SlideShare une entreprise Scribd logo

SafeCloud Secure Communication solutions (WP1 overview)

Miguel Pardal
Miguel Pardal

This presentation presents a summary of the work done on the Work Package 1 of the SafeCloud project. The main results are vulnerability-tolerant channels, protected channels with port knocking, multi-path communication and route monitoring. This is joint work between INESC-ID, Portugal and TUM, Germany.

Sciences
1  sur  31
September 2018 Miguel Pardal INESC-ID miguel.pardal@tecnico.ulisboa.pt WP1: Secure Communication
Outline • Objectives and summary • Secure communication solutions • Achievements WP1 — 2018-09 » 2
WP1 — objectives and summary • Provide middleware services to improve the privacy and security of cloud communications in the SafeCloud platform • Protect data when downloading (and uploading) from the cloud • Provide same properties as secure channels: confidentiality, integrity, authenticity • But assuming more powerful adversaries that may break some assumptions that make existing channels secure WP1 — 2018-09 » 3
Standard secure channel • The most adopted protocol is SSL/TLS • HTTPS = HTTP overTLS WP1 — 2018-09 » 4
How can aTLS channel become insecure 1. A vulnerability appears in one component 2. An old vulnerability in one of the components is not fixed 3.There is an unknown (0-day) vulnerability in one of the components 4.There is a vulnerability that seems to be impossible to exploit, but that can be exploited by a strong adversary, e.g., a nation state WP1 — 2018-09 » 5
Specific threats • Weak cryptographic components • DES, RC4, MD5, SHA-1 • Service identification • Well-known ports are vulnerable to port scanning and fingerprinting • Route attacks • Man-in-the-middle attacks • Attacker intercepts communication • Route hijacking • Traffic may be deviated and then eavesdropped WP1 — 2018-09 » 6
Summary of security requirements • For the attacker to break the confidentiality, privacy or integrity of a secure channel, he must: (i) find a vulnerability in the channel (ii) gain access to the endpoint machines (iii) intercept communication path WP1 — 2018-09 » 7
SafeCloud solutions Secure Communication WP1 — 2018-09 » 8
Middleware requirements • Two forms of communication: • Machine-to-cloud and • Cloud-to-cloud • Unicast communication between two endpoints • Endpoints: clients, machines in clouds • We do not envisage the need to protect data privacy in multicast, anycast or broadcast communications • Connection-oriented • Similar to protocols likeTLS overTCP • Implemented at application layer of the OSI model • Difficult to deploy mechanisms at lower layers in the Internet WP1 — 2018-09 » 9
SafeCloud platform components WP1 — 2018-09 » 10
Secure Communication Solutions • SC1: vulnerability-tolerant channels • vtTLS • Multiple cryptographic layers • SC2: protected channels • sKnock • Port knocking • SC3: route-aware channels • Premium (Machete + Darshana) • Multi-path and route monitoring WP1 — 2018-09 » 11
Core insight • Make secure channels more robust by leveraging diversity in multiple ways: • SC1 • Cipher suites • Protocol implementations • SC2 • Access controls • SC3 • Communication paths • Route monitoring techniques WP1 — 2018-09 » 12
SC1: vulnerability-tolerant channels WP1 — 2018-09 » 13 Combine several cryptographic suites
SC2: protected channels WP1 — 2018-09 » 14 Add multiple layers of access control
SC3: route-aware channels WP1 — 2018-09 » 15 Use multiple paths, monitor geo-bounds
Addressing security requirements with SafeCloud communication solutions Attacker must: SC1: vulnerability- tolerant channels SC2: protected channels SC3: route-aware channels (i) find a vulnerability in the channel (ii) gain access to the endpoint machines (iii) intercept communication flow SC – Secure Communication solution
Solutions can be composed • Example: SC1 + SC2 = vulnerability-tolerant channels + protected channels = vtTLS + sKnock = vulnerability-tolerant, multiple protection channel WP1 — 2018-09 » 17
Server is protected by a firewall WP1 — 2018-09 » 18
Client can open the firewall with an authenticated packet WP1 — 2018-09 » 19
Add first layer of protection WP1 — 2018-09 » 20
Add additional layer of protection WP1 — 2018-09 » 21
Client and server exchange data securely WP1 — 2018-09 » 22
SafeCloudWP1 achievements Scientific,Technological, Exploitation WP1 — 2018-09 » 23
All tasks completed • T1.1 — Communication architecture [M1-M6] • T1.2 —Vulnerability-tolerant channels [M1-30] • T1.3 — Protected service provisioning [M1-30] • T1.4 — Route monitoring [M1-30] • T1.5 — Multi-path communication [M1-30] WP1 — 2018-09 » 24
All deliverables completed • D1.1 — Private communication middleware architecture [M6; IN-ID] • D1.2 — First version of the private communication middleware components [M18; IN-ID] • D1.3 — Final version of the private communication middleware [M30; IN-ID] WP1 — 2018-09 » 25
Scientific work • Graduations • 5 students at INESC-ID • 10 students atTUM • Publications • 4 conference papers • 2 workshop papers • Credit to the students for all their great work! WP1 — 2018-09 » 26
• SC1: vulnerability-tolerant channels • vtTLS evaluation • Evaluated: handshake, data transfer overhead • SC2: protected channels • sKnock • Evaluated: latency, scalability • SC3: route-aware channels • Premium (Machete + Darshana) • Evaluated: best number of multiple paths, multi-homing • Evaluated: thresholds, false positives, false negatives Testing and Evaluation WP1 — 2018-09 » 27
• github.com/safecloud-project/vtTLS • github.com/safecloud-project/sKnock • github.com/safecloud-project/Premium Contributions to open-source community WP1 — 2018-09 » 28
Conclusion WP1 — 2018-09 » 29
Conclusion • SafeCloud made secure channels more robust by leveraging diversity in multiple ways • Solutions can be combined • Better security: • Between endpoints and clouds • Between people and the services they use • Both for personal and corporate data WP1 — 2018-09 » 30
Thank you! WP 1: Secure Communication

