Implementing fully homomorphic encryption schemes in FPGA-based systems

LLas nuevas tecnologías orientadas a la nube, el internet de las cosas o las tendencias "as a service" se basan en el almacenamiento y procesamiento de datos en servidores remotos. Para garantizar la seguridad en la comunicación de dichos datos al servidor remoto, y en el manejo de los mismos en dicho servidor, se hace uso de diferentes esquemas criptográficos. Tradicionalmente, dichos sistemas criptográficos se centran en encriptar los datos mientras no sea necesario procesarlos (es decir, durante la comunicación y almacenamiento de los mismos). Sin embargo, una vez es necesario procesar dichos datos encriptados (en el servidor remoto), es necesario desencriptarlos, momento en el cual un intruso en dicho servidor podría a acceder a datos sensibles de usuarios del mismo. Es más, este enfoque tradicional necesita que el servidor sea capaz de desencriptar dichos datos, teniendo que confiar en la integridad de dicho servidor de no comprometer los datos. Como posible solución a estos problemas, surgen los esquemas de encriptación homomórficos completos. Un esquema homomórfico completo no requiere desencriptar los datos para operar con ellos, sino que es capaz de realizar las operaciones sobre los datos encriptados, manteniendo un homomorfismo entre el mensaje cifrado y el mensaje plano. De esta manera, cualquier intruso en el sistema no podría robar más que textos cifrados, siendo imposible un robo de los datos sensibles sin un robo de las claves de cifrado. Sin embargo, los esquemas de encriptación homomórfica son, actualmente, drás-ticamente lentos comparados con otros esquemas de encriptación clásicos. Una op¬eración en el anillo del texto plano puede conllevar numerosas operaciones en el anillo del texto encriptado. Por esta razón, están surgiendo distintos planteamientos sobre como acelerar estos esquemas para un uso práctico. Una de las propuestas para acelerar los esquemas homomórficos consiste en el uso de High-Performance Computing (HPC) usando FPGAs (Field Programmable Gate Arrays). Una FPGA es un dispositivo semiconductor que contiene bloques de lógica cuya interconexión y funcionalidad puede ser reprogramada. Al compilar para FPGAs, se genera un circuito hardware específico para el algorithmo proporcionado, en lugar de hacer uso de instrucciones en una máquina universal, lo que supone una gran ventaja con respecto a CPUs. Las FPGAs tienen, por tanto, claras difrencias con respecto a CPUs: -Arquitectura en pipeline: permite la obtención de outputs sucesivos en tiempo constante -Posibilidad de tener multiples pipes para computación concurrente/paralela. Así, en este proyecto: -Se realizan diferentes implementaciones de esquemas homomórficos en sistemas basados en FPGAs. -Se analizan y estudian las ventajas y desventajas de los esquemas criptográficos en sistemas basados en FPGAs, comparando con proyectos relacionados. -Se comparan las implementaciones con trabajos relacionados New cloud-based technologies, the internet of things or "as a service" trends are based in data storage and processing in a remote server. In order to guarantee a secure communication and handling of data, cryptographic schemes are used. Tradi¬tionally, these cryptographic schemes focus on guaranteeing the security of data while storing and transferring it, not while operating with it. Therefore, once the server has to operate with that encrypted data, it first decrypts it, exposing unencrypted data to intruders in the server. Moreover, the whole traditional scheme is based on the assumption the server is reliable, giving it enough credentials to decipher data to process it. As a possible solution for this issues, fully homomorphic encryption(FHE) schemes is introduced. A fully homomorphic scheme does not require data decryption to operate, but rather operates over the cyphertext ring, keeping an homomorphism between the cyphertext ring and the plaintext ring. As a result, an outsider could only obtain encrypted data, making it impossible to retrieve the actual sensitive data without its associated cypher keys. However, using homomorphic encryption(HE) schemes impacts performance dras-tically, slowing it down. One operation in the plaintext space can lead to several operations in the cyphertext space. Because of this, different approaches address the problem of speeding up these schemes in order to become practical. One of these approaches consists in the use of High-Performance Computing (HPC) using FPGAs (Field Programmable Gate Array). An FPGA is an integrated circuit designed to be configured by a customer or a designer after manufacturing - hence "field-programmable". Compiling into FPGA means generating a circuit (hardware) specific for that algorithm, instead of having an universal machine and generating a set of machine instructions. FPGAs have, thus, clear differences compared to CPUs: - Pipeline architecture, which allows obtaining successive outputs in constant time. -Possibility of having multiple pipes for concurrent/parallel computation. Thereby, In this project: -We present different implementations of FHE schemes in FPGA-based systems. -We analyse and study advantages and drawbacks of the implemented FHE schemes, compared to related work.

