Mercoledì 22 luglio a partire dalle ore 9:30 (in aula 25) i Professori Nelly Fazio (CUNY, USA) e Antonio Nicolosi (Stevens) terranno due seminari su tematiche di crittografia e sicurezza informatica. Tutti sono invitati a partecipare.
Title: Shared Oblivious Storage
Abstract:
We propose Shared Oblivious Storage (SOS), an extension of the
oblivious storage (OS) model to the setting of group data sharing. In
addition to providing server-side data-secrecy and access-pattern
obliviousness guarantees as in traditional OS protocols, an SOS
protocol allows arbitrary subsets of clients to share read/write
access to cloud-stored data while preserving data-secrecy and
access-pattern obliviousness guarantees with respect to unauthorized
clients. To show the feasibility of SOS, we describe a provably secure
generic construction based on the notions of outsider-anonymous
broadcast encryption and multi-user oblivious RAM.
Title: Verifiable Network Paths for the NEBULA Data Plane
Abstract:
NEBULA is a Future Internet Architecture designed to provide secure,
highly available, and robust communication services to critical
applications in the emerging cloud and mobile environment. An
enabling factor for the NEBULA vision is the ability for ISPs and
end-hosts to constrain the network paths taken by their traffic.
Policy routing is a well-studied approach to empower parties to
express their preferences on route selection; how to enforce those
preferences efficiently and effectively upon packet forwarding is much
less well understood. The core challenge is: if we assume an
adversarial, decentralized, and high-speed environment, then when a
packet arrives at a node, how can the node verify that the packet
followed an approved network path?
To provide the functionality above, we develop a new data-plane
primitive that we call a Path Verification Mechanism (PVM). A PVM
ensures that the inter-domain paths that packets actually take through
the network respect the policies of those handling the packets. Our
solution incorporates an optimized cryptographic construction that is
compact and requires negligible configuration state and no globally
trusted network authority. A NetFPGA implementation of our PVM
demonstrates its plausibility: At 86% more costly than an IP router on
the same hardware platform, its cost is significant but affordable.