Recommandé

Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 PresentationAmy McMullin
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote AccessMLG College of Learning, Inc
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloudjon_graham1977
 
CDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsCDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsDefence and Security Accelerator
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks UBT - Higher Education Institution
 
WP4 - Deployment of "smart" services toolkit
WP4 - Deployment of "smart" services toolkitWP4 - Deployment of "smart" services toolkit
WP4 - Deployment of "smart" services toolkiti-SCOPE Project
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Cohesive Networks
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWJournal For Research
 

Recommandé

Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 PresentationAmy McMullin
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote AccessMLG College of Learning, Inc
 
Interoute VDC: Education from the cloud
Interoute VDC: Education from the cloudInteroute VDC: Education from the cloud
Interoute VDC: Education from the cloudjon_graham1977
 
CDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsCDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsDefence and Security Accelerator
 
Virtual private networks
Virtual private networks Virtual private networks
Virtual private networks UBT - Higher Education Institution
 
WP4 - Deployment of "smart" services toolkit
WP4 - Deployment of "smart" services toolkitWP4 - Deployment of "smart" services toolkit
WP4 - Deployment of "smart" services toolkiti-SCOPE Project
 
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...
Chris Purrington's talk from CLOUDSEC 2016 "Defense in depth: practical steps...Cohesive Networks
 
CLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWCLOUD STEGANOGRAPHY- A REVIEW
CLOUD STEGANOGRAPHY- A REVIEWJournal For Research
 
01_Introduction to Data Comm - Copy - Copy.ppt
01_Introduction to Data Comm - Copy - Copy.ppt01_Introduction to Data Comm - Copy - Copy.ppt
01_Introduction to Data Comm - Copy - Copy.pptwakosafayi
 
SecureCloud Project
SecureCloud ProjectSecureCloud Project
SecureCloud ProjectEUBrasilCloudFORUM .
 
Standardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MStandardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MNicolas Damour
 
SESAR Project Awards - Best in class Nomination for Pj14.01.04
SESAR Project Awards - Best in class Nomination for Pj14.01.04SESAR Project Awards - Best in class Nomination for Pj14.01.04
SESAR Project Awards - Best in class Nomination for Pj14.01.04Leonardo
 
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docxKenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docxLaticiaGrissomzz
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingINFOGAIN PUBLICATION
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanKen Chan
 
Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...David Chambers
 
3 keys to Digital transformation
3 keys to Digital transformation 3 keys to Digital transformation
3 keys to Digital transformation Equinix
 
Basic networking
Basic networkingBasic networking
Basic networkingSiddique Ibrahim
 
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTConnectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTSolace
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...IRJET Journal
 
Advanced computer network
Advanced computer networkAdvanced computer network
Advanced computer networkTrinity Dwarka
 
Cloud computing
Cloud computingCloud computing
Cloud computingSSMTUTORIALSTUTORIAL
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.pptchelsi33
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateDavid Chambers
 
DCN 5th ed. slides ch01-Introduction.pdf
DCN 5th ed. slides ch01-Introduction.pdfDCN 5th ed. slides ch01-Introduction.pdf
DCN 5th ed. slides ch01-Introduction.pdfBilal Munir Mughal
 
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureSecurity Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureStuart Bennett
 
Master Beginners Workshop - Feb 2023
Master Beginners Workshop - Feb 2023Master Beginners Workshop - Feb 2023
Master Beginners Workshop - Feb 2023Miguel Pardal
 
Master Beginners Workshop - September 2019
Master Beginners Workshop - September 2019Master Beginners Workshop - September 2019
Master Beginners Workshop - September 2019Miguel Pardal
 

Contenu connexe

Similaire à SafeCloud Secure Communication solutions (WP1 overview)

01_Introduction to Data Comm - Copy - Copy.ppt
01_Introduction to Data Comm - Copy - Copy.ppt01_Introduction to Data Comm - Copy - Copy.ppt
01_Introduction to Data Comm - Copy - Copy.pptwakosafayi
 
Standardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MStandardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MNicolas Damour
 
SESAR Project Awards - Best in class Nomination for Pj14.01.04
SESAR Project Awards - Best in class Nomination for Pj14.01.04SESAR Project Awards - Best in class Nomination for Pj14.01.04
SESAR Project Awards - Best in class Nomination for Pj14.01.04Leonardo
 
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docxKenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docxLaticiaGrissomzz
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingINFOGAIN PUBLICATION
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanKen Chan
 
Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...David Chambers
 
3 keys to Digital transformation
3 keys to Digital transformation 3 keys to Digital transformation
3 keys to Digital transformation Equinix
 
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTConnectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTSolace
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...IRJET Journal
 
Advanced computer network
Advanced computer networkAdvanced computer network
Advanced computer networkTrinity Dwarka
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.pptchelsi33
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateDavid Chambers
 
DCN 5th ed. slides ch01-Introduction.pdf
DCN 5th ed. slides ch01-Introduction.pdfDCN 5th ed. slides ch01-Introduction.pdf
DCN 5th ed. slides ch01-Introduction.pdfBilal Munir Mughal
 
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureSecurity Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureStuart Bennett
 

Similaire à SafeCloud Secure Communication solutions (WP1 overview) (20)

01_Introduction to Data Comm - Copy - Copy.ppt
01_Introduction to Data Comm - Copy - Copy.ppt01_Introduction to Data Comm - Copy - Copy.ppt
01_Introduction to Data Comm - Copy - Copy.ppt
 
SecureCloud Project
SecureCloud ProjectSecureCloud Project
SecureCloud Project
 
Standardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MStandardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2M
 
SESAR Project Awards - Best in class Nomination for Pj14.01.04
SESAR Project Awards - Best in class Nomination for Pj14.01.04SESAR Project Awards - Best in class Nomination for Pj14.01.04
SESAR Project Awards - Best in class Nomination for Pj14.01.04
 
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docxKenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
Kenneth J. Sousa Effy OzMANAGEMENTINFORMATIONSYST.docx
 
Various Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud ComputingVarious Security Issues and their Remedies in Cloud Computing
Various Security Issues and their Remedies in Cloud Computing
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Challenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y ChanChallenges with Cloud Security by Ken Y Chan
Challenges with Cloud Security by Ken Y Chan
 
Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...Outsourcing small cell deployment - How process automation tools can enable ...
Outsourcing small cell deployment - How process automation tools can enable ...
 
