Secure and Scalable Key and Access Control Management

Cloud storage service provides a new way for user to store and access their files anytime anywhere. It also allows user to share their files or collaborate with other users that is useful to increase the productivity and creativity in the workplace. But this certainly raises the challenge of key management in cloud storage service as the number of encrypted key needed to access the file is increased linearly depending on the number of users have access to it due to public key infrastructure (PKI) as the standard used in the cloud storage service. Access control is also another challenge that needs to be solved by cloud storage service to ensure that only the authorized user can access the files stored in the cloud.

One of the solutions to solve these challenges is attribute-based encryption (ABE). ABE is an encryption type that uses set of descriptive attributes to secure the data with the encrypted data can only be accessed if attributes of the user fulfils the set of attributes of the encrypted data. It provides encrypted hierarchical and role-based access control and file-level security into the file as only the authorized user with the correct attributes can access the file. We leverage ABE for our multi-cloud storage solution of CloudRAID as it provides secure and scalable key and access control management. For each file stored in the cloud it only requires one encrypted key that can be accessed if the user has enough attributes to be authorized to access the file.

Multi-Cloud Resource Access Control

Cloud computing presents several attractive benefits such as increased productivity, flexible access to resources and reduced costs. In order to leverage these benefits, a common challenge faced is selection of appropriate cloud services for specific tasks. Multi-cloud platforms have emerged as a way for overcoming this challenge by combining several cloud services in order to maximize the advantages of the cloud. However, multi-cloud systems present several challenges owing to inadequate cross-provider APIs, lack of cloud computing standards and non-unified access control mechanisms.

Our research focuses on mitigating these concerns in the context of access control mechanisms in multi-cloud storage solution of CloudRAID. We propose unified access control model for multi-cloud storage where we leverage different access control models provided by multiple cloud storage services in order to give the access for cloud storage's stakeholders to resources in multiple cloud storage services. We follow privilege separation concept and least privilege principle to ensure that the cloud resources are secured and can only be accessed by its authorized stakeholders with limited allowed actions. And finally we leverage on the concept of "Signed URLs" to provide centralized and unified access control in multiple cloud storage services. These approaches could be deployed as a central authentication system for enterprise multi-cloud platforms with the advantage of seamless integration with enterprise authentication protocols.

Contact us!

Want to contact us for a coffee, question or chat? Feel free to contact us: sec-eng-webadmin(at)hpi.de

News

July 2022

HPI Cybersecurity Courses for German-Chinese Summer School at Nanjing University

HPI has maintained close relations with well-known Chinese universities for more than two decades and opened its own HPI Research School at Nanjing University back in 2011. As part of an interdisciplinary summer school at Nanjng University, HPI specifically offered a Lecture Series on cybersecurity from July 5 to 7, 2022.

June 2022

Announcement: The free Online-Course "Tatort Internet: Auflage 2022" (German) starts in October. In the Course, Prof. Meinel and the Security-Team present fundamentals of IT-Security as well as current news on security around the world. You can enroll into the course already from today so that you do not miss the start in October!

May 2022

openHPI-Kurs: Cloud Computing (German) presented by Prof. Meinel, Hendrik Steinbeck and Daniel Köhler. Aside the fundamentals on Cloud Computing and it's enablers such as the Internet and Virtualization, the course further touches on areas such as Risks and Responsibilities when using or providing cloud services.

Edit: The course has finished, but the teaching-material is still available for self-paced study!

March 2022

[German] DDoS-Attacks: What are they and how do they work?

The attack from Russia against the Ukraine is not only run in the physical world. Cyber-War is becoming more and more prominent and the Online-Activists Anonymous have started to perform DDoS-Attacks against Russion webpages, companies and servers. In the German Interview, Daniel Köhler explains, what DDoS-Attacks are and how they are usually run.

January 2022

In January, a repetition of our English-language cybersecurity series started on openHPI with the course Confidential Communication in the Internet.

Join the Team!

Teaching

Sommer Semester 2024

Master Seminar: Emerging Technologies for Security Operations

Winter Semester 2023/44

Bachelor Seminar: Big Data Security Analytics
Master Seminar: Network Security in Practice
Master Project
- Towards Red Team Exercising

Team

Supervisor: Prof. Dr. sc. nat., Dr. rer. nat. Christoph Meinel
Head & Senior Researcher: Dr. rer. nat. Feng Cheng
PostDoc/PhD Students/Research Assistants:
- Dr.-Ing.Pejman Najafi
- Eric Klieme, M.Sc.
- Alexander Mühle, M.Sc.
- Daniel Köhler, M.Eng.
- Mehryar Majd, M.Sc.
- Farzad Motlagh, M.Sc.
- Mehrdad Hajizadeh, M.Sc. (Visiting PhD Student, TU Chemnitz)
- Dominic Schaa (Master student assistant)
- Jonas Schmitz (ongoing Master thesis)
- Lars Prepens (ongoing Master thesis)
- Lieven Leue (ongoing Master thesis)
- Mohamed Budagow (ongoing Master thesis)
External PhD Students:
- Hendrik Graupner M.Sc. (with Bundesdruckerei GmbH)
- Kennedy Torkura, M.Sc. (external, Mitigant GmbH, Potsdam)
- Kaja Schmidt, M.Sc. (with European Commision)
Former Team Members