Nov 24 2015

Focus on a joint research project: CLOUDY

CLOUDY (2012-2014)

Secure and private distributed storage and publication in the future internet

Principal Investigators :

  • Dr. Claude Castelluccia, PRIVATICS project-team, Inria Grenoble Rhône Alpes
  • Prof. Dawn Song, University of California Berkeley
  • Prof. Gene Tsudik, University of California Irvine

    Top is the modified gray-scale version of the image, bottom is the Mooney version of the gray- scale image. Copyright for the original image by Alex Pepperhill (CC by 2.0, source: http://tinyurl.com/nhtlsfh)

    Top is the modified gray-scale version of the
    image, bottom is the Mooney version of the gray-scale image.
    Copyright for the original image by Alex Pepperhill
    (CC by 2.0, source: http://tinyurl.com/nhtlsfh)

Research objectives:

The customers of cloud applications benefit from outsourcing the management of their computing infrastructure to a third-party cloud provider. However, the customer has to assume that the “cloud” always remains confidential, available, fault-tolerant, well managed, properly backed-up and protected from natural accidents as well as intentional attacks. The main goal of CLOUDY is to study various aspects of Cloud Computing Security and Privacy.

Scientific achievements:

CLOUDY research spanned:
  • Password security: The work led to: (i) a novel password cracker based on Markov models; and (ii) investigating how additional personal information about a user helps in speeding up password guessing.
  • New authentication schemes: The team studied a new type of knowledge-based authentication scheme MooneyAuth, which eases the high cognitive load of passwords. It is based on implicit visual memory and is a graphical authentication scheme, which requires users to recognize degraded two-tone images that contain a hidden object.
  • Twitter privacy: The work explores linkability of tweets based on a very large corpus of tweets, and demonstrates that, at least for relatively active tweeters, linkability of tweets by the same author is easily attained even with a large number of tweeters.

Publications and Awards:

  • 3 Conference & 1 Workshop papers.

Selected publication:

C. Castelluccia, M. Duermuth, D. Perito. Adaptive Password Strength Meters from Markov Models, Network and Distributed Systems Security Symposium (NDSS), February 2012.

Follow up:

Most current security systems are not user-friendly and impose a strong cognitive burden on human users. Planned future work then includes exploring how new ”health” related devices (such as EEG) and various monitoring sensors could be used to develop novel and practical authentication schemes.

More about CLOUDY: http://planete.inrialpes.fr/cloudy-associated-team/