3 keys to Digital transformation
3 keys to Digital transformation 3 keys to Digital transformation
3 keys to Digital transformation
 
Basic networking
Basic networkingBasic networking
Basic networking
 
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOTConnectivité temps réel et bi-directionnelle ​ pour solutions IOT
Connectivité temps réel et bi-directionnelle ​ pour solutions IOT
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
SECURITY IN COULD DATA STORAGE USING SOFT COMPUTING TECHNIQUES AND ELGAMAL CR...
 
Advanced computer network
Advanced computer networkAdvanced computer network
Advanced computer network
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
12-cloud-security.ppt
12-cloud-security.ppt12-cloud-security.ppt
12-cloud-security.ppt
 
Scaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequateScaling small cell deployment - Why current tools are inadequate
Scaling small cell deployment - Why current tools are inadequate
 
DCN 5th ed. slides ch01-Introduction.pdf
DCN 5th ed. slides ch01-Introduction.pdfDCN 5th ed. slides ch01-Introduction.pdf
DCN 5th ed. slides ch01-Introduction.pdf
 
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructureSecurity Issues and challenges with Wireless M2M utilising Cloud infrastructure
Security Issues and challenges with Wireless M2M utilising Cloud infrastructure
 

Plus de Miguel Pardal

Master Beginners Workshop - Feb 2023
Master Beginners Workshop - Feb 2023Master Beginners Workshop - Feb 2023
Master Beginners Workshop - Feb 2023Miguel Pardal
 
Master Beginners Workshop - September 2019
Master Beginners Workshop - September 2019Master Beginners Workshop - September 2019
Master Beginners Workshop - September 2019Miguel Pardal
 
Master Beginners' Workshop September 2018
Master Beginners' Workshop September 2018Master Beginners' Workshop September 2018
Master Beginners' Workshop September 2018Miguel Pardal
 
IoT Middleware for Precision Agriculture: workforce monitoring in olive fields
IoT Middleware for Precision Agriculture: workforce monitoring in olive fieldsIoT Middleware for Precision Agriculture: workforce monitoring in olive fields
IoT Middleware for Precision Agriculture: workforce monitoring in olive fieldsMiguel Pardal
 
Rastreabilidade na Internet das (muitas) Coisas
Rastreabilidade na Internet das (muitas) CoisasRastreabilidade na Internet das (muitas) Coisas
Rastreabilidade na Internet das (muitas) CoisasMiguel Pardal
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityMiguel Pardal
 
Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...
Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...
Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...Miguel Pardal
 
Precision Agriculture with Sensors and Technologies from the Internet of Things
Precision Agriculture with Sensors and Technologies from the Internet of ThingsPrecision Agriculture with Sensors and Technologies from the Internet of Things
Precision Agriculture with Sensors and Technologies from the Internet of ThingsMiguel Pardal
 
Smart Places INForum16 presentation
Smart Places INForum16 presentationSmart Places INForum16 presentation
Smart Places INForum16 presentationMiguel Pardal
 
Eclipse workshop presentation (March 2016)
Eclipse workshop presentation (March 2016)Eclipse workshop presentation (March 2016)
Eclipse workshop presentation (March 2016)Miguel Pardal
 
LaTeX workshop (NEB)
LaTeX workshop (NEB)LaTeX workshop (NEB)
LaTeX workshop (NEB)Miguel Pardal
 
Thesis for beginners 2015-10
Thesis for beginners 2015-10Thesis for beginners 2015-10
Thesis for beginners 2015-10Miguel Pardal
 
