PriCloud

A privacy-preserving cloud-storage service

from 2015 to 2021

PriCloud is a research project supported by Baden-Württemberg Stiftung. The goal of this project is to design and evaluate a distributed file storage service that protects the privacy of their clients and founds a base for productive deployment.

Given that secret services obviously can demand the provider to give access to all available data and resources, we need a cloud-storage service that prevents providers from knowing who stores which data. In the best case the provider does not even know what operations are made on the data on access and by whom. However, business models require that there is still a way of providing revenue stream from the customer to the service provider. With this project, we propose to resolve this seemingly unsolvable contradiction.

Our design incorporates privacy and security from the beginning and is based on the latest developments in privacy enhancing technologies, following a security and privacy by design philosophy. As privacy protection often comes with overhead that contradicts scalability we do not only address the security of our system but also investigate the tradeoffs between the two and develop mechanisms to lessen this problem.

Inspired by Filecoin, we integrate a mechanism for anonymous payment into the storage service, incentivizing participation in our distributed cloud storage network and thus building the base for commercial businesses to participate as file storage providers.

Under the title PriCom and after expiration of funding, we further investigated the communication part of the project. The goal was the development of communication protocols that allow to preserve privacy when interacting with PriCloud, i.e. the blockchain and the cloud storage.

Related Publications

2021

Mödinger, D., Heß, A. and Hauck, F.J. 2021. Arbitrary Length k-Anonymous Dining-Cryptographers Communication. CoRR. abs/2103.17091, (Mar. 2021).
Dining-cryptographers networks (DCN) can achieve information-theoretical privacy. Unfortunately, they are not well suited for peer-to-peer networks as they are used in blockchain applications to disseminate transactions and blocks among par- ticipants. In previous but preliminary work, we proposed a three- phase approach with an initial phase based on a DCN with a group size of k while later phases take care of the actual broadcast within a peer-to-peer network. This paper describes our DCN protocol in detail and adds a performance evaluation powered by our proof-of-concept implementation. Our contributions are (i) an extension of the DCN protocol by von Ahn for fair delivery of arbitrarily long messages sent by potentially multiple senders, (ii) a privacy and security analysis of this extension, (iii) various performance optimisation especially for best-case operation, and (iv) a performance evaluation. The latter uses a latency of 100 ms and a bandwidth limit of 50 Mbit s−1 between participants. The interquartile range of the largest test of the highly secured version took 35s ± 1.25s for a full run. All tests of the optimized common-case mode show the dissemination of a message within 0.5s ± 0.1s. These results compare favourably to previously established protocols for k-anonymous transmission of fixed size messages, outperforming the original protocol for messages as small as 2 KiB.
Mödinger, D., Dispan, J. and Hauck, F.J. 2021. Shared-Dining: Broadcasting Secret Shares using Dining-Cryptographers Groups. CoRR. abs/2104.03032, (2021).
A k-anonymous broadcast can be implemented using a small group of dining cryptographers to first share the message, followed by a flooding phase started by group members. Members have little incentive to forward the message in a timely manner, as forwarding incurs costs, or they may even profit from keeping the message. In worst case, this leaves the true originator as the only sender, rendering the dining-cryptographers phase useless and compromising their privacy. We present a novel approach using a modified dining-cryptographers protocol to distributed shares of an (n,k)-Shamir's secret sharing scheme. Finally, all group members broadcast their received share through the network, allowing any recipient of k shares to reconstruct the message, enforcing anonymity. If less than k group members broadcast their shares, the message cannot be decoded thus preventing privacy breaches for the originator. Our system provides (n-|attackers|)-anonymity for up to k-1 attackers and has little performance impact on dissemination. We show these results in a security analysis and performance evaluation based on a proof-of-concept prototype. Throughput rates between 10 and 100 kB/s are enough for many real applications with high privacy requirements, e.g., financial blockchain system.
Mödinger, D., Dispan, J. and Hauck, F.J. 2021. Shared-Dining: Broadcasting Secret Shares Using Dining-Cryptographers Groups. Distributed Applications and Interoperable Systems – DAIS (2021), 83–98.
We introduce a combination of Shamir's secret sharing and dining-cryptographers networks, which provides (n-|attackers|))-anonymity for up to k-1 attackers and has manageable performance impact on dissemination. A k-anonymous broadcast can be implemented using a small group of dining cryptographers to first share the message, followed by a flooding phase started by group members. Members have little incentive to forward the message in a timely manner, as forwarding incurs costs, or they may even profit from keeping the message. In worst case, this leaves the true originator as the only sender, rendering the dining-cryptographers phase useless and compromising their privacy. We present a novel approach using a modified dining-cryptographers protocol to distributed shares of an (n, k)-Shamir's secret sharing scheme. All group members broadcast their received share through the network, allowing any recipient of k shares to reconstruct the message, enforcing anonymity. If less than k group members broadcast their shares, the message cannot be decoded thus preventing privacy breaches for the originator. We demonstrate the privacy and performance results in a security analysis and performance evaluation based on a proof-of-concept prototype. Throughput rates between 10 and 100 kB/s are enough for many real applications with high privacy requirements, e.g., financial blockchain system.
Mödinger, D.J. 2021. Broadcast privacy for blockchains. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.

