Ghassan Karame

Ghassan Karame
Ruhr-Universität Bochum | RUB · Faculty of Computer Science

PhD in Computer Science

About

93
Publications
57,607
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
4,090
Citations
Additional affiliations
October 2016 - present
NEC Laboratories Europe
Position
  • Head of Department
August 2016 - present
NEC Laboratories Europe
Position
  • Chief Researcher
April 2012 - present
NEC Laboratories Europe
Position
  • Senior Researcher
Education
April 2007 - October 2011
ETH Zurich
Field of study
  • System Security

Publications

Publications (93)
Preprint
The wide success of Bitcoin has led to a huge surge of alternative cryptocurrencies (altcoins). Most altcoins essentially fork Bitcoin's code with minor modifications, such as the number of coins to be minted, the block size, and the block generation time. As such, they are often deemed identical to Bitcoin in terms of security, robustness, and mat...
Preprint
Permissionless blockchains such as Bitcoin have long been criticized for their high computational and storage overhead. Unfortunately, while a number of proposals address the energy consumption of existing Proof-of-Work deployments, little attention has been given so far to remedy the storage overhead incurred by those blockchains. In fact, it seem...
Preprint
In spite of their popularity, developing secure smart contracts remains a challenging task. Existing solutions are either impractical as they do not support many complex real-world contracts or leave the burden to developers for fixing bugs. In this paper, we propose the first practical smart contract compiler, called HCC, which automatically inser...
Preprint
Full-text available
Scalability remains one of the biggest challenges to the adoption of permissioned blockchain technologies for large-scale deployments. Permissioned blockchains typically exhibit low latencies, compared to permissionless deployments -- however at the cost of poor scalability. Various solutions were proposed to capture "the best of both worlds", targ...
Chapter
During the industry day of ICIAM 2019, we presented a novel blockchain architecture devised specifically to meet industrial standards. In this paper, we detail our proposal and discuss its advantages over existing blockchain proposals. Our proposal features a scalable and novel consensus protocol based on BFT consensus and leverages the notion of s...
Preprint
Full-text available
Side-channel vulnerabilities of Intel SGX is driving the research community towards designing low-overhead detection tools. The ones available to date are grounded on the observation that attacks affect the performance of the victim application (in terms of runtime, enclave interruptions, etc.), so they monitor the potential victim and raise an ala...
Article
Proof of Stake (PoS) blockchain protocols emerged as a promising alternative to the largely energy-wasteful Proof of Work mechanisms currently in place. In contrast to computing power, however, stake is a virtual resource that can be replicated or reused, opening the door to attack vectors that have no counterpart in a PoW setting, and are much har...
Preprint
Full-text available
Recent studies have shown that federated learning (FL) is vulnerable to poisoning attacks which aim at injecting a backdoor into the global model. These attacks are effective, even when performed by a single client, and undetectable by most existing defensive techniques. In this paper, we propose a novel defense, dubbed BaFFLe---Backdoor detection...
Preprint
Full-text available
Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant patching is especially important since smart contracts are always online due to the distributed nature of blockchain...
Article
Full-text available
This is the preface to a special issue in the journal Royal Society Open Science, themed around blockchain technology. Since this is still an emergent and interdisciplinary field, we first provide a gentle introduction into that larger topic. Then, we discuss why this technology has been criticized for not being energy-efficient. Next, we provide a...
Preprint
Full-text available
The Internet of Things (IoT) bears unprecedented security and scalability challenges due to the magnitude of data produced and exchanged by IoT devices and platforms. Some of those challenges are currently being addressed by coupling IoT applications with blockchains. However, current blockchain-backed IoT systems simply use the blockchain to store...
Article
Existing Byzantine fault tolerant (BFT) storage solutions that achieve strong consistency and high availability, are costly compared to solutions that tolerate simple crashes. This cost is one of the main obstacles in deploying BFT storage in practice. In this paper, we present PoWerStore, a robust and efficient data storage protocol. PoWerStore's...
Preprint
Full-text available
Recently, a number of existing blockchain systems have witnessed major bugs and vulnerabilities within smart contracts. Although the literature features a number of proposals for securing smart contracts, these proposals mostly focus on proving the correctness or absence of a certain type of vulnerability within a contract, but cannot protect deplo...
