if you can share?

The emergence of cloud computing makes the use of remote storage more and more common. Clouds provide cheap and virtually unlimited storage capacity. Moreover, thanks to replication, clouds offer high availability of stored data. The use of public clouds storage make data confidentiality more critical as the user has no control on the physical storage device nor on the communication channel. The common solution is to ensure data confidentiality by encryption. Encryption gives strong confidentiality guarantees but comes with a price. The time needed to encrypt and decrypt data increases with respect to the size of input data, making encryption expensive. Due to its overhead, encryption is not universally used and a non-negligible amount of data is insecurely stored in the cloud. In this paper, we propose a new mechanism, called Light Blind, that allows confidentiality of data stored in the cloud at a lower time overhead than classical cryptographic techniques. The key idea of our work is to partition unencrypted data across multiple clouds in such a way that none of them can reconstruct the original information. In this paper we describe this new approach and we propose a partition algorithm with constant time complexity tailored for modern multi/many-core architectures.

Security of C-ITS messages: A practical solution the ISE project demonstrator

Cooperative Intelligent Transport Systems (C-ITS) offer innovative ways of wireless communication between Intelligent Transport Systems (ITS) stations and ITS road-side stations. They favour the development of ITS applications to improve traffic management, road safety, mobility and other comfort services. C-ITS systems have to guarantee communication security, especially in heterogeneous network environments. Safety critical applications require authentication to avoid attackers to send spoofed or reforged information, nevertheless, cars and drivers privacy must be maintained. We present a demonstration of the C-ITS security management infrastructure of the ITS-Security (ISE) project [1]. Through our demonstrator we show how ISE provides message authentication without violating cars and drivers privacy. Our demonstrator allows the public to run an attack scenario with and without the ISE security system, making evident importance of securing ITS communications.

TLS for Cooperative ITS Services

TLS is currently receiving much attention and seems to be the most promising candidate as a secure protocol for the current and future online services. Many security protocols have been developed to handle security problems in various circumstances. However, these protocols are often limited and related to precised contexts and architectures and cannot answer special application and networks needs such as securing transactions between several vehicles in vehicular networks. In this paper, we propose to extend the Transport Layer Security (TLS) protocol by using ETSI and IEEE certificates to securely exchange data between multiple vehicular network components through a single TLS session. We propose a formal validation of our extension with the HLPSL language using AVISPA. The proposed extension is currently being implemented over OPENSSL.