Séminaire R3S de Sana Belguith, université d’Auckland, le vendredi 20 avril 2018, à 14h00 en Salle G10

Title: Research project STRATUS: Security Technologies Returning Accountability, Trust and User-centric Services in the Cloud

Abstract: From the Apple iCloud celebrity nude photo leaks [1], to the abuse of user’s photographs on social networking services (e.g. Instagram and Facebook) for use of explicit sites [2], to the recent leakage of information belonging to 1 billion user accounts on Yahoo platform [3], we are regularly witnessing a serious problem: the inability for data owners to help themselves in cyber security breaches situations.

STRATUS project is a New Zealand cyber security research project focusing on empowering users with control over their data in third party environments such as the cloud.

First, this talk will present an overview of STRATUS project goals and achievements.

Then, the presentation will focus on the research activities performed by Cyber Security Foundry, The University of Auckland. These research contributions are mainly related to data security and user’s privacy in Distributed Systems such as Cloud Computing, Software Defined Networks, Publish and Subscribe Systems, Content Delivery Network, etc., based on Cryptographic techniques.

Indeed, I will present our applications of Searchable Encryption to hide search, access and size patterns of outsourced data to CDNs and Clouds in order to prevent inference attacks [4,5,6]. In addition, the presentation will introduce our contributions to secure Pub/Sub systems mainly enhancing subscribers’ privacy [7] and ensuring efficient revocation [8]. Finally, I will give few details about our research in progress to reserve the privacy of access pattern using Intel SGX-assisted solutions [9], to prevent denial of service attacks in Software Defined Networks and to protect intellectual property (IP) from reverse engineering using program obfuscation techniques [10].

[1] CNN Money, Goldman, D., Pagliery, J., Segall, L. How celebrities’ nude photos get leaked. http://money.cnn.com/2014/09/01/technology/celebrity-nude-photos/ index.html?iid=EL.

[2] The independent, “Instagram-cyber-attack”, http://www.independent.co.uk/life-style/gadgets-and-tech/instagram-cyber-attack-hack-celebrities-selena-gomez-justine-bieber-millions-ordinary-social-media-a7926211.html

[3] The guardian, “Yahoo data breach,” https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached, 2016.

[4] Cui, Shujie, Muhammad Rizwan Asghar, and Giovanni Russello. « Privacy-Preserving Content Delivery Networks. » In 2017 IEEE 42nd Conference on Local Computer Networks (LCN), pp. 607-610. IEEE, 2017.

[5] Cui, Shujie, et al. « P-McDb: Privacy-Preserving Search Using Multi-Cloud Encrypted Databases. » Cloud Computing (CLOUD), 2017 IEEE 10th International Conference on. IEEE, 2017.

[6] Cui, S., Asghar, M. R., Galbraith, S. D., & Russello, G. (2017, July). Secure and practical searchable encryption: A position paper. In Australasian Conference on Information Security and Privacy (pp. 266-281). Springer, Cham.

[7] Sana Belguith , Shujie Cui, Mohamed Rizwan Asghar, Giovanni Russello, Secure Publish and Subscribe Systems with Efficient Revocation, To appear in The 33rd ACM/SIGAPP Symposium On Applied Computing – SAC 2018.

[8] Shujie Cui, Sana Belguith, Mohamed Rizwan Asghar, Giovanni Russello, ”Malicious Entities are in Vain: Preserving Privacy in Publish and Subscribe Systems” Submitted to The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications – IEEE TrustCom-18.

[9] Costan, Victor, and Srinivas Devadas. « Intel SGX Explained. » IACR Cryptology ePrint Archive 2016 (2016): 86.

[10] Zobernig, Lukas, Steven D. Galbraith, and Giovanni Russello. « Indistinguishable Predicates: A New Tool for Obfuscation. ».