Preprint
Full-text available
Deep Learning (DL) has been shown to be particularly vulnerable to adversarial samples. To combat adversarial strategies, numerous defenses have been proposed in the literature. Among these, feature squeezing emerges as an effective defense by reducing unnecessary features without changing the DL model. However, feature squeezing is a static defens...
Preprint
Full-text available
With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). Although the integration of SGX within the cloud considerably strengthens the threat model for cloud applications, the current model to deploy and provisio...
Article
Proofs of Retrievability (POR) are cryptographic proofs that enable a cloud provider to prove that a user can retrieve his file in its entirety. POR need to be frequently executed by the user to ensure that their files stored in the cloud can be fully retrieved at any point in time. To conduct and verify POR, users need to be equipped with devices...
Article
The blockchain emerged as a novel distributed consensus scheme that allows transactions, and any other data, to be securely stored and verified without the need of any centralized authority. Distributed trust and therefore security and privacy are at the core of the blockchain technologies, and have the potential to either make them a success or ca...
Article
Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to the notion of shared ownership. This can be a significant limitation in many collaborations because, for exa...
Article
Motivated by the great success and adoption of Bitcoin, a number of cryptocurrencies such as Litecoin, Dogecoin, and Ethereum are becoming increasingly popular. Although existing blockchain-based cryptocurrency schemes can ensure reasonable security for transactions, they do not consider any notion of fairness. Fair exchange allows two players to e...
Conference Paper
The use and prevalence of cloud and large-scale computing infrastructures is increasing. They are projected to be a dominant trend in computing for the foreseeable future: major cloud operators are now estimated to house millions of machines each and to host substantial (and growing) fractions of corporate and government IT and web infrastructure....
Conference Paper
Full-text available
Proof-of-Stake (PoS) protocols have been actively researched for the past five years. PoS finds direct applicability in open blockchain platforms and has been seen as a strong candidate to replace the largely inefficient Proof of Work mechanism that is currently plugged in most existing open blockchains. Although a number of PoS variants have been...
Conference Paper
Full-text available
Proofs of Retrievability (POR) are cryptographic proofs which provide assurance to a single tenant (who creates tags using his secret material) that his files can be retrieved in their entirety. However, POR schemes completely ignore storage-efficiency concepts, such as multi-tenancy and data deduplication, which are being widely utilized by existi...
Conference Paper
Full-text available
The blockchain emerges as an innovative tool that has the potential to positively impact the way we design a number of online applications today. In many ways, the blockchain technology is, however, still not mature enough to cater for industrial standards. Namely, existing Byzantine tolerant permission-based blockchain deployments can only scale t...
Conference Paper
End-to-end security in the cloud has gained even more importance after the outbreak of data breaches and massive surveillance programs around the globe last year. While the community features a number of cloud-based security mechanisms, existing solutions either provide security at the expense of the economy of scale and cost effectiveness of the c...
Article
Full-text available
Recent news reveal a powerful attacker which breaks data confidentiality by acquiring cryptographic keys, by means of coercion or backdoors in cryptographic software. Once the encryption key is exposed, the only viable measure to preserve data confidentiality is to limit the attacker’s access to the ciphertext. This may be achieved, for example, by...
Article
Full-text available
The surging interest in blockchain technology has revitalized the search for effective Byzantine consensus schemes. In particular, the blockchain community has been looking for ways to effectively integrate traditional Byzantine fault-tolerant (BFT) protocols into a blockchain consensus layer allowing various financial institutions to securely agre...
Conference Paper
Most existing cloud storage providers rely on data deduplication in order to significantly save storage costs by storing duplicate data only once. While the literature has thoroughly analyzed client-side information leakage associated with the use of data deduplication techniques in the cloud, no previous work has analyzed the information leakage a...
Conference Paper
The blockchain emerges as an innovative tool which proves to be useful in a number of application scenarios. A number of large industrial players, such as IBM, Microsoft, Intel, and NEC, are currently investing in exploiting the blockchain in order to enrich their portfolio of products. A number of researchers and practitioners speculate that the b...
Conference Paper
Full-text available
Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have not recei...