Generadores ScalaCheck para property-based testing de programas Spark y Spark Streaming

En los últimos años hemos sido testigos de la expansión del paradigma big data a una velocidad vertiginosa. Los cambios en este campo, nos permiten ampliar las áreas a tratar; lo que a su vez implica una mayor complejidad de los sistemas software asociados a estas tareas, como sucede en sistemas de monitorización o en el Internet de las Cosas (Internet of Things). Asimismo, la necesidad de implementar programas cada vez robustos y eficientes, es decir, que permitan el cómputo de datos a mayor velocidad y de los se obtengan información relevante, ahorrando costes y tiempo, ha propiciado la necesidad cada vez mayor de herramientas que permitan evaluar estos programas. En este contexto, el presente proyecto se centra en extender la herramienta sscheck. Sscheck permite la generación de casos de prueba basados en propiedades de programas escritos en Spark y Spark Streaming. Estos lenguajes forman parte de un mismo marco de código abierto para la computación distribuida en clúster. Dado que las pruebas basadas en propiedades generan datos aleatorios, es difícil reproducir los problemas encontrados en una cierta sesion; por ello, la extensión se centrará en cargar y guardar casos de test en disco mediante el muestreo de datos desde colecciones mayores.

Diseño y desarrollo de un servicio big data en la nube para búsqueda, compartición de ficheros y data mining

En esta memoria se presenta el diseño y desarrollo de una aplicación en la nube destinada a la compartición de objetos y servicios. El desarrollo de esta aplicación surge dentro del proyecto de I+D+i, SITAC: Social Internet of Things – Apps by and for the Crowd ITEA 2 11020, que trata de crear una arquitectura integradora y un “ecosistema” que incluya plataformas, herramientas y metodologías para facilitar la conexión y cooperación de entidades de distinto tipo conectadas a la red bien sean sistemas, máquinas, dispositivos o personas con dispositivos móviles personales como tabletas o teléfonos móviles. El proyecto innovará mediante la utilización de un modelo inspirado en las redes sociales para facilitar y unificar las interacciones tanto entre personas como entre personas y dispositivos. En este contexto surge la necesidad de desarrollar una aplicación destinada a la compartición de recursos en la nube que pueden ser tanto lógicos como físicos, y que esté orientada al big data. Ésta será la aplicación presentada en este trabajo, el “Resource Sharing Center”, que ofrece un servicio web para el intercambio y compartición de contenido, y un motor de recomendaciones basado en las preferencias de los usuarios. Con este objetivo, se han usado tecnologías de despliegue en la nube, como Elastic Beanstalk (el PaaS de Amazon Web Services), S3 (el sistema de almacenamiento de Amazon Web Services), SimpleDB (base de datos NoSQL) y HTML5 con JavaScript y Twitter Bootstrap para el desarrollo del front-end, siendo Python y Node.js las tecnologías usadas en el back end, y habiendo contribuido a la mejora de herramientas de clustering sobre big data. Por último, y de cara a realizar el estudio sobre las pruebas de carga de la aplicación se ha usado la herramienta ApacheJMeter.

Arquitetura computacional para redes orgânicas e heterogêneas: plano de controle do sistema operacional swarm.

Computational Swarms (enxames computacionais), consistindo da integração de sensores e atuadores inteligentes no nosso mundo conectado, possibilitam uma extensão da info-esfera no mundo físico. Nós chamamos esta info-esfera extendida, cíber-física, de Swarm. Este trabalho propõe uma visão de Swarm onde dispositivos computacionais cooperam dinâmica e oportunisticamente, gerando redes orgânicas e heterogêneas. A tese apresenta uma arquitetura computacional do Plano de Controle do Sistema Operacional do Swarm, que é uma camada de software distribuída embarcada em todos os dispositivos que fazem parte do Swarm, responsável por gerenciar recursos, definindo atores, como descrever e utilizar serviços e recursos (como divulgá-los e descobrí-los, como realizar transações, adaptações de conteúdos e cooperação multiagentes). O projeto da arquitetura foi iniciado com uma revisão da caracterização do conceito de Swarm, revisitando a definição de termos e estabelecendo uma terminologia para ser utilizada. Requisitos e desafios foram identificados e uma visão operacional foi proposta. Esta visão operacional foi exercitada com casos de uso e os elementos arquiteturais foram extraídos dela e organizados em uma arquitetura. A arquitetura foi testada com os casos de uso, gerando revisões do sistema. Cada um dos elementos arquiteturais requereram revisões do estado da arte. Uma prova de conceito do Plano de Controle foi implementada e uma demonstração foi proposta e implementada. A demonstração selecionada foi o Smart Jukebox, que exercita os aspectos distribuídos e a dinamicidade do sistema proposto. Este trabalho apresenta a visão do Swarm computacional e apresenta uma plataforma aplicável na prática. A evolução desta arquitetura pode ser a base de uma rede global, heterogênea e orgânica de redes de dispositivos computacionais alavancando a integração de sistemas cíber-físicos na núvem permitindo a cooperação de sistemas escaláveis e flexíveis, interoperando para alcançar objetivos comuns.

