The TClouds Platform - Concept, architecture and instantiations

to appear in: Proceedings of DISCCO ’13, Braga, Portugal, 2013. Bessani, A.; Cutillo, L. A.; Ramunno, G.; Schirmer, N. and Smiraglia, P.
TClouds is a EU project targeted at improving the security and the high-availability of the cloud infrastructures and services, especially for supporting critical applications. This paper presents the TClouds platform, the main outcome of the project, in an integrated way.
The TClouds platform: concept, architecture and instantiations

European Research Activities in Cloud Computing

Accepted for: 6th Future Security Conference, September 2011 Dana Petcu and José Luis Vázquez-Poletti (Jan 2012) ISBN: 1-4438-3507-2 (Co-Autoren: Michael Gröne, Norbert Schirmer)

"What's new in the European research and development area? Cloud computing is a provision model where whatever computing resource that can be thought of (machines, network, software solutions, applications) is provided as a service. This new paradigm has changed the center of gravity of computing in both the academic and industry environments, but despite the considerable efforts and investments, there are critical problems that are not yet solved. The research and development community involved in distributed computing is searching for viable solutions that will increase the adoption of the cloud. This is the case of the collaborative work done by multi-national teams in the context of the FP7 programme of the European Commission. Students, researchers and developers working in the field of distributed computing will find in this book a snapshot of the on-going activities in research and development of cloud computing undertaken at the European level. These activities are organized by the latest hot topics of cloud computing research, which include services, management, automation and adoption. Summarizing, this book will help the reader understand and identify the research and development winds that are pushing the clouds to Europe."

Realising a trustworthy sensor node with the idea of virtualisation 

Accepted for: 6th Future Security Conference, September 2011, Dennis Gessner, Christian Stüble, Marcel Selhorst and Peter Langendoerfer
Wireless Sensor and Actuator Networks (WSANs) are typically used in order to protect Critical Infrastructures (CIs). WSANs collect and transmit sensitive data and need to fulfil their defined security requirements according to the CI they protect. This however has a high impact on building such systems with respect to security. WSANs depend on secure operation of their nodes and thus need to rely on the used node operating system (OS). However, typical WSAN nodes are limited regarding their power consumption and available hardware resources, which makes it difficult to implement rich security or reliability features. Nevertheless, the used OS should still provide security mechanisms in order to limit the effects of both, accidental errors as well as malicious modifications of the running software. Within this paper, we solve a significant number of the before mentioned issues by providing a high-assurance security kernel for WSAN nodes. The security kernel provides strong process isolation. This allows for example to execute trusted and untrusted code on the same node, for instance to separate trusted encryption components and keys from untrusted network protocol stacks. Realizing trustworthiness inside a WSAN is one of the most important aspects for protecting CIs. Each sensor node needs to trust the information flow along the network. For example, in case of an incident, it is essential that a WSAN measuring a power grid notices this incident in a dependable and real-time way. All corresponding actuators or even persons behind the control panels have to react in-time on an abnormal behaviour of the system. Since possibly cost-intensive or even life-threatening decisions, such as shutting down a high-voltage power supply line, are made based on the measured information of WSANs, these networks have to be fully trustworthy with regard to the data provided. The main aspect of the presented security model is to isolate security-critical parts of the operating system, such as encryption mechanisms, encryption keys and security-related software, and encapsulate each of them in so called compartments. This is realized in such a way that no compartments can access, interact, or influence each other without permission of the underlying security kernel. The security kernel provides such a trustworthy platform for secure communication nodes. It is based on a microkernel system with a very small Trusted Computing Base (TCB), which makes it easier to prove the correctness of such a system. On top of it, different security services handle secure code-update, attestation, secure communication, secure measurement of the sensor, and secure storage of the sensor data. In parallel to the security relevant compartments, it is possible to run common WSAN node operating systems (e.g., a para-virtualised Linux, eCos, or TinyOS).  

Application of Wireless Sensor Networks in Critical Infrastructure Protection - Challenges and Design Options

to appear in the Special Issue on Security and Privacy in Emerging Wireless Networks of the IEEE Wireless Communications Magazine, 2010 Levente Buttyán, Dennis Gessner, Alban Hessler, Peter Langendörfer

The protection of Critical Infrastructures (CI) provides an interesting application area for Wireless Sensor Networks (WSN). Threats such as natural catastrophes, criminal or terrorist attacks against CIs are increasingly reported. The large scale nature of CIs requires a scalable and low cost technology for improving CI monitoring and surveillance. WSNs are a promising candidate to fulfil these requirements, but if the WSN becomes part of the CI in order to improve its reliability, then the dependability of the WSN itself needs to be significantly improved first.In this paper, we discuss the challenges and potential solutions to achieve dependability of WSNs taking into account accidental failures as well as intentional attacks. We inspect the whole system starting from individual sensor nodes via the protocol stack to the middleware layer above.