Article
Full-text available
Software-defined networking (SDN) eases network management by centralizing the control plane and separating it from the data plane. The separation of planes in SDN, however, introduces new vulnerabilities in SDN networks, since the difference in processing packets at each plane allows an adversary to fingerprint the network's packet-forwarding logi...
Article
Full-text available
Motivated by the great success and adoption of Bitcoin, a number of cryptocurrencies such as Litecoin, Dogecoin, and Ethereum are becoming increasingly popular. Although existing blockchain-based cryptocurrency schemes can ensure reasonable security for transactions, they do not consider any notion of fairness. Fair exchange allows two players to e...
Article
NLE's Secure De-duplicated Multi-Cloud Storage is the future of primary storage. This solution combines the use of multiple public cloud storage services with fast local access to cached data, data deduplication, and enhanced security and reliability at very low costs. By doing so, this solution is ideal for enterprise customers as well as governme...
Article
Full-text available
Software-defined networking (SDN) eases network management by centralizing the control plane and separating it from the data plane. The separation of planes in SDN, however, introduces new vulnerabilities in SDN networks since the difference in processing packets at each plane allows an adversary to fingerprint the network's packet-forwarding logic...
Conference Paper
While the revolutionary cloud computing paradigm offers substantial benefits to businesses, recent data breaches and the lack of dedicated end-to-end security solutions refrain the rapid adoption of this technology. The TREDISEC project aims at increasing trust in cloud computing by designing new security primitives ensuring data security and user...
Article
The smart grid leverages infrastructural support to achieve fine-grained power consumption monitoring in an attempt to offer higher efficiency, reliability, and security. Such functionality, however, requires the collection of fine-grained usage data which may raise serious concerns with respect to consumer privacy. Thus far, existing work has sole...
Conference Paper
Full-text available
Given the increasing adoption of Bitcoin, the number of transactions and the block sizes within the system are only expected to increase. To sustain its correct operation in spite of its ever-increasing use, Bitcoin implements a number of necessary optimizations and scalability measures. These measures limit the amount of information broadcast in t...
Conference Paper
Cloud storage providers such as Dropbox and Google drive heavily rely on data deduplication to save storage costs by only storing one copy of each uploaded file. Although recent studies report that whole file deduplication can achieve up to 50% storage reduction, users do not directly benefit from these savings-as there is no transparent relation b...
Conference Paper
Sensors require frequent over-the-air reprogramming to patch software errors, replace code, change sensor configuration, etc. Given their limited computational capability, one of the few workable techniques to secure code update in legacy sensors would be to execute Proofs of Secure Erasure (PoSE) which ensure that the sensor’s memory is purged bef...
Conference Paper
Full-text available
Ripple is a payment system and a digital currency which evolved completely independently of Bitcoin. Although Ripple holds the second highest market cap after Bitcoin, there are surprisingly no studies which analyze the provisions of Ripple. In this paper, we study the current deployment of the Ripple payment system. For that purpose, we overview t...
Article
Full-text available
Bitcoin is a decentralized payment system that relies on Proof-of-Work (PoW) to resist double-spending through a distributed timestamping service. To ensure the operation and security of Bitcoin, it is essential that all transactions and their order of execution are available to all Bitcoin users. Unavoidably, in such a setting, the security of tra...
Conference Paper
Full-text available
Cloud storage platforms promise a convenient way for users to share files and engage in collaborations, yet they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because, for example, one owne...
Conference Paper
Sharing network resources with user groups, divisions, or even other companies in software defined networking promises better network utilization. Resource sharing is effectively realized by empowering these tenants at the control plane with permissions for administrating network components. However, since the network resources at the data plane ar...
Article
Many of the challenges that city planners face require the cooperation of different government agencies. The scope of the problems requires the involvement of diverse groups -who may have conflicting practices or agendas. In order to launch a coordinated response, different arms of the government, with different security clearance, must contribute...
Conference Paper
Full-text available
Lightweight Bitcoin clients are gaining increasing adoption among Bitcoin users, owing to their reduced resource and bandwidth consumption. These clients support a simplified payment verification (SPV) mode as they are only required to download and verify a part of the block chain---thus supporting the usage of Bitcoin on constrained devices, such...
