Thomas Loruenser - Academia.edu (original) (raw)

Uploads

Papers by Thomas Loruenser

a series of events targeted to prospect the applications supported by the new paradigm and valida... more a series of events targeted to prospect the applications supported by the new paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the challenges to fix them, especially on security, privacy, and inter-and intra-clouds protocols. Cloud computing is a normal evolution of distributed computing combined with Service-oriented architecture, leveraging most of the GRID features and Virtualization merits. The technology foundations for cloud computing led to a new approach of reusing what was achieved in GRID computing with support from virtualization. The conference had the following tracks:  Cloud computing  Computing in virtualization-based environments  Platforms, infrastructures and applications  Challenging features Similar to the previous edition, this event attracted excellent contributions and active participation from all over the world. We were very pleased to receive top quality contributions. We take here the o...

2016 11th International Conference on Availability, Reliability and Security (ARES), 2016

When using distributed storage systems to outsource data storage into the cloud, it is often vita... more When using distributed storage systems to outsource data storage into the cloud, it is often vital that this is done in a privacy preserving way, i.e., without the storage servers learning anything about the stored data. Especially when storing critical data, one often further requires efficient means to check whether the data is actually stored correctly on these servers. In the best case, such an auditing could itself be outsourced to a third party which does not need to be trusted by the data owner. That is, also the auditing mechanism should guarantee privacy, even if the auditor collaborates with a (sub) set of the storage servers. However, so far only a small number of privacy preserving third party auditing mechanisms has been presented for single server storage solutions, and no such protocols exist at all for a distributed storage setting. In this paper, we therefore define and instantiate a privacy preserving auditable distributed storage system. Our instantiation can be based on any homomorphic secret sharing scheme, and is fully keyless, efficient, and information-theoretically private. Furthermore, it supports batch audits, and is backward compatible with existing secret sharing based storage solutions.

Modern cryptography provides for new ways of solving old problems. This paper details how Keyed-H... more Modern cryptography provides for new ways of solving old problems. This paper details how Keyed-Hash Message Authentication Codes (HMACs) or Authenticated Encryp-tion with Associated Data (AEAD) can be employed as an alternative to a traditional server-side temporal session store. This cryptography-based approach reduces the server-side need for state. When applied to database-based user-management systems it removes all database alteration statements needed for confirmed user sign-up and greatly removes database alteration statements for typical "forgot password" use-cases. As there is no temporary data stored within the server database system, there is no possibility of creating orphaned or abandoned data records. However, this new approach is not generic and can only be applied if implemented use-cases fulfill requirements. This requirements and implications are also detailed within this paper.

The market for cloud computing can be considered as the major growth area in ICT. However, big co... more The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015-7/2018) addresses these challenges and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security with the strongest notion possible, namely by means of cryptography. We present a new approach towards a next generation of security and privacy enabled services to be deployed in only partially trusted cloud infrastructures.

Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018

Application development for the cloud is already challenging because of the complexity caused by ... more Application development for the cloud is already challenging because of the complexity caused by the ubiquitous, interconnected, and scalable nature of the cloud paradigm. But when modern secure and privacy aware cloud applications require the integration of cryptographic algorithms, developers even need to face additional challenges: An incorrect application may not only lead to a loss of the intended strong security properties but may also open up additional loopholes for potential breaches some time in the near or far future. To avoid these pitfalls and to achieve dependable security and privacy by design, cryptography needs to be systematically designed into the software, and from scratch. We present a system architecture providing a practical abstraction for the many specialists involved in such a development process, plus a suitable cryptographic software development life cycle methodology on top of the architecture. The methodology is complemented with additional tools suppor...

Byzantine fault-tolerant systems have been researched for more than four decades, and although sh... more Byzantine fault-tolerant systems have been researched for more than four decades, and although shown possible early, the solutions were impractical for a long time. With PBFT the first practical solution was proposed in 1999 and spawned new research which culminated in novel applications using it today. Although the safety and liveness properties of PBFT-type protocols have been rigorously analyzed, when it comes to practical performance only empirical results often in artificial settings are known and imperfections on the communication channels are not specifically considered. In this work we present the first performance model for PBFT specifically considering the impact of unreliable channels and the use of different transport protocols over them. We also did extensive simulations to verify the model and to gain more insight on the impact of deployment parameters on the overall transaction time. We show that the usage of UDP can lead to significant speedup for PBFT protocols comp...

2013 Conference on Lasers & Electro-Optics Europe & International Quantum Electronics Conference CLEO EUROPE/IQEC, 2013

ABSTRACT

International Journal of Quantum Information, 2008

A quantum key distribution (QKD) network is currently being implemented in Vienna by integrating ... more A quantum key distribution (QKD) network is currently being implemented in Vienna by integrating seven QKD-link devices that connect five subsidiaries of Siemens Austria. We give an architectural overview of the network and present the enabling QKD technologies, as well as the novel QKD network protocols.

