Michael Brenner

Poster: an implementation of the fully homomorphic smart-vercauteren crypto-system

Since the discovery of a fully homomorphic cryptographic scheme by Gentry, a number of different schemes have been proposed that apply the bootstrap technique of Gentrys original approach. However, to date no implementation of fully homomorphic encryption has been publicly released. This poster presents a working implementation of the Smart-Vercauteren scheme that will be freely available and gives substantial implementation hints.

METDS - A Self-contained, Context-Based Detection System for Evil Twin Access Points

Mobile Evil Twin attacks stem from the missing authentication of open WiFi access points. Attackers can trick users into connecting to their malicious networks and thereby gain the capability to mount further attacks. Although some recognition and prevention techniques have been proposed, they have been impractical and thus have not seen any adoption. To quantify the scale of the threat of evil twin attacks we performed a field study with 92 participants to collect their WiFi usage patterns. With this data we show how many of our participants are potentially open to the evil twin attack. We also used the data to develop and optimize a context-based recognition algorithm, that can help mitigate such attacks. While it cannot prevent the attacks entirely it gives users the chance to detect them, raises the amount of effort for the attacker to execute such attacks and also significantly reduces the amount of vulnerable users which can be targeted by a single attack. Using simulations on real-world data, we evaluate our proposed recognition system and measure the impact on both users and attackers. Unlike most other approaches to counter evil twin attacks our system can be deployed autonomously and does not require any infrastructure changes and offers the full benefit of the system to early adopters.

Early defense: enabling attribute-based authorization in Grid firewalls

In todays distributed computing environments, like Grids and Clouds, authentication and authorization decisions take place in the middleware or on the compute and storage resources themselves. Thus, in both cases the decision is felled within the local network of the hosting organization. This is due to several drawbacks in common firewalls. For one, most firewalls only utilize the tupel of IP addresses, port numbers and protocol parameters to decide which connection are legitimate and which are not. This offers minimal configurability, which in complex environments like the Grid or the Cloud is not sufficient for optimal fine grained decisions. Also, the inability of application level firewalls to deal with dynamically opened server ports for encrypted connections like they are in use by GridFTP require very lax firewall rules to be set, if the Grid or Cloud is to operate unhindered. In this paper a solution is presented that moves the authorization enforcement forward into the firewall. The presented system enables an authorization of each connection, based on the users individual Grid or Cloud attributes. Extending our TCP-AuthN mechanism enables the firewall to operate as a Policy Enforcement Point (PEP) according to the authorization architecture presented in the XACML standard and enables Site administrators to turn back unwanted traffic at the border instead of on the resources themselves.

WAHC'18: 6th Workshop on Encrypted Computing and Applied Homomorphic Cryptography

The 6th Workshop on Encrypted Computing and Applied Homomorphic Cryptography is held in Toronto, ON, Canada on October 19th, 2018, co-located with the ACM Conference on Computer and Communications Security (CCS). The workshop aims to bring together professionals, researchers and practitioners from academia, industry and government in the area of computer security and applied cryptography with an interest in practical applications of homomorphic encryption, encrypted computing, functional encryption and secure function evaluation, private information retrieval and searchable encryption. The workshop will feature 6 exciting talks on different aspects of secure computation and a forum to discuss current and future challenges.

POSTER: Caching oblivious memory access: an extension to the HCRYPT virtual machine

Efficient homomorphic encryption enables the construction of an encrypted computer system. Previous work has shown how this can be achieved using only arithmetic representations of simple demultiplexer circuits. This poster extends the results by introducing a caching mechanism for oblivious memory access, by far the most time-consuming building block of a recently proposed sample machine architecture. The construction allows to significantly accelerate homomorphically encrypted machine operation while still preserving obliviousness of memory access, control unit operation and functional components.