{"id":1765,"date":"2017-03-22T10:54:25","date_gmt":"2017-03-22T10:54:25","guid":{"rendered":"https:\/\/prismacloud.eu\/?p=1765"},"modified":"2018-04-03T12:41:24","modified_gmt":"2018-04-03T12:41:24","slug":"d4-7-progress-report-on-privacy-enhancing-cryptography","status":"publish","type":"post","link":"https:\/\/prismacloud.eu\/d4-7-progress-report-on-privacy-enhancing-cryptography\/","title":{"rendered":"D4.7 Progress Report on Privacy-Enhancing Cryptography"},"content":{"rendered":"

Contributing Partners<\/strong><\/p>\n

UNEW<\/strong>, TUGRAZ<\/p>\n

Executive Summary<\/strong><\/p>\n

PRISMACLOUD aims at bringing novel cryptographic concepts and methods to practical application to improve the security and privacy of cloud based services and make them usable for providers and users.<\/p>\n

The purpose of this report is to document the progress on research activities within the Task 4.3 Privacy enhancing cryptography in the second year of the PRISMACLOUD project. We thereby focus on privacy-preservation for users of cloud services as well as service providers. In particular, we will improve and propose privacy-enhancing cryptography such as signature schemes for constructing anonymous credentials as well as group signature schemes for the cloud environment with a focus on user's access privacy in authentication and authorization, private billing for the use of cloud services as well as privacy for cloud providers enabling them to selectively prove properties about their certi\fFIed infrastructure without disclosing the blueprint of their infrastructure.<\/p>\n

To this end, this task conducts research in the following \ffields.<\/p>\n

4.3.1 Privacy-Preserving Cryptography for the Cloud<\/strong>. In this task, we will investigate privacy-preserving cryptographic protocols and in particular anonymous credential systems and group signature schemes. Most such privacy preserving schemes as (updatable\/stateful) anonymous one-show\/multi-show credentials, or group signatures are obtained by means of (generic) transformations from signature schemes enjoying speci\ffic properties (such as blind\/partially blind signing support, support for signing commitments, randomizability and compatibility with efficient zeroknowledge proofs). We will on the one hand perform research in anonymous credential systems that do not follow the traditional proof-of knowledge paradigm, but are based on alternative constructions (such as ideas from malleable signatures), which make them conceptually simpler as well as to integrate additional features such as a state and updateability. Furthermore, we will investigate these approaches focusing on identifying difficulties and trade-offs that have to be made when targeting for implementations in resource constrained hardware. In this deliverable we present three publications related to this task.<\/p>\n

4.3.2 Certifi\fed and Veri\ffiable Infrastructure for Cloud Services<\/strong>. In this task we develop and optimize for practical use in virtualized infrastructures is a signature scheme on committed graphs with a zero-knowledge proof system. Such a scheme allows an auditor to analyse the con\ffiguration of a cloud, and issue a signature on its topology. The signature encodes the topology as a graph in a special way, such that
\nthe cloud provider can use it to prove in zero-knowledge high-level security properties such as isolation of tenants to verifi\fers, such as the tenants, without disclosure of secret information. By that the verifying tenant can be con\ffident that the infrastructure is con\fgured securely as promised by the provider and be assured at the same time that no information about his resource pool is leaked to other tenants. In this deliverable, we present research on proactive security analysis of virtualized infrastructures based on a graph representation aligned with the topology certi\fcation\u00a0pursued in PRISMACLOUD. We present research to establish minimal functional units with tightly controlled capabilities that can then by certifi\fed as vertices in the topology certi\ffication. We further describe research on the certifi\fcation of geo-location for physical systems in virtualized infrastructures and the on proofs of geo-location separation in zero-knowledge. We report on research on the representation of directed graphs for the topology certi\fcation of advanced security properties and the expressivity of such schemes.<\/p>\n","protected":false},"excerpt":{"rendered":"

PRISMACLOUD aims at bringing novel cryptographic concepts and methods to practical application to improve the security and privacy of cloud based services and make them usable for providers and users.<\/p>\n

The purpose of this report is to document the progress on research activities within the Task 4.3 Privacy enhancing cryptography in the second year of the PRISMACLOUD project. We thereby focus on privacy-preservation for users of cloud services as well as service providers. In particular, we will improve and propose privacy-enhancing cryptography such as signature schemes for constructing anonymous credentials as well as group signature schemes for the cloud environment with a focus on user's access privacy in authentication and authorization, private billing for the use of cloud services as well as privacy for cloud providers enabling them to selectively prove properties about their certi\fFIed infrastructure without disclosing the blueprint of their infrastructure.<\/p>\n

To this end, this task conducts research in the following \ffields.<\/p>\n

4.3.1 Privacy-Preserving Cryptography for the Cloud. In this task, we will investigate privacy-preserving cryptographic protocols and in particular anonymous credential systems and group signature schemes. Most such privacy preserving schemes as (updatable\/stateful) anonymous one-show\/multi-show credentials, or group signatures are obtained by means of (generic) transformations from signature schemes enjoying speci\ffic properties (such as blind\/partially blind signing support, support for signing commitments, randomizability and compatibility with efficient zeroknowledge proofs). We will on the one hand perform research in anonymous credential systems that do not follow the traditional proof-of knowledge paradigm, but are based on alternative constructions (such as ideas from malleable signatures), which make them conceptually simpler as well as to integrate additional features such as a state and updateability. Furthermore, we will investigate these approaches focusing on identifying difficulties and trade-offs that have to be made when targeting for implementations in resource constrained hardware. In this deliverable we present three publications related to this task.<\/p>\n

4.3.2 Certifi\fed and Veri\ffiable Infrastructure for Cloud Services. In this task we develop and optimize for practical use in virtualized infrastructures is a signature scheme on committed graphs with a zero-knowledge proof system. Such a scheme allows an auditor to analyse the con\ffiguration of a cloud, and issue a signature on its topology. The signature encodes the topology as a graph in a special way, such that
\nthe cloud provider can use it to prove in zero-knowledge high-level security properties such as isolation of tenants to verifi\fers, such as the tenants, without disclosure of secret information. By that the verifying tenant can be con\ffident that the infrastructure is con\fgured securely as promised by the provider and be assured at the same time that no information about his resource pool is leaked to other tenants. In this deliverable, we present research on proactive security analysis of virtualized infrastructures based on a graph representation aligned with the topology certi\fcation\u00a0pursued in PRISMACLOUD. We present research to establish minimal functional units with tightly controlled capabilities that can then by certifi\fed as vertices in the topology certi\ffication. We further describe research on the certifi\fcation of geo-location for physical systems in virtualized infrastructures and the on proofs of geo-location separation in zero-knowledge. We report on research on the representation of directed graphs for the topology certi\fcation of advanced security properties and the expressivity of such schemes.<\/p>\n","protected":false},"author":2,"featured_media":1840,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1765"}],"collection":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/comments?post=1765"}],"version-history":[{"count":8,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1765\/revisions"}],"predecessor-version":[{"id":2623,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/posts\/1765\/revisions\/2623"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media\/1840"}],"wp:attachment":[{"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/media?parent=1765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/categories?post=1765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/prismacloud.eu\/wp-json\/wp\/v2\/tags?post=1765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}