2016 11th International Conference on Availability, Reliability and Security (ARES), 2016

The EC Horizon 2020 project PRISMACLOUD aims at cryptographically addressing several severe risks... more The EC Horizon 2020 project PRISMACLOUD aims at cryptographically addressing several severe risks threatening end user security and privacy in current cloud settings. This shall be achieved by the provision of a reusable toolbox encapsulating cryptographic functionality from which dependably secure cloud services can be assembled. In order to provide a tangible abstraction of the complexity involved with the construction of cryptographically secured cloud services, we introduce the four-layer PRISMACLOUD architecture. Top down, it consists of a use cases (application) layer, a services layer, a tools layer, and a cryptographic primitives and protocols layer. In this paper we provide a detailed description of the PRISMACLOUD tools in terms of functional components, as well as how they interact to provide the desired security functionality. We also briefly describe the cutting-edge cryptographic primitives which are encompassed by the tools. Both the toolbox and the cryptographic primitives and protocols are being currently developed and will be provided as reference implementation by project end in July 2018.

IEEE Journal on Selected Areas in Communications, 2015

2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015

ABSTRACT

Quantum Information Processing, 2015

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribut... more We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols.

ABSTRACT The very recent demonstration of the SECOQC QKD-network convincingly extended single QKD... more ABSTRACT The very recent demonstration of the SECOQC QKD-network convincingly extended single QKD-links to QKD-networks gaining new functionalities. The needed interfaces, protocols and node modules are explained.

Quantum cryptography is the only system for key generation that can provably not be tampered by a... more Quantum cryptography is the only system for key generation that can provably not be tampered by an eavesdropper without being noticed. While its theoretical basis is already reasonably well understood, commercial application is hampered by the lack of ready-to-use embedded encryption systems. In this paper we will describe our hardware solution, developed for setting up an application oriented quantum cryptography embedded-system.

International Journal of Quantum Information, 2009

In this work, we respond to a comment by A. Abidin and J.-Å. Larsson on our previous paper, Int. ... more In this work, we respond to a comment by A. Abidin and J.-Å. Larsson on our previous paper, Int. J. Quant. Inf. 3 (2005) 225.

a series of events targeted to prospect the applications supported by the new paradigm and valida... more a series of events targeted to prospect the applications supported by the new paradigm and validate the techniques and the mechanisms. A complementary target was to identify the open issues and the challenges to fix them, especially on security, privacy, and inter-and intra-clouds protocols. Cloud computing is a normal evolution of distributed computing combined with Service-oriented architecture, leveraging most of the GRID features and Virtualization merits. The technology foundations for cloud computing led to a new approach of reusing what was achieved in GRID computing with support from virtualization. The conference had the following tracks:  Cloud computing  Computing in virtualization-based environments  Platforms, infrastructures and applications  Challenging features Similar to the previous edition, this event attracted excellent contributions and active participation from all over the world. We were very pleased to receive top quality contributions. We take here the o...

2016 11th International Conference on Availability, Reliability and Security (ARES), 2016

When using distributed storage systems to outsource data storage into the cloud, it is often vita... more When using distributed storage systems to outsource data storage into the cloud, it is often vital that this is done in a privacy preserving way, i.e., without the storage servers learning anything about the stored data. Especially when storing critical data, one often further requires efficient means to check whether the data is actually stored correctly on these servers. In the best case, such an auditing could itself be outsourced to a third party which does not need to be trusted by the data owner. That is, also the auditing mechanism should guarantee privacy, even if the auditor collaborates with a (sub) set of the storage servers. However, so far only a small number of privacy preserving third party auditing mechanisms has been presented for single server storage solutions, and no such protocols exist at all for a distributed storage setting. In this paper, we therefore define and instantiate a privacy preserving auditable distributed storage system. Our instantiation can be based on any homomorphic secret sharing scheme, and is fully keyless, efficient, and information-theoretically private. Furthermore, it supports batch audits, and is backward compatible with existing secret sharing based storage solutions.

Modern cryptography provides for new ways of solving old problems. This paper details how Keyed-H... more Modern cryptography provides for new ways of solving old problems. This paper details how Keyed-Hash Message Authentication Codes (HMACs) or Authenticated Encryp-tion with Associated Data (AEAD) can be employed as an alternative to a traditional server-side temporal session store. This cryptography-based approach reduces the server-side need for state. When applied to database-based user-management systems it removes all database alteration statements needed for confirmed user sign-up and greatly removes database alteration statements for typical "forgot password" use-cases. As there is no temporary data stored within the server database system, there is no possibility of creating orphaned or abandoned data records. However, this new approach is not generic and can only be applied if implemented use-cases fulfill requirements. This requirements and implications are also detailed within this paper.