µTSS - A Simplified Trusted Software Stack (Extended Version)

Proceedings of the 3rd International Conference on Trust and Trustworthy Computing (TRUST'10), LNCS 6101, pp. 124-140, 2010 Christian Stüble and Anoosheh Zaerin

The TCG Software Stack (TSS) specifies the software layer for application developers to use functions provided by a Trusted Platform Module (TPM). However, the current TSS interface is highly complex, which makes its usage very difficult and error-prone, and the high complexity makes it unsuitable for embedded devices or security kernels. We present a simplified TSS design and implementation (TSS) providing a lightweight and intuitive programming interface for developers based on the TPM main specification. The major principles of the TSS design are a reduced complexity, obtaining type safety, object encapsulation, and a simple error handling. These principles ensure that the resulting TSS ismaintainable and easy to use. Moreover, the modular architecture of the TSS allows using only a subset of the provided functionality as it is required, e.g., for embedded systems, mobile devices, or in the context of a security kernel. This paper discusses experiences with the TSS, based on several projects such as the TCG TPM compliance test suite and a Mobile Trusted Module (MTM) implementation.


Towards Automated Security Policy Enforcement in Multi-Tenant Virtual Data Centers

Journal of Computer Security, IOS Press, Vlo. 18, Number 1, pp. 89-121, 2010
Serdar Cabuk, Chris I. Dalton, Konrad Eriksson, Dirk Kuhlmann, Hari Govind V. Ramasamy, Gianluca Ramunno, Ahmad-Reza Sadeghi, Matthias Schunter and Christian Stüble

Virtual data centers allow the hosting of virtualized infrastructures (networks, storage, machines) that belong to several customers on the same physical infrastructure. Virtualization theoretically provides the capability for sharing the infrastructure among different customers. In reality, however, this is rarely (ifever) done because of security concerns. A major challenge in allaying such concerns is the enforcement of appropriate customer isolation as specified by high-level security policies. At the core of this challenge is the correct configuration of all shared resources on multiple machines to achieve this overall security objective. To address this challenge, this paper presents a security architecture for virtual data centers based on virtualization and Trusted Computing technologies. Our architecture aims at automating the instantiation of a virtual infrastructure while automatically deploying the corresponding security mechanisms. This deployment is driven by a global isolation policy, and thus guarantees overall customer isolation acrossall resources. We have implemented a prototype of the architecture based on the Xen hypervisor.


A Practical Property-based Bootstrap Architecture

Workshop on Scalable Trusted Computing (STC), Chicago, IL, November 2009
René Korthaus, Ahmad-Reza Sadeghi, Christian Stüble and Jing Zhan

Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various short comings that cause problems for practical deploymentsuch as scalability, manageability and privacy: On the onehand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously. In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that,in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party. Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM)to realize a ”Property-Based Secure Boot”. This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system also is in a trustworthy state.


Twister - A Framework for Secure and Fast Hash Functions

Information Security Practise and Experience Conference (ISPEC), Xi'an (China), 2009.
Ewan Fleischmann, Christian Forler and Michael Gorski and Stefan Lucks

In this paper we present Twister , a new framework for hash functions.Twister incorporates the ideas of wide pipe and sponge functions. The core of this framework is a --- very easy to analyze ---Mini-Round providing both extremely fast diffusion as well as collision-freeness for one Mini-Round . The total security level is claimed to be not below 2 n /2 for collision attacks and 2 n for 2nd pre-image attacks. Twister instantiations are secure against all known generic attacks. We also propose three instances Twister -n for hash output sizes n = 224,256,384,512. These instantiations are highly optimized for 64-bit architectures and run very fast in hardware and software, e.g Twister -256 is faster than SHA2-256 on 64-bit platforms and Twister -512 is faster than SHA2-512 on 32-bit platforms. Furthermore,Twister scales very well on low-end platforms.