2020

Mödinger, D., Lorenz, J.-H., van der Heijden, R.W. and Hauck, F.J. 2020. Unobtrusive monitoring: Statistical dissemination latency estimation in Bitcoin’s peer-to-peer network. PLOS ONE. 15, 12 (Dec. 2020), 1–21.
The cryptocurrency system Bitcoin uses a peer-to-peer network to distribute new transactions to all participants. For risk estimation and usability aspects of Bitcoin applications, it is necessary to know the time required to disseminate a transaction within the network. Unfortunately, this time is not immediately obvious and hard to acquire. Measuring the dissemination latency requires many connections into the Bitcoin network, wasting network resources. Some third parties operate that way and publish large scale measurements. Relying on these measurements introduces a dependency and requires additional trust. This work describes how to unobtrusively acquire reliable estimates of the dissemination latencies for transactions without involving a third party. The dissemination latency is modelled with a lognormal distribution, and we estimate their parameters using a Bayesian model that can be updated dynamically. Our approach provides reliable estimates even when using only eight connections, the minimum connection number used by the default Bitcoin client. We provide an implementation of our approach as well as datasets for modelling and evaluation. Our approach, while slightly underestimating the latency distribution, is largely congruent with observed dissemination latencies.
Mödinger, D., Fröhlich, N. and Hauck, F.J. 2020. Pixy: A Privacy-Increasing Group Creation Scheme. 9th Int. Conf. on Netw., Comm. & Comp. – ICNCC (Tokyo, Japan, 2020), 118–124.
Modern peer-to-peer networks provide a lot of value. However, as the networks handle more and more sensitive data, e.g. in cryptocurrencies, privacy becomes an issue. Several approaches to provide efficient privacy to network participants rely on group formation with little or no regard to the privacy impact of how groups are created. Group creation is often based on random selection, which can easily be highjacked by attackers. We propose Pixy, an extensible, component-based scheme to increase privacy during group formation stages beyond current approaches. Our scheme provides a two-stage setup for group formation. First, a selection based on personal and network-wide collaboration lists reduces the attack surface for group initiators. Second, a testing phase based on cryptographic puzzles and, for suitable contexts, CAPTCHAs sort out Sybil attackers. We show that this scheme improves the current state of privacy in group-creation processes.

2019

Kopp, H., Mödinger, D., Hauck, F.J. and Kargl, F. 2019. Cryptographic design of PriCloud, a privacy-preserving decentralized storage with remuneration. IEEE Trans. on Dep. and Sec. Comp. 18, 4 (2019), 1908–1919.
Over the last years, demand for file hosting has sky-rocketed due to cost reductions and availability of services. However, centralized providers have a negative impact on the privacy of their users, since they are able to read and collect various data about their users and even link it to their identity via their payments. On the other hand, decentralized storage solutions like GNUnet suffer from a lack of participation by providers, since there is no feasible business model. We propose PriCloud, a decentralized storage system which allows users to pay their storage providers without sacrificing their privacy by employing anonymous storage smart contracts and private payments on a blockchain. We are able to provide privacy to the users and storage providers, and unlinkability between users and files. Our system offers decentralized file storage including strong privacy guarantees and built-in remuneration for storage providers.

2018

Mödinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. A Flexible Network Approach to Privacy of Blockchain Transactions. 38th IEEE Int. Conf. on Distrib. Comp. Sys. (Vienna, Jul. 2018), 1486–1491.
For preserving privacy, blockchains can be equipped with dedicated mechanisms to anonymize participants. How- ever, these mechanism often take only the abstraction layer of blockchains into account whereas observations of the underlying network traffic can reveal the originator of a transaction request. Previous solutions either provide topological privacy that can be broken by attackers controlling a large number of nodes, or offer strong and cryptographic privacy but are inefficient up to practical unusability. Further, there is no flexible way to trade privacy against efficiency to adjust to practical needs. We propose a novel approach that combines existing mechanisms to have quantifiable and adjustable cryptographic privacy which is further improved by augmented statistical measures that prevent frequent attacks with lower resources. This approach achieves flexibility for privacy and efficency requirements of different blockchain use cases.
Mödinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. Towards Enhanced Network Privacy for Blockchains. Short research statement for the DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB) (Luxemburg, Jun. 2018).
Privacy aspects of blockchains have gained attention as the log of transactions can be view by any interested party. Privacy mechanisms applied to the ledger can be undermined by attackers on the network level, resulting in deanonymization of the transaction senders. We discuss current approaches to this problem, e.g. Dandelion, sketch our own approach to provide even stronger privacy mechanisms and discuss the challenges and open questions for further research in this area.
Kopp, H.J.G. 2018. A privacy-preserving decentralized storage with payments based on a blockchain. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.

2017

Kopp, H., Mödinger, D., Hauck, F.J., Kargl, F. and Bösch, C. 2017. Design of a Privacy-Preserving Decentralized File Storage with Financial Incentives. IEEE Sec. & Priv. on the Blockch. (aff. w/ EUROCRYPT) (Paris, 2017).
Surveys indicate that users are often afraid to entrust data to cloud storage providers, because these do not offer sufficient privacy. On the other hand, peer-2-peer–based privacy-preserving storage systems like Freenet suffer from a lack of contribution and storage capacity, since there is basically no incentive to contribute own storage capacity to other participants in the network. We address these contradicting requirements by a design which combines a distributed storage with a privacy-preserving blockchain-based payment system to create incentives for participation while maintaining user privacy. By following a Privacy-by-Design strategy integrating privacy throughout the whole system life cycle, we show that it is possible to achieve levels of privacy comparable to state-of-the-art distributed storage technologies, despite integrating a payment mechanism. Our results show that it is possible to combine storage contracts and payments in a privacy-preserving way. Further, our system design may serve as an inspiration for future similar architectures.