LaTeX workshop (JEQ)
LaTeX workshop (JEQ)LaTeX workshop (JEQ)
LaTeX workshop (JEQ)Miguel Pardal
 
Thesis for beginners
Thesis for beginnersThesis for beginners
Thesis for beginnersMiguel Pardal
 
Scalable and secure RFID data discovery
Scalable and secure RFID data discoveryScalable and secure RFID data discovery
Scalable and secure RFID data discoveryMiguel Pardal
 
Breve introdução à investigação
Breve introdução à investigaçãoBreve introdução à investigação
Breve introdução à investigaçãoMiguel Pardal
 
Eclipse workshop presentation
Eclipse workshop presentationEclipse workshop presentation
Eclipse workshop presentationMiguel Pardal
 
BEST Lisboa 2013 - The Internet of Things class
BEST Lisboa 2013 - The Internet of Things classBEST Lisboa 2013 - The Internet of Things class
BEST Lisboa 2013 - The Internet of Things classMiguel Pardal
 
Expressive RFID data access policies for the Pharmaceuticals supply chain
Expressive RFID data access policies for the Pharmaceuticals supply chainExpressive RFID data access policies for the Pharmaceuticals supply chain
Expressive RFID data access policies for the Pharmaceuticals supply chainMiguel Pardal
 

Plus de Miguel Pardal (20)

Master Beginners Workshop - Feb 2023
Master Beginners Workshop - Feb 2023Master Beginners Workshop - Feb 2023
Master Beginners Workshop - Feb 2023
 
Master Beginners Workshop - September 2019
Master Beginners Workshop - September 2019Master Beginners Workshop - September 2019
Master Beginners Workshop - September 2019
 
Master Beginners' Workshop September 2018
Master Beginners' Workshop September 2018Master Beginners' Workshop September 2018
Master Beginners' Workshop September 2018
 
IoT Middleware for Precision Agriculture: workforce monitoring in olive fields
IoT Middleware for Precision Agriculture: workforce monitoring in olive fieldsIoT Middleware for Precision Agriculture: workforce monitoring in olive fields
IoT Middleware for Precision Agriculture: workforce monitoring in olive fields
 
Rastreabilidade na Internet das (muitas) Coisas
Rastreabilidade na Internet das (muitas) CoisasRastreabilidade na Internet das (muitas) Coisas
Rastreabilidade na Internet das (muitas) Coisas
 
Vulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer SecurityVulnerability-tolerant Transport Layer Security
Vulnerability-tolerant Transport Layer Security
 
Master Beginners
Master BeginnersMaster Beginners
Master Beginners
 
Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...
Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...
Arranque Seguro de Redes 6LoWPAN para prevenir Ataques Vampiro na Internet da...
 
Precision Agriculture with Sensors and Technologies from the Internet of Things
Precision Agriculture with Sensors and Technologies from the Internet of ThingsPrecision Agriculture with Sensors and Technologies from the Internet of Things
Precision Agriculture with Sensors and Technologies from the Internet of Things
 
Smart Places INForum16 presentation
Smart Places INForum16 presentationSmart Places INForum16 presentation
Smart Places INForum16 presentation
 
Eclipse workshop presentation (March 2016)
Eclipse workshop presentation (March 2016)Eclipse workshop presentation (March 2016)
Eclipse workshop presentation (March 2016)
 
LaTeX workshop (NEB)
LaTeX workshop (NEB)LaTeX workshop (NEB)
LaTeX workshop (NEB)
 
Thesis for beginners 2015-10
Thesis for beginners 2015-10Thesis for beginners 2015-10
Thesis for beginners 2015-10
 
LaTeX workshop (JEQ)
LaTeX workshop (JEQ)LaTeX workshop (JEQ)
LaTeX workshop (JEQ)
 
Thesis for beginners
Thesis for beginnersThesis for beginners
Thesis for beginners
 
Scalable and secure RFID data discovery
Scalable and secure RFID data discoveryScalable and secure RFID data discovery
Scalable and secure RFID data discovery
 
