SafeCloud Platform

Communication Vulnerability-tolerant channels
vtTLS is a protocol that provides vulnerability-tolerant secure communication channels. These channels are characterized by not relying on individual cryptographic mechanisms, so that if one is found vulnerable (or possibly a few of them) the channels remain secure. The idea is to leverage diversity and redundancy of cryptographic mechanisms and keys, i.e., the use respectively of different and more than one set of mechanisms/keys.
Protected channels
Port-Knocking using certificates instead of pre-shared keys.
Route-aware channels
MACHETE is an implementation of route-aware channels which provide active and passive methods to detect anomalies in the network path. This helps to detect IP prefix hijacking. Also multiple network paths are used to make eavesdropping on the connection harder.
Storage Secure block storage
SafeFS is a software-defined file system based on a modular architecture featuring stackable layers that can be combined to construct a secure distributed file system. SafeFS allows users to specialize their data store to their specific needs by choosing the combination of layers that provide the best safety and performance tradeoffs. The prototype is implemented in user space using FUSE. The provided layers include mechanisms based on encryption, replication, and coding.
Long-term distributed encrypted data storage
This SafeCloud service provides a long-term distributed encrypted data storage. It builds on top of SafeFS and makes the stored data tamper-resistant. Documents stored using the service will be stored redundantly and will be protected against tampering with coding and entanglement techniques, i.e., they are encoded and combined with previous documents to ensure that no party can modify or delete them without affecting a significant portion of all documents.
Secure file system
This SafeCloud solution provides a distributed file system. It adds a FUSE-based filesystem API on top of the secure block storage solution. The API is designed to be mostly POSIX compliant. This is an abstraction leveraged by the other two storage solutions.
Queries Secure database server
This SafeCloud solution provides a secure database querying capability with the following deployment scenario: Data Owner has a trusted deployment and a single Service Provider with an untrusted deployment is used. The data is protected from the Service Provider but it can still be queried by a trusted Data Owner using SQL or a Java NoSQL interface. Multiple cryptographic techniques with specific tradeoffs between security and functionality are supported.
Secure multi-cloud database server
This SafeCloud solution provides a secure database querying capability. The data is securely stored by multiple untrusted Service Providers but can be queried by a trusted Data Owner using SQL or a Java NoSQL interface. The design considers a scenario where multiple untrusted deployments are available which enables complex trust models, where cryptographic techniques can be employed that benefit from this characteristic.
Secure multi-cloud application server
Sharemind-sql provides a secure database querying and generic secure processing capability. It considers multiple (mutually untrusted) clients, allowing for joint querying of sensitive data for aggregated results, protecting the confidentiality of individual entries.