Parallel filtering of large sparse matrices for index calculus

Conference on Hyperelliptic curves, discrete Logarithms, Encryption, (CHiLE), 2009
Roberto Avanzi, Nicolas Thériault and Anoosheh Zaerin

We describe a filtering technique improving the performance of index-calculus algorithms for hyperelliptic curves. Filtering is a stage taking place between the relation search and the linear algebra. Its purpose is to eliminate redundant or duplicate relations,as well as reducing the size of the matrix, thus decreasing the time required for the linear algebra step. This technique, which we call harvesting, is in fact a new strategy that subtly alters the whole index calculus algorithm. In particular, it changes the relation search to find manytimes more relations than variables, after which a selection process is applied to the set of the relations – the harvesting process. The aim of this new process is to extract a (slightly) over determined submatrix which is as small as possible. Furthermore, the size of the factor base also has to be read justed, in order to keep the (extended) relation search faster than it would have been in an index calculus algorithm without harvesting. The size of the factor base must also be chosen to guarantee that the final matrix will be indeed smaller than it would be in an optimised index calculus without harvesting, thus also speeding up the linear algebra step. The version of harvesting presented here is an improvement over an earlier version by the same authors. By means of a new selection algorithm, time-complexity can be reduced from quadratic to linear (in the size of the input), thus making its running time effectively negligible with respect to the rest of the index calculus algorithm. At the same time we make the process of harvesting more effective – in the sense that the final matrix should (on average) be smaller than with the earlier approach. We present an analysis of the impact of harvesting (for instance, we show that its usage can improve index calculus performance by more than 30% in some cases), we show that the impact on matrix size is essentially independent on the genus of the curve considered, and provide an heuristic argument in support of the effectiveness of harvesting as one parameter (which defines how far the relation search is pushed) increases.


Flexible and Secure Enterprise Rights Management based on Trusted Virtual Domains

Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008), ACM, Oxford (England), 2008
Yacine Gasmi, Rani Husseiki, Ahmad-Reza Sadeghi, Patrick Stewin, Christian Stüble, Martin Unger, Marcel Winandy

The requirements for secure document workows in enterprises become increasingly sophisticated, with employees performing different tasks under different roles using the same proprietary platform. Particularly, ne-grained access control to document information is necessary in certain scenarios where the integrity and condentiality of parts of documents is of high priority.In this paper, we present a secure and exible Enterprise Rights Management (ERM) system based on a version of the Trusted Virtual Domains (TVDs) security model that allows to establish isolated execution environments spanning over virtual entities across separate physical resources. Our security concept achieves a two-layered policy enforcement on documents: a TVD Policy ensuring isolation of the workow from other tasks on the user platforms,and a role-based document- policy ensuring both con dentiality and integrity of document parts. Moreover, in contrast to existing solutions, our architecture o ers advanced features for secure document workows such as o ine access to documents and transparent encryption of documents exchanged via USB, external storage or VPN communication between peer platforms. We also shed the light on keymanagement, document structure and document policy enforcement mechanisms to support the ERM infrastructure. Finally, we prove our concept based on an implementation.


Property-Based TPM Virtualization

Information Security Conferene (ISC' 08), Taipei (Taiwan) 2008
Ahmad-Reza Sadeghi and Christian Stüble and Marcel Winandy

Today, virtualization technologies and hypervisors celebrate their rediscovery. Especially migration of virtual machines (VMs) between hardware platforms provides a useful and cost-e ective means to manage complex IT infrastructures. A challenge in this context is the virtualization of hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization ,however, have various shortcomings that hinder the deployment to a wide range of useful scenarios. In this paper, we address these short comings by presenting a flexible and privacy-preserving design of avirtual TPM that in contrast to existing solutions supports different approaches for measuring the platform's state and for key generation, anduses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like TPM.


Breaking the Shin-Shin-Rhee - Remotely Keyed Encryption Schemes

Information Processing Letters 105(6):236-240, 2008
Ulrich Kühn

Remotely keyed encryption (RKE) schemes provide fast symmetric encryption and decryption using a small-bandwidth security module and a powerful host. Such schemes keep the key inside the security module to prevent key compromise. Shin, Shin, and Rhee proposed a length-preserving as well as a length-increasing RKE scheme that both use only a single round of interaction between host and security module. With the length-preserving scheme they claim to answer an open problem of Blaze, Feigenbaum and Naor. However, in the present paper we show that both their schemes are completely insecure. Further, we present heuristic arguments on why a one-round length-preserving RKE scheme might be impossible.


Call Back