The market for cloud computing can be considered as the major growth area in ICT. However, big co... more The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015-7/2018) addresses these challenges and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security with the strongest notion possible, namely by means of cryptography. We present a new approach towards a next generation of security and privacy enabled services to be deployed in only partially trusted cloud infrastructures.

Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018

Application development for the cloud is already challenging because of the complexity caused by ... more Application development for the cloud is already challenging because of the complexity caused by the ubiquitous, interconnected, and scalable nature of the cloud paradigm. But when modern secure and privacy aware cloud applications require the integration of cryptographic algorithms, developers even need to face additional challenges: An incorrect application may not only lead to a loss of the intended strong security properties but may also open up additional loopholes for potential breaches some time in the near or far future. To avoid these pitfalls and to achieve dependable security and privacy by design, cryptography needs to be systematically designed into the software, and from scratch. We present a system architecture providing a practical abstraction for the many specialists involved in such a development process, plus a suitable cryptographic software development life cycle methodology on top of the architecture. The methodology is complemented with additional tools suppor...

Byzantine fault-tolerant systems have been researched for more than four decades, and although sh... more Byzantine fault-tolerant systems have been researched for more than four decades, and although shown possible early, the solutions were impractical for a long time. With PBFT the first practical solution was proposed in 1999 and spawned new research which culminated in novel applications using it today. Although the safety and liveness properties of PBFT-type protocols have been rigorously analyzed, when it comes to practical performance only empirical results often in artificial settings are known and imperfections on the communication channels are not specifically considered. In this work we present the first performance model for PBFT specifically considering the impact of unreliable channels and the use of different transport protocols over them. We also did extensive simulations to verify the model and to gain more insight on the impact of deployment parameters on the overall transaction time. We show that the usage of UDP can lead to significant speedup for PBFT protocols comp...

2013 Conference on Lasers & Electro-Optics Europe & International Quantum Electronics Conference CLEO EUROPE/IQEC, 2013

ABSTRACT

International Journal of Quantum Information, 2008

A quantum key distribution (QKD) network is currently being implemented in Vienna by integrating ... more A quantum key distribution (QKD) network is currently being implemented in Vienna by integrating seven QKD-link devices that connect five subsidiaries of Siemens Austria. We give an architectural overview of the network and present the enabling QKD technologies, as well as the novel QKD network protocols.

2016 11th International Conference on Availability, Reliability and Security (ARES), 2016

The EC Horizon 2020 project PRISMACLOUD aims at cryptographically addressing several severe risks... more The EC Horizon 2020 project PRISMACLOUD aims at cryptographically addressing several severe risks threatening end user security and privacy in current cloud settings. This shall be achieved by the provision of a reusable toolbox encapsulating cryptographic functionality from which dependably secure cloud services can be assembled. In order to provide a tangible abstraction of the complexity involved with the construction of cryptographically secured cloud services, we introduce the four-layer PRISMACLOUD architecture. Top down, it consists of a use cases (application) layer, a services layer, a tools layer, and a cryptographic primitives and protocols layer. In this paper we provide a detailed description of the PRISMACLOUD tools in terms of functional components, as well as how they interact to provide the desired security functionality. We also briefly describe the cutting-edge cryptographic primitives which are encompassed by the tools. Both the toolbox and the cryptographic primitives and protocols are being currently developed and will be provided as reference implementation by project end in July 2018.

IEEE Journal on Selected Areas in Communications, 2015

2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015

ABSTRACT

Quantum Information Processing, 2015

We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribut... more We demonstrate how adversaries with unbounded computing resources can break Quantum Key Distribution (QKD) protocols which employ a particular message authentication code suggested previously. This authentication code, featuring low key consumption, is not Information-Theoretically Secure (ITS) since for each message the eavesdropper has intercepted she is able to send a different message from a set of messages that she can calculate by finding collisions of a cryptographic hash function. However, when this authentication code was introduced it was shown to prevent straightforward Man-In-The-Middle (MITM) attacks against QKD protocols.

ABSTRACT The very recent demonstration of the SECOQC QKD-network convincingly extended single QKD... more ABSTRACT The very recent demonstration of the SECOQC QKD-network convincingly extended single QKD-links to QKD-networks gaining new functionalities. The needed interfaces, protocols and node modules are explained.

Quantum cryptography is the only system for key generation that can provably not be tampered by a... more Quantum cryptography is the only system for key generation that can provably not be tampered by an eavesdropper without being noticed. While its theoretical basis is already reasonably well understood, commercial application is hampered by the lack of ready-to-use embedded encryption systems. In this paper we will describe our hardware solution, developed for setting up an application oriented quantum cryptography embedded-system.

International Journal of Quantum Information, 2009

In this work, we respond to a comment by A. Abidin and J.-Å. Larsson on our previous paper, Int. ... more In this work, we respond to a comment by A. Abidin and J.-Å. Larsson on our previous paper, Int. J. Quant. Inf. 3 (2005) 225.