Monitoring and Prevention the Smart Cities

Nowadays, the intensive use of Technology Information (TI) provide solutions to problems of the high population density, energy conservation and cities management. This produces a newest concept of the city, Smart City. But the inclusion of TI in the city brings associated new problems, specifically the generation of electromagnetic fields from the available and new technological infrastructures installed in the city that did not exist before. This new scenario produces a negative effect on a particular group of the society, as are the group of persons with electromagnetic hypersensitivity pathology. In this work we propose a system that would allow you to detect and prevent the continuous exposure to such electromagnetic fields, without the need to include more devices or infrastructure which would only worsen these effects. Through the use of the architecture itself and Smart City services, it is possible to infer the necessary knowledge to know the situation of the EMF radiation and thus allow users to avoid the areas of greatest conflict. This knowledge, not only allows us to get EMF current map of the city, but also allows you to generate predictions and detect future risk situations.

Smart Sentinel: Monitoring and Prevention System in the Smart Cities

Today, faced with the constant rise of the Smart cities around the world, there is an exponential increase of the use and deployment of information technologies in the cities. The intensive use of Information Technology (IT) in these ecosystems facilitates and improves the quality of life of citizens, but in these digital communities coexist individuals whose health is affected developing or increasing diseases such as electromagnetic hypersensitivity. In this paper we present a monitoring, detection and prevention system to help this group, through which it is reported the rates of electromagnetic radiation in certain areas, based on the information that the own Smart City gives us. This work provides a perfect platform for the generation of predictive models for detection of future states of risk for humans.

Comunicazioni basate su onde millimetriche per sistemi 5G

Le comunicazioni wireless di Quinta Generazione, le quali è assodato che vadano a ricoprire un ruolo chiave e centrale nel futuro delle comunicazioni mobili, hanno suscitato l’interesse e l’investigazione da parte delle maggiori organizzazioni ed enti di ricerca internazionali. Internet of Things, i cosiddetti Use Cases, gli indici KPI e le tecnologie candidate per lo sviluppo, sono tra gli altri, i maggiori aspetti su cui attualmente la ricerca pone la propria attenzione al fine di poter definire ed implementare la rete di Quinta Generazione. Non da meno, ricevono forte interesse anche una serie d’aspetti legati all’utilizzo delle elevate frequenze, in particolar modo le bande delle onde millimetriche, nello sviluppo delle comunicazioni per sistemi 5G. L’utilizzo delle onde millimetriche nel futuro delle comunicazioni mobili è ad oggi considerato il fulcro della ricerca per l’implementazione dell’ architettura di rete di Quinta Generazione. Lo sviluppo di comunicazioni basate sulle onde millimetriche per i sistemi 5G presentano sia delle opportunità ma anche importanti problematiche. Tra queste ultime, l’elevate attenuazioni registrate nelle bande delle onde millimetriche pongono severi limiti qualora si voglia stabilire una comunicazione a lungo raggio e tale è un aspetto critico che interesse fortemente i vari ambiti della ricerca per poter efficacemente porre le basi per il futuro della comunicazione mobile di Quinta Generazione.

Efficient Multi-hop Broadcast Data Dissemination in IoT and Smart Cities

Internet of Things (IoT) can be defined as a “network of networks” composed by billions of uniquely identified physical Smart Objects (SO), organized in an Internet-like structure. Smart Objects can be items equipped with sensors, consumer devices (e.g., smartphones, tablets, or wearable devices), and enterprise assets that are connected both to the Internet and to each others. The birth of the IoT, with its communications paradigms, can be considered as an enabling factor for the creation of the so-called Smart Cities. A Smart City uses Information and Communication Technologies (ICT) to enhance quality, performance and interactivity of urban services, ranging from traffic management and pollution monitoring to government services and energy management. This thesis is focused on multi-hop data dissemination within IoT and Smart Cities scenarios. The proposed multi-hop techniques, mostly based on probabilistic forwarding, have been used for different purposes: from the improvement of the performance of unicast protocols for Wireless Sensor Networks (WSNs) to the efficient data dissemination within Vehicular Ad-hoc NETworks (VANETs).

