Commissariat à l’énergie atomique et aux énergies alternatives Institut List | CEA Saclay bâtiment 565- PC 65-91191 Gif-sur-Yvette Cedex
T. +33 1 01 69 08 98 20 www-list.cea.fr
Établissement public à caractère industriel et commercial | RCS Paris B 775 685 019
DRT/LIST/UAF
Internship Topic
Titre: Implementation of a Blockchain Protocol for the Securisation of Confidential Data on the Cloud
Context:
Cloud-backed file systems are becoming more and more popular because of the advantages in scalability and availability that cloud storage provides. Typically, a coordination service implements the file system functionality by calling the back-end clouds to store and retrieve files.1 Besides authenticating the users of the system, this coordination service synchronizes the operations on the back-end clouds in order to guarantee a consistent shared storage.
Storing sensitive data on such file systems poses some security and availability issues. On the one hand, outsourcing the storage to a back-end cloud increases the attack surface of the system, this is, the number of points at which an attacker could attempt to enter data to or extract data from the system. On the other hand, the coordination service may become a single point of failure that may stop the entire system if it fails. In order to overcome these issues, the system needs to implement end-to-end encryption2 (which ensures that data is encrypted with keys that remain under the control of the user) and state machine replication3 (which ensures availability and synchronization via some Byzantine fault-tolerant4 distributed algorithm).
However, if the coordination service gets to be compromised by an attacker, then it could deliver stale data, this is, obsolete data that is not at its latest version but which looks valid to users since it is encrypted with the user-controlled keys. In order to prevent this third issue, a blockchain-based solution could keep track of the latest version of the data. Blockchains were introduced by Satoshi Nakamoto a decade ago to backup Bitcoin5. A blockchain is an open- access ledger that provides an immutable, non-repudiable chain of transactions.
Objective:
The objective of this internship is to implement a prototype for a cloud-backed file system with end-to-end encryption. The system will use a coordination service that is deployed at different organisations, each of which will provide authentication and store metadata, and will coordinate one or more back-end cloud storages. The system has to enforce fault-tolerance and recovery
1 A. Bessani, R. Mendes, T. Oliveira, N. Neves, M. Correia, M. Pasin, and P. Verissimo. SCFS:
A shared cloud-backed file system. In 2014 USENIX Annual Technical Conference, pages 169–
180, USENIX Association, 2014.
2 https://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/, last access on 05/10/2020.
3 L. Lamport, The implementation of reliable distributed multiprocess systems. Computer Networks, 2(2):95–114, 1978.
4 M. Castro and B. Liskov. Practical Byzantine fault-tolerance and proactive recovery. ACM Transactions on Computer Systems, 20(4):398–461, 2002.
5 S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008.
https://bitcoin.org/bitcoin.pdf, last access on 05/10/2020.
under the assumption that both the coordination service and the cloud storage could be compromised by an external attacker. For this purpose, a blockchain protocol has to be developed that stores checkpoints of the shared data and runs along with the system.
A high-level specification of the distributed algorithms used will be available and given to the intern.
The candidate will join the Laboratory for Trustworthy, Smart and Self-Organizing Information Systems (LICIA) at CEA LIST.
Methodology:
The intern will have the following responsibilities:
(1) prepare a state-of-the-art on end-to-end encrypted file sharing on the cloud;
(2) familiarise with the high-level specification of the algorithms that will be available and with the different components of the system;
(3) implement the system in Python;
(4) test the implementation for correctness with respect to the specification, and run comparative tests with respect to other existing solutions;
(5) document the implementation.
Competences:
• Student of master 2 in Computer Science/Engineering.
• Knowledge about distributed programming.
• Knowledge about distributed systems.
• Knowledge about the blockchain technology is a plus.
• Good experience in programming (experience in Python is a plus).
Required domain speciality: Computer science
Other domain specialities, key words: distributed computing, cloud computing, fault tolerance, blockchain
Means used (experiences, methods of analyses, others...): programming
IT means used:
Languages: Python
Desired level: Bac + 4/5 Duration: 6 months
Level of defense clearance (minimum AS): AS Desired formation: Ingénieur/Master
Possibility of pursuing a PhD thesis: Yes
Internship place: CEA, Centre de Saclay Nano-Innov, 91191 Gif sur Yvette Contacts:
Álvaro García Pérez alvaro.garciaperez@cea.fr