Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

[Translate to English:] AG Codes und Kryptographie Show image information

[Translate to English:] AG Codes und Kryptographie

Securing the Financial Cloud (SFC)

Förderer Bundesministerium für Bildung und Forschung (BMBF)
Initiative Förderung von Forschungsinitiativen zum Sicheren Cloud Computing
Projektträger VDI/VDE
Förderkennzeichen 16KIS0062
Beginn 1.3.2014
Ende 27.2.2017
Partner Wincor Nixdorf
  arvato Bertelsmann
  janz IT
  Universität Paderborn

Project Goals

The SFC project aims at transferring highly sensitive financial services into the cloud, and implementing a prototype of a cloud architecture for such financial services. Achieving this goal requires an interdisciplinary approach represented by SFC's subprojects:

Cryptographic technologies

Identifying and analyzing relevant cryptographic primitives for the use in a financial cloud is a key aspect of this subproject. Based on the analysis, existing cryptographic schemes will be adapted and new schemes will be developed to match the requirements imposed by the financial cloud.

Optimized realization

This subproject aims at providing highly optimized hardware (e.g. FPGA) implementations of cryptographic schemes resultant from the previously described subproject. These implementations will be subject to extensive analyses of their resistance against side-channel attacks.

Security architecture

The financial cloud offers a highly complex infrastructure for financial services. Accordingly, special mechanisms and procedures demand high levels of security. This subproject focuses on how to specify security requirements, in particular with attribute-based cryptography in mind. Attribute-based cryptography is considered a key technology for the financial cloud. In addition to technological approaches to security, the socio-technical nature of the financial cloud requires consideration of human users, and thus, manual security processes.

Software architecture

The architecture for cloud infrastructure for financial services requires integration of the cloud solutions with standards and mechanisms, which have been established for decades in the financial sector. This integration is an important challenge that must be solved in order to achieve security and efficiency for the financial cloud.

"Codes and Cryptography"'s contribution to SFC

An important aspect of a secure cloud architecture for financial services is access control for sensitive data. In this project, attribute-based cryptography is the technology of choice to realize access control allowing for cryptographic enforcement of access structures based on attributes and policies. In contrast to classical approaches, with attribute-based encryption every user holds only one key and data needs to encrypted only once, while only users authorized to access the specific data can do so. This reduces the overhead in memory and key management and removes the need for an authority that grants access to data based on access control lists, which, in turn, simplifies processes required to achieve and maintain security.

In this project, the task of research group "Codes and Cryptography" is to develop efficient attribute-based schemes for the financial cloud and to analyze the security of such schemes. Besides efficiency and security, integration of higher level security processes is an important aspect of our work.

Cryptographic keys for the financial cloud need strong protection. For this task, special purpose hardware, like smart cards and hardware security modules (HSM), is used. Another aspect of our work is to identify bilinear pairings, as required by attribute-based schemes, to be implemented to efficiently run on such special purpose hardware.

Like other cloud systems, the financial cloud and its underlying infrastructure are subject to a potentially hostile environment. This opens up the system to side-channel attacks, i.e. leakage of information on cryptographic keys based on time or energy consumptions of concrete implementations of cryptographic schemes. Identifying side-channels is a challenging task as it requires consideration of combinations of hardware and software. We will identify side-channels of aforementioned hardware implementations of bilinear pairings. Based on our findings, software we will develop countermeasures to prevent side-channel attacks.