Article
The smart-grid is gaining increasing attention nowadays, owing to its premise to offer increased reliability, performance, and a balanced utilization of energy. However, the current design of smart-grids raises serious concerns with respect to the privacy and anonymity of users. Thus far, the literature has solely focused on the problem of privatel...
Article
Full-text available
Proofs of Retrievability (POR) are cryptographic proofs that enable a cloud provider to prove that a user can retrieve his file in its entirety. POR need to be frequently executed by the user to ensure that their files stored on the cloud can be fully retrieved at any point in time. To conduct and verify POR, users need to be equipped with devices...
Article
Based on the OpenFlow model, we propose an access control scheme for SDN controllers. Our scheme accounts for the different network resources, multiple security requirements, conflicts originating from the reconfiguration of network components, and the delegation of access permissions.
Conference Paper
Full-text available
Bitcoin is gaining increasing adoption and popularity nowadays. In spite of its reliance on pseudonyms, Bitcoin raises a number of privacy concerns due to the fact that all of the transactions that take place in the system are publicly announced. The literature contains a number of proposals that aim at evaluating and enhancing user privacy in Bitc...
Article
Full-text available
Bitcoin has achieved popularity by promising users a fully decentralized, low-cost virtual currency system. A limited set of entities controls Bitcoin's services, decision-making, mining, and incident resolution processes. These entities can decide Bitcoin's fate, bypassing the will of the multitude of users that populate the network. Bitcoin has l...
Article
In this article, we propose a new micropayment model for nonspecialized commodity web-services based on microcomputations. In our model, a user that wishes to access online content (offered by a website) does not need to register or pay to access the website; instead, he will accept to run microcomputations on behalf of the service provider in exch...
Conference Paper
Full-text available
Location-based services are increasingly used in our daily activities. In current services, users however have to give up their location privacy in order to acquire the service. The literature features a large number of contributions which aim at enhancing user privacy in location-based services. Most of these contributions obfuscate the locations...
Article
Full-text available
Although cloud storage platforms promise a convenient way for users to share files and engage in collaborations, they require all files to have a single owner who unilaterally makes access control decisions. Existing clouds are, thus, agnostic to shared ownership. This can be a significant limitation in many collaborations because one owner can, fo...
Article
While public clouds are widely used for flexible deployment of online services such as video on demand, email, file sharing, etc., most enterprises still shy away from outsourcing sensitive data to public clouds because of security issues associated with storing data within a potentially untrusted cloud provider. In this paper, we explore the solut...
Conference Paper
End-to-end network measurement tools are gaining increasing importance in many Internet services. These tools were designed, however, without prior security consideration which renders their extracted network estimates questionable, given the current adversarial Internet. In this paper, we highlight the major security vulnerabilities of existing en...
Conference Paper
Full-text available
Conference Paper
Bitcoin is quickly emerging as a popular digital payment system. However, in spite of its reliance on pseudonyms, Bitcoin raises a number of privacy concerns due to the fact that all of the transactions that take place are publicly announced in the system. In this paper, we investigate the privacy provisions in Bitcoin when it is used as a primary...
Conference Paper
The smart-grid is gaining increasing attention nowadays, owing to its premise to offer increased reliability and performance. However, the current design of smart-grids raises serious concerns with respect to the privacy and anonymity of users. In this paper, we address the problem of enhancing the privacy of users in the smart grid throughout the...
Article
Bring Your Own Device (BYOD) is attracting considerable attention nowadays. In BYOD scenarios, enterprises wish to integrate their employees' mobile devices in enterprise operations (e.g., reading emails, editing documents). This clearly raises serious security concerns since the mobile device in question is not under the control of the enterprise...
Article
The packet-pair technique is a widely adopted method to estimate the capacity of a path. The use of the packet-pair technique has been suggested in numerous applications including network management and end-to-end admission control. Recent observations also indicate that this technique can be used to fingerprint Internet paths. However, given that...
Article
Full-text available
Existing Byzantine fault tolerant (BFT) storage solutions that achieve strong consistency and high availability, are costly compared to solutions that tolerate simple crashes. This cost is one of the main obstacles in deploying BFT storage in practice. In this paper, we present PoWerStore, a robust and efficient data storage protocol. PoWerStore's...