Ulrich Greveler

A Privacy Preserving System for Cloud Computing

Cloud computing is changing the way that organizations manage their data, due to its robustness, low cost and ubiquitous nature. Privacy concerns arise whenever sensitive data is outsourced to the cloud. This paper introduces a cloud database storage architecture that prevents the local administrator as well as the cloud administrator to learn about the outsourced database content. Moreover, machine readable rights expressions are used in order to limit users of the database to a need-to-know basis. These limitations are not changeable by administrators after the database related application is launched, since a new role of rights editors is defined once an application is launced. Furthermore, trusted computing is applied to bind cryptographic key information to trusted states. By limiting the necessary trust in both corporate as well as external administrators and service providers, we counteract the often criticized privacy and confidentiality risks of corporate cloud computing.

Direct anonymous attestation: enhancing cloud service user privacy

We introduce a privacy enhancing cloud service architecture based on the Direct Anonymous Attestation (DAA) scheme. In order to protect user data, the architecture provides cloud users with the abilities of controlling the extent of data sharing among their service accounts. A user is then enabled to link Cloud Service applications in such a way, that his/her personal data are shared only among designated applications. The anonymity of the platform identity is preserved while the integrity of the hardware platform (represented by Trusted Computing configuration register values) is proven to the remote servers. Moreover, the cloud service provider can assess user account activities, which leads to efficient security enforcement measures.

A broadcast encryption scheme with free-riders but unconditional security

We propose two schemes for efficient broadcast key establishment that enables a sender to communicate to any subset of the user-base by allowing a small ratio of free-riders. The schemes do not require stateful receivers and one scheme is unconditionally secure. The free-riders are unable to learn from the past whether they might become free-riders for a certain transmission again. We present a new trade-off facet for broadcast encryption, namely the number (or ratio) of free-riders vs. the number of messages to be sent or the number of keys stored by each user.

Enforcing regional DRM for multimedia broadcasts with and without trusted computing

We present the problem of enforcing a Digital Rights Management (DRM) system that needs to consider location-dependent licensing policies and operates on top of existing conditional access standards. A major application for location-dependent DRM is Pay-TV broadcasting as rightsholders require different business models in different regions. A global providers enduser equipment needs to validate the user location in some way in order to enforce DRM in this scenario. We will depict several solutions to the problem and compare their security qualities. The main result is that trusted computing hardware may not be the most appropriate solution given reasonable conditions.

How pay-TV becomes e-commerce

In this paper we highlight the fact that existing pay-TV schemes operating on countries or world regions could be transformed into a global system as the digital television broadcasting technology offers the possibility to put different regional content into one transmission so that each user could decode the content according to his personal needs. As the Internet could be used for selling pay-per-view licenses and the digital multimedia content can be played by personal computers the existing pay-TV systems could become a global electronic commerce solution reducing the transmission cost per content.

Mutual remote attestation: enabling system cloning for TPM based platforms

We describe a concept of mutual remote attestation for two identically configured trusted (TPM based) systems. We provide a cryptographic protocol to achieve the goal of deriving a common session key for two systems that have verified each other to be a clone of themselves. The mutual attestation can be applied to backup procedures without providing data access to administrators, i.e. one trusted systems exports its database to another identical trusted system via a secure channel after mutual attestation is completed. Another application is dynamically parallelizing trusted systems in order to increase the performance of a trusted server platform. We present details of our proposed architecture and show results from extensive hardware tests. These tests show that there are some unresolved issues with TPM-BIOS settings currently distributed by PC hardware manufacturers since the specification regarding measurement of extended platform BIOS configuration is either not met or the usage of undocumented options is required.

Insider attacks enabling data broadcasting on crypto-enforced unicast links

Most wireless communication techniques rely on broadcast media on the physical layer, i.e., the actual signal can be received by any party in a certain coverage area. Furthermore, there are cable-based networks, such as HFC (hybrid fiber/coaxial) networks that use a shared transmission medium (coaxial cable) to bridge the last mile. A common means to perform secure unicast (point-to-point) communication over such wireless or shared transmission media is by applying cryptographic protocols on higher layers of the protocol stack. As of today, a common assumption in the design and analysis of such communication protocols is that both end-points (user and carrier) behave correctly according to the cryptographic protocol, because they want to preserve security against outsiders who might be sniffing private communication of legitimate users. However, under certain conditions users may not be interested in protecting their unicast communication against outsiders. Instead, users may try to extend their communication power/resources by means of insider attacks against the communication protocol. Such insider attacks pose new threats to providers of communication services and have, to the best of our knowledge, been neglected so far. In this paper we will discuss insider attacks against several communication systems that can break the unicast communication enforced by cryptographic means by the carrier of the communication infrastructure.