Breve introdução à investigação
Breve introdução à investigaçãoBreve introdução à investigação
Breve introdução à investigação
 
Eclipse workshop presentation
Eclipse workshop presentationEclipse workshop presentation
Eclipse workshop presentation
 
BEST Lisboa 2013 - The Internet of Things class
BEST Lisboa 2013 - The Internet of Things classBEST Lisboa 2013 - The Internet of Things class
BEST Lisboa 2013 - The Internet of Things class
 
Expressive RFID data access policies for the Pharmaceuticals supply chain
Expressive RFID data access policies for the Pharmaceuticals supply chainExpressive RFID data access policies for the Pharmaceuticals supply chain
Expressive RFID data access policies for the Pharmaceuticals supply chain
 

Dernier

Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Lokesh Kothari
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRDelhi Call girls
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...Sérgio Sacani
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCESTERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCEPRINCE C P
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Sérgio Sacani
 
Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )aarthirajkumar25
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfSumit Kumar yadav
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfSumit Kumar yadav
 
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxBroad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxjana861314
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)PraveenaKalaiselvan1
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfSumit Kumar yadav
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfmuntazimhurra
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)Areesha Ahmad
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
DIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSSDIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSSLeenakshiTyagi
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksSérgio Sacani
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000Sapana Sha
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsSérgio Sacani
 

Dernier (20)

Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
Engler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomyEngler and Prantl system of classification in plant taxonomy
Engler and Prantl system of classification in plant taxonomy
 
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCESTERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
STERILITY TESTING OF PHARMACEUTICALS ppt by DR.C.P.PRINCE
 
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
Discovery of an Accretion Streamer and a Slow Wide-angle Outflow around FUOri...
 
Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )
 
Chemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdfChemistry 4th semester series (krishna).pdf
Chemistry 4th semester series (krishna).pdf
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdf
 
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptxBroad bean, Lima Bean, Jack bean, Ullucus.pptx
Broad bean, Lima Bean, Jack bean, Ullucus.pptx
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)
 
Botany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdfBotany 4th semester file By Sumit Kumar yadav.pdf
Botany 4th semester file By Sumit Kumar yadav.pdf
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdf
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
DIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSSDIFFERENCE IN BACK CROSS AND TEST CROSS
DIFFERENCE IN BACK CROSS AND TEST CROSS
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disks
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
 

SafeCloud Secure Communication solutions (WP1 overview)

