Catalogue of "Security Primitives"

Authenticated encryption with new security model and construction. StoA authenticated encryption with variable stretch is vulnerable to some attacks that misuse the variable stretch. A new security definition is proposed and followed by a new construction.

Proofs of retrievability for data replications. It allows the data replication be handled by the cloud provider, who will then generate proofs of retrievability of these replicas upon user attestation.

Message Locked PoR and Message locked key generation. This primitive enables clients to verify the retrievability of their files while also allowing file-based deduplication based on a dedicated message-locked key generation. Since all keying material are depending on the file itself the encryption and encoding of the files remain the same if the file is the same.

Provides light-weight isolation on many-core platforms. Allows management of encrypted and integrity-protected virtual machine images.

Remote Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network. The Remote Attestation generates the evidence of whether or not the untrusted cloud platform is running in the expected state, and therefore, the result of the service, application or VM image outsourced to the cloud is trustworthy.

This scheme is intended to be used in a scenario where multiple users are using a storage system to store data.

This tool behaves like a classic fuzz tester, by supplying mutated input to a program and observing its behaviour. Often, mutated input leads to crashes, and the crashes reveal ways of exploiting the program. Standard fuzzers however do not take into account the distributed nature of some of the software that powers the cloud. The distributed fuzzer will be optimized for distributed programs and components. The output is a series of crash reports including back-traces and the developer/tester can manually intervene to fix the bug and harden the code.

Files are encrypted on the client side before being uploaded to the cloud, and will be decrypted on the client side after being downloaded to local. The encryption key is kept by the clients. The encryption keys are acquired by the clients from some remote entity, in a privacy-preserving way that the remote entity is not able to infer or distinguish the file content from the requests from all clients, but this remote entity will ensure that the same file content will derive the same encryption key. Thanks to this feature, files across multiple clients can be de-duplicated. Only one copy of a file with unique content (in its encrypted form) will be stored in the cloud server. When duplicated files are deleted, only the links of the ownership will be removed. The file copy in the cloud will be removed only when the file is unique across all clients.

Proofs of Retrievability (PoR) are cryptographic proofs that enable a cloud provider to prove that the tenant can retrieve his file in its entirety. A tenant can ask the cloud provider to provide such proofs of a requested file without the need to download the file The aim of providing the PoR primitive is to provide strong assurance of storage integrity to the tenants.

This tool allows cloud customers to migrate relational SQL databases into the cloud such that confidentiality is provided against the service provider but the database can still be queried.

This primitive could be used to prove the user/citizen/customer that some processing (like the liveness detection) has indeed been computed on the authentication data, thus enabling to check the conformance to (e.g. governmental) rules/standards.