Efficient Data Management with Applications to IoT

The Internet of Things (IoT) consists of a worldwide “network of networks,” composed by billions of interconnected heterogeneous devices denoted as things or “Smart Objects” (SOs). Significant research efforts have been dedicated to port the experience gained in the design of the Internet to the IoT, with the goal of maximizing interoperability, using the Internet Protocol (IP) and designing specific protocols like the Constrained Application Protocol (CoAP), which have been widely accepted as drivers for the effective evolution of the IoT. This first wave of standardization can be considered successfully concluded and we can assume that communication with and between SOs is no longer an issue. At this time, to favor the widespread adoption of the IoT, it is crucial to provide mechanisms that facilitate IoT data management and the development of services enabling a real interaction with things. Several reference IoT scenarios have real-time or predictable latency requirements, dealing with billions of device collecting and sending an enormous quantity of data. These features create a new need for architectures specifically designed to handle this scenario, hear denoted as “Big Stream”. In this thesis a new Big Stream Listener-based Graph architecture is proposed. Another important step, is to build more applications around the Web model, bringing about the Web of Things (WoT). As several IoT testbeds have been focused on evaluating lower-layer communication aspects, this thesis proposes a new WoT Testbed aiming at allowing developers to work with a high level of abstraction, without worrying about low-level details. Finally, an innovative SOs-driven User Interface (UI) generation paradigm for mobile applications in heterogeneous IoT networks is proposed, to simplify interactions between users and things.

Legibility, privacy and creativity:linked data in a surveillance society

This paper looks at the issue of privacy and anonymity through the prism of Scott's concept of legibility i.e. the desire of the state to obtain an ever more accurate mapping of its domain and the actors in its domain. We argue that privacy was absent in village life in the past, and it has arisen as a temporary phenomenon arising from the lack of appropriate technology to make all life in the city legible. Cities have been the loci of creativity for the major part of human civilisation. There is something specific about the illegibility of cities which facilitates creativity and innovation. By providing the technology to catalogue and classify all objects and ideas around us, this leads to a consideration of semantic web technologies, Linked Data and the Internet of Things as unwittingly furthering this ever greater legibility. There is a danger that the over description of a domain will lead to a loss in creativity and innovation. We conclude by arguing that our prime concern must be to preserve illegibility because the survival of some form, any form, of civilisation depends upon it.

Sensing information modelling for smart city

Sensing technology is a key enabler of the Internet of Things (IoT) and could produce huge volume data to contribute the Big Data paradigm. Modelling of sensing information is an important and challenging topic, which influences essentially the quality of smart city systems. In this paper, the author discusses the relevant technologies and information modelling in the context of smart city and especially reports the investigation of how to model sensing and location information in order to support smart city development.

Computazione Embodied e Disembodied: Cloud-based IoT

La tesi esplora la co-esistenza di computazioni embodied e disembodied nei moderni sistemi software, adottando come caso di studio il recente trend che vede sempre più coesi e integrati sistemi per l'Internet of Things e sistemi Cloud-based. Si analizzano i principali modelli di comunicazione, protocolli di comunicazione e architetture situate. Inoltre si realizza una piattaforma IoT Middleware cloud-based per mostrare come la computazione possa essere distribuita lato embodied e disembodied.

Sensor IoT para monitorización de consumo de energía en continua

Hoy en día la mayor parte de los sensores de energía IoT (Internet of Things) están orientados a la medida de corriente alterna (AC). No son aptos para monitorizar equipos que no estén conectados a la red eléctrica (baterías, paneles fotovoltaicos, etc.) o que formen parte de otros equipos más grandes y que estén situados detrás del transformador (ej. aceleradores de cómputo en supercomputadores). El presente trabajo tiene como objetivo principal construir un sistema, con una instalación sencilla y reducida, que permita la monitorización de consumo de dispositivos conectados a corriente continua. Toda la información recogida será mostrada a través de una interfaz web, que nos permitirá observar los cambios en el consumo en tiempo real con un intervalo de actualización especificado por el usuario. Además el sistema será robusto, con bajo coste de implementación y permitirá una alta escalabilidad, ya que el objetivo del proyecto es que sea escalable a nivel de centro de datos o institución.

Semantic Stream Processing for IoT Devices in the Food Safety Domain

Postprint

Comparison between SensibleThings and Kaa platform

With the Internet of Things becoming more and more popular, and a prediction that there will be more than 50 million devices connected to the Internet in 2020, the quantity of IoT platforms on the market is rapidly growing. Facing so many platforms to choose, the object of this thesis is to give some suggestions for reference by performing a quantitative comparison between two platforms: SensibleThings and Kaa. These two platforms have difference architectures so may suitable in different scenes. The comparison includes some measurement and evaluation under two designed scenarios and a general contrast in theory. Two scenarios cover cases of message delivery between two endpoints at different rates and multiple endpoints pushing log data continually. The result of measurement together with the theoretical analysis draw out the following conclusion. SensibleThings platform is more suitable for simple and small-scale message delivery between endpoints, like home environment with few devices. And Kaa platform is more suitable for large-scale and complicated application for data collection and processing, like meteorology field with huge amount of sensors and data.