  • 2. Outline • Objectives and summary • Secure communication solutions • Achievements WP1 — 2018-09 » 2
  • 3. WP1 — objectives and summary • Provide middleware services to improve the privacy and security of cloud communications in the SafeCloud platform • Protect data when downloading (and uploading) from the cloud • Provide same properties as secure channels: confidentiality, integrity, authenticity • But assuming more powerful adversaries that may break some assumptions that make existing channels secure WP1 — 2018-09 » 3
  • 4. Standard secure channel • The most adopted protocol is SSL/TLS • HTTPS = HTTP overTLS WP1 — 2018-09 » 4
  • 5. How can aTLS channel become insecure 1. A vulnerability appears in one component 2. An old vulnerability in one of the components is not fixed 3.There is an unknown (0-day) vulnerability in one of the components 4.There is a vulnerability that seems to be impossible to exploit, but that can be exploited by a strong adversary, e.g., a nation state WP1 — 2018-09 » 5
  • 6. Specific threats • Weak cryptographic components • DES, RC4, MD5, SHA-1 • Service identification • Well-known ports are vulnerable to port scanning and fingerprinting • Route attacks • Man-in-the-middle attacks • Attacker intercepts communication • Route hijacking • Traffic may be deviated and then eavesdropped WP1 — 2018-09 » 6
  • 7. Summary of security requirements • For the attacker to break the confidentiality, privacy or integrity of a secure channel, he must: (i) find a vulnerability in the channel (ii) gain access to the endpoint machines (iii) intercept communication path WP1 — 2018-09 » 7
  • 9. Middleware requirements • Two forms of communication: • Machine-to-cloud and • Cloud-to-cloud • Unicast communication between two endpoints • Endpoints: clients, machines in clouds • We do not envisage the need to protect data privacy in multicast, anycast or broadcast communications • Connection-oriented • Similar to protocols likeTLS overTCP • Implemented at application layer of the OSI model • Difficult to deploy mechanisms at lower layers in the Internet WP1 — 2018-09 » 9
  • 11. Secure Communication Solutions • SC1: vulnerability-tolerant channels • vtTLS • Multiple cryptographic layers • SC2: protected channels • sKnock • Port knocking • SC3: route-aware channels • Premium (Machete + Darshana) • Multi-path and route monitoring WP1 — 2018-09 » 11
  • 12. Core insight • Make secure channels more robust by leveraging diversity in multiple ways: • SC1 • Cipher suites • Protocol implementations • SC2 • Access controls • SC3 • Communication paths • Route monitoring techniques WP1 — 2018-09 » 12
  • 13. SC1: vulnerability-tolerant channels WP1 — 2018-09 » 13 Combine several cryptographic suites
  • 14. SC2: protected channels WP1 — 2018-09 » 14 Add multiple layers of access control
  • 15. SC3: route-aware channels WP1 — 2018-09 » 15 Use multiple paths, monitor geo-bounds
  • 16. Addressing security requirements with SafeCloud communication solutions Attacker must: SC1: vulnerability- tolerant channels SC2: protected channels SC3: route-aware channels (i) find a vulnerability in the channel (ii) gain access to the endpoint machines (iii) intercept communication flow SC – Secure Communication solution
  • 17. Solutions can be composed • Example: SC1 + SC2 = vulnerability-tolerant channels + protected channels = vtTLS + sKnock = vulnerability-tolerant, multiple protection channel WP1 — 2018-09 » 17
  • 18. Server is protected by a firewall WP1 — 2018-09 » 18
  • 19. Client can open the firewall with an authenticated packet WP1 — 2018-09 » 19
  • 20. Add first layer of protection WP1 — 2018-09 » 20
  • 21. Add additional layer of protection WP1 — 2018-09 » 21
  • 22. Client and server exchange data securely WP1 — 2018-09 » 22
  • 24. All tasks completed • T1.1 — Communication architecture [M1-M6] • T1.2 —Vulnerability-tolerant channels [M1-30] • T1.3 — Protected service provisioning [M1-30] • T1.4 — Route monitoring [M1-30] • T1.5 — Multi-path communication [M1-30] WP1 — 2018-09 » 24
  • 25. All deliverables completed • D1.1 — Private communication middleware architecture [M6; IN-ID] • D1.2 — First version of the private communication middleware components [M18; IN-ID] • D1.3 — Final version of the private communication middleware [M30; IN-ID] WP1 — 2018-09 » 25
  • 26. Scientific work • Graduations • 5 students at INESC-ID • 10 students atTUM • Publications • 4 conference papers • 2 workshop papers • Credit to the students for all their great work! WP1 — 2018-09 » 26
  • 27. • SC1: vulnerability-tolerant channels • vtTLS evaluation • Evaluated: handshake, data transfer overhead • SC2: protected channels • sKnock • Evaluated: latency, scalability • SC3: route-aware channels • Premium (Machete + Darshana) • Evaluated: best number of multiple paths, multi-homing • Evaluated: thresholds, false positives, false negatives Testing and Evaluation WP1 — 2018-09 » 27
  • 28. • github.com/safecloud-project/vtTLS • github.com/safecloud-project/sKnock • github.com/safecloud-project/Premium Contributions to open-source community WP1 — 2018-09 » 28
  • 30. Conclusion • SafeCloud made secure channels more robust by leveraging diversity in multiple ways • Solutions can be combined • Better security: • Between endpoints and clouds • Between people and the services they use • Both for personal and corporate data WP1 — 2018-09 » 30
  • 31. Thank you! WP 1: Secure Communication