Collaboration Award 2019

The CROSSING Collaboration Award

The CROSSING Collaboration Award is presented for excellent internal collaborative work and outstanding progress in research collaborations within CROSSING, for which all members of the CRC are eligible. It is awarded annually by the CROSSING directorate. Eligible for the Award is any collaboration between projects, for example joint publications, contributions to CogniCrypt, joint software tools or demonstrators or joint bachelor or master thesis.

Winners of the Collaboration Award get a trophy and certificate, and each collaborator receives funds for conference or workshop participation (travel, accommodation, conference fee), freely selectable by the price winners.

Winner 2019: Safe: A Secure and Efficient Long-Term Distributed Storage System

Tommaso Frassetto, Ghada Dessouky, and Shaza Zeitouni with Prof. Thomas Schneider, Prof. Stefan Katzenbeisser, and CROSSING Spokesperson Prof. Johannes Buchmann (from left to right; missing: Giulia Traverso and Ágnes Kiss); Photo: Ann-Kathrin Braun – © Ann-Kathrin Braun
Tommaso Frassetto, Ghada Dessouky, and Shaza Zeitouni with Prof. Thomas Schneider, Prof. Stefan Katzenbeisser, and CROSSING Spokesperson Prof. Johannes Buchmann (from left to right; missing: Giulia Traverso and Ágnes Kiss); Photo: Ann-Kathrin Braun

Abstract:
Due to advances in cryptanalysis and quantum computing, longterm secure storage of sensitive data cannot rely on current encryption, especially when the storage service is hosted by third-party cloud computing providers. One approach to achieve long-term secure storage is secret sharing-based distributed storage systems, where shares of data are generated and distributed to multiple storage servers. Data confidentiality and integrity are maintained by periodically renewing the shares and verifying the consistency of the shares using commitment schemes. However, protecting outsourced data in such scenarios remains prohibitively costly and impractical: Share renewal requires an information-theoretically secure channel between any two storage servers and long-term confidential commitment schemes are computationally impractical for large files.

In this paper, we present Safe, a secret sharing-based long-term secure distributed storage system that leverages a Trusted Execution Environment (TEE). Share generation and renewal are performed inside the TEE and the shares are securely distributed to the storage servers.We propose optimized protocols for Safe where significantly fewer information-theoretically secure channels are required than in state-of-the-art long-term secure storage systems, and computationally binding commitment schemes are replaced by more efficient computationally secure signatures. We prototype Safe protocols using a TEE instantiation, and show their efficiency, even for large files, compared to existing schemes. Safe is TEEagnostic, as it allows seamless migration from one TEE to another while maintaining the same security guarantees.

Link to the Paper

Safe: A Secure and Efficient Long-Term Distributed Storage System (unpublished)

Contact

Project P3, Project E4, Project S2, Project S6