Dirk Achenbach

MimoSecco: A Middleware for Secure Cloud Storage

The biggest impediment for the adoption of cloud computing practices is the lack of trust in the confidentiality of one’s data in the cloud. The prevalent threat in the cloud computing model are so-called insider attacks. Full data encryption can only solve the problem in the trivial case of backups. Any sophisticated service provided on data requires insight into the structure of that data. One purpose of encryption is to prevent such insights. We introduce the MimoSecco project. In MimoSecco, we are investigating reasonable compromises. We employ two techniques, separation of duties and secure hardware. With separation of duties, we fragment a database and separate the fragments geographically. The goal is to make it infeasible to reconstruct the database from one fragment alone. The secure hardware tokens we employ are hard-to-copy devices which offer encryption, decryption and cryptographically signing of data. The keys used are stored in the tamper-proof hardware device and never leave it. We are in the process of developing a prototypical database adapter that behaves like a SQL database, but stores data securely.

Closing the Gap: A Universal Privacy Framework for Outsourced Data

We study formal privacy notions for data outsourcing schemes. The aim of our efforts is to define a security framework that is applicable to highly elaborate as well as practical constructions. First, we define the privacy objectives data privacy, query privacy, and result privacy. We then investigate fundamental relations among them. Second, to make them applicable to practical constructions, we define generalisations of our basic notions. Lastly, we show how various notions from the literature fit into our framework. Data privacy and query privacy are independent concepts, while result privacy is consequential to them. The generalised notions allow for a restriction on the number of the adversary’s oracle calls, as well as a “leakage relation” that restricts the adversary’s choice of challenges. We apply the generalised notions to existing security notions from the fields of searchable encryption, private information retrieval, and secure database outsourcing. Some are direct instantiations of our notions, others intertwine the concepts. This work provides a privacy framework for data outsourcing schemes from various cryptographic fields with an unified view, from which several new interesting research questions emerge.

Universally Composable Firewall Architectures Using Trusted Hardware

Network firewalls are a standard security measure in computer networks that connect to the Internet. Often, ready-to-use firewall appliances are trusted to protect the network from malicious Internet traffic. However, because of their black-box nature, no one can be sure of their exact functionality. We address the possibility of actively compromised firewalls. That is, we consider the possibility that a network firewall might collaborate with an outside adversary to attack the network. To alleviate this threat, we suggest composing multiple firewalls from different suppliers to obtain a secure firewall architecture. We rigorously treat the composition of potentially malicious network firewalls in a formal model based on the Universal Composability framework. Our security assumption is trusted hardware. We show that a serial concatenation of firewalls is insecure even when trusted hardware ensures that no new packages are generated by the compromised firewall. Further, we show that the parallel composition of two firewalls is only secure when the order of packets is not considered. We prove that the parallel composition of three firewalls is insecure, unless a modified trusted hardware is used.

Die Blockchain im Rampenlicht

ZusammenfassungEs gibt verschiedene Ausprägungen der Blockchain-Technologie; einige davon wurden in DuD 8/2017 vorgestellt. Sie unterscheiden sich insbesondere in den ihnen zugrundeliegenden (Sicherheits-) Annahmen und Mechanismen. Daher darf die Blockchain nicht als Universaltechnologie gesehen werden–die Gründe dafür diskutieren die Autoren im vorliegenden Beitrag.

Synchronous Universally Composable Computer Networks

Designers of modern IT networks face tremendous security challenges. As systems grow ever more complex and connected it is essential that they resist even previously-unknown attacks. Using formal models to analyse the security of cryptographic protocols is a well-established practice. However, the security of complex networks is often still evaluated in an ad-hoc fashion. We analyse the applicability of formal security models for complex networks and narrow the gap between security proofs for abstract cryptographic protocols and real-world systems. Specifically we use the Universal Composability framework together with Katz et al.’s extensions for synchronous computation and bounded-delay channels [15]. This allows us to model availability guarantees. We propose a 5-phase paradigm for specifying protocols in a clear representation. To capture redundant formalisms and simplify defining network topologies, we introduce two functionalities \(\mathcal {F}_{\mathsf {wrap}}\) and \(\mathcal {F}_{\mathsf {net}}\). Demonstrating the applicability of our approach, we re-prove Lamport et al.’s well-known solution to the Byzantine Generals Problem [16] with four parties. We further complete a result of Achenbach et al. [1], proving that a “firewall combiner” for three network firewalls is available.

ReDS: A System for Revision-Secure Data Storage

The CLOUDwerker project seeks to develop a tool that allows for the collaborative creation of documents in a cloud environment. This necessitates a secure, non-repudiable document storage layer. We introduce ReDS, a software backend that stores encrypted documents in the cloud. The system also guarantees the non-repudiability of changes, makes older revisions of files accessible and has access control. Our architecture makes use of a trusted master server to store encryption keys and perform authentication and authorization. We implemented ReDS using Python and several open-source components. ReDS is open source and available for download.

Das Kryptologikum: Kryptographie begreifen

ZusammenfassungDie Kryptographie war über Jahrhunderte eine Geheimwissenschaft. Das hat sich erst mit der Entwicklung des Internet und des daraus resultierenden Bedarfs an allgemeiner Verfügbarkeit kryptographischer Mechanismen geändert. Dennoch zählen die Hintergründe und Funktionsweisen kryptographischer Verfahren nach wie vor nicht zum Allgemeinwissen. Hier will das Kryptologikum abhelfen — eine Ausstellung für die anschauliche Vermittlung von Kryptographiegeschichte und modernen kryptographischen Verfahren und Anwendungen.