Open list in Research Information System


Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations

J. Blömer, P. Günther, V. Krummel, N. Löken, in: Foundations and Practice of Security, Springer International Publishing, 2017, pp. 3-17

Searchable Encryption with Access Control

N. Löken, in: Proceedings of the 12th International Conference on Availability, Reliability and Security - ARES '17, ACM Press, 2017


Implementing Cryptographic Pairings on Accumulator Based Smart Card Architectures

P. Günther, V. Krummel, in: Mathematical Aspects of Computer and Information Sciences, Springer International Publishing, 2016, pp. 151-165


Singular Curve Point Decompression Attack

J. Blömer, P. Günther, in: 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), IEEE, 2016



Elektromagnetische Seitenkanalangriffe auf paarungsbasierte Kryptographie

B. Gerken, Master's thesis, Universität Paderborn, 2015

Evaluation of Pairing Optimization for Embedded Platforms

M. Sosniak, Master's thesis, Universität Paderborn, 2015


A Practical Second-Order Fault Attack against a Real-World Pairing Implementation

J. Blömer, R. Gomes da Silva, P. Günther, J. Krämer, J. Seifert, in: Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC), 2014, pp. 123--136

Several fault attacks against pairing-based cryptography have been described theoretically in recent years. Interestingly, none of these have been practically evaluated. We accomplished this task and prove that fault attacks against pairing-based cryptography are indeed possible and are even practical — thus posing a serious threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation of the eta pairing on an AVR XMEGA A1. We injected the first fault into the computation of the Miller Algorithm and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that allowed us to generate multiple independent faults in one computation. The setup implements these faults by clock glitches which induce instruction skips. With this setup we conducted the first practical fault attack against a complete pairing computation.

Constructing CCA-secure predicate encapsulation schemes from CPA-secure schemes and universal one-way hash functions

J. Blömer, G. Liske, 2014

We present a new transformation of chosen-plaintext secure predicate encryption schemes with public index into chosen-ciphertext secure schemes. Our construction requires only a universal one-way hash function and is selectively secure in the standard model. The transformation is not generic but can be applied to various existing schemes constructed from bilinear groups. Using common structural properties of these schemes we provide an efficient and simple transformation without overhead in form of one-time signatures or message authentication codes as required in the known generic transformations.

Fujisaki-Okamoto Transformation

J. Lippert, Bachelor's thesis, Universität Paderborn, 2014

Hiding software components using functional encryption

J. Jochheim, Master's thesis, Universität Paderborn, 2014

Tampering attacks in pairing-based cryptography

J. Blömer, P. Günther, G. Liske, in: Proceedings of Fault Tolerance and Diagnosis in Cryptography(FDTC), 2014, pp. 1--7

In the last decade pairings have become an important, and often indispensable, ingredient in the construction of identity-based and attribute-based cryptosystems, as well as group signatures and credential systems. Consequently, the applicability of timing, power, or fault attacks to implementations of pairings is an important research topic. We will review some of the known results in this area.


Direct Chosen-Ciphertext Secure Attribute-Based Key Encapsulations without Random Oracles

J. Blömer, G. Liske, 2013

We present a new technique to realize attribute-based encryption (ABE) schemes secure in the standard model against chosen-ciphertext attacks (CCA-secure). Our approach is to extend certain concrete chosen-plaintext secure (CPA-secure) ABE schemes to achieve more efficient constructions than the known generic constructions of CCA-secure ABE schemes. We restrict ourselves to the construction of attribute-based key encapsulation mechanisms (KEMs) and present two concrete CCA-secure schemes: a key-policy attribute-based KEM that is based on Goyal's key-policy ABE and a ciphertext-policy attribute-based KEM that is based on Waters' ciphertext-policy ABE. To achieve our goals, we use an appropriate hash function and need to extend the public parameters and the ciphertexts of the underlying CPA-secure encryption schemes only by a single group element. Moreover, we use the same hardness assumptions as the underlying CPA-secure encryption schemes.

Seitenkanalresistenz paarungsbasierter Kryptographie

O. Otte, Bachelor's thesis, Universität Paderborn, 2013


Attribute-basierte Verschlüsselung

P. Schleiter, Bachelor's thesis, Universität Paderborn, 2012


Fault attacks in pairing-based cryptography

G. Liske, Master's thesis, Universität Paderborn, 2011

Open list in Research